Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Searchi-Milk.net


  • Please log in to reply
10 replies to this topic

#1 wrhatt

wrhatt

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 08 February 2012 - 07:26 PM

My computer just picked up something. When I do a google search www.search-milk.net will pop up briefly on my screen then redirect my browser to a web page I didn't click on. I did a system restore but it's still there. AVG will pop up that a black hole (?) threat was blocked. Yahoo search doesn't redirect. Any ideas?

Edited by wrhatt, 08 February 2012 - 07:27 PM.


BC AdBot (Login to Remove)

 


#2 Crashoveride420

Crashoveride420

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:11:02 PM

Posted 08 February 2012 - 08:01 PM

Sounds like a Google redirect Virus...

#3 4dude

4dude

  • Members
  • 578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:02 PM

Posted 08 February 2012 - 08:19 PM

Thats a pretty crappy search engine! (search-milk.net) I did 3/4 different searches and it found NOTHING!!


Have you tried a SYSTEM RESTORE wrhatt?? It might get rid of it from the reg..

Good luck!



EDIT:

I just saw you said you tried it and it didnt work :(

#4 wrhatt

wrhatt
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 08 February 2012 - 09:17 PM

Sounds like a Google redirect Virus...


Thank you. Now I can put a name with this problem. I searched this virus and see several different web sites that if I purchase their product will rid me of the virus. Do you know which ones actually work? Thanks again.

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:02 PM

Posted 08 February 2012 - 11:47 PM

Hello, I moved you to the Am I Infected forum as it appears you are.
Please run these,post the logs and tell me how it's running.

Are you on a router? Are other machines on it,if so are they redirecting?

Do you use Firefox?



Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.




Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.



If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.



Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1 <<<== Use this one first.

Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
[color=green]Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


Troubleshoot Malwarebytes' Anti-Malware
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 wrhatt

wrhatt
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 09 February 2012 - 10:13 AM

The infected computer is wired to a router. There is another computer that connects to the same router by wifi. It is currently off so I don’t know its status. There is also a WD back-up hard drive wired to the router. This computer has Firefox and Chrome browsers but I have to use IE8 for my work. It was running a Google search on IE8 when infected. I have run the requested scans with AVG Free 2012 shut off. TDSSKiller.exe ran on the 1st try and did not require a reboot. MBAM found 2 issues which it deleted and did require a re-boot. After the reboot, the redirect issue still exists. Thank you for helping, Bill.

MiniToolBox by Farbar Version: 18-01-2012
Ran by Bill (administrator) on 09-02-2012 at 09:13:43
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


94.63.147.22 www.google.com
94.63.147.23 www.bing.com


========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
Intel® 82566DC Gigabit Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : boss
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® 82566DC Gigabit Network Connection
Physical Address. . . . . . . . . : 00-16-76-BC-03-78
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.0.6
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 65.32.5.111
65.32.5.112
Lease Obtained. . . . . . . . . . : Thursday, February 09, 2012 8:59:39 AM
Lease Expires . . . . . . . . . . : Thursday, February 09, 2012 9:59:39 AM
Server: dns-redir-lb-01.tampabay.rr.com
Address: 65.32.5.111

Name: google.com
Addresses: 74.125.227.148, 74.125.227.144, 74.125.227.145, 74.125.227.146
74.125.227.147


Pinging google.com [74.125.227.145] with 32 bytes of data:

Reply from 74.125.227.145: bytes=32 time=35ms TTL=53
Reply from 74.125.227.145: bytes=32 time=33ms TTL=53

Ping statistics for 74.125.227.145:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 33ms, Maximum = 35ms, Average = 34ms
Server: dns-redir-lb-01.tampabay.rr.com
Address: 65.32.5.111

Name: yahoo.com
Addresses: 98.137.149.56, 98.139.183.24, 209.191.122.70, 72.30.2.43


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=36ms TTL=52
Reply from 209.191.122.70: bytes=32 time=60ms TTL=52

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 36ms, Maximum = 60ms, Average = 48ms
Server: dns-redir-lb-01.tampabay.rr.com
Address: 65.32.5.111

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 16 76 bc 03 78 ...... Intel® 82566DC Gigabit Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.6 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.0.6 192.168.0.6 20
192.168.0.0 255.255.255.0 192.168.0.6 192.168.0.6 10
192.168.0.6 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.0.255 255.255.255.255 192.168.0.6 192.168.0.6 10
224.0.0.0 240.0.0.0 192.168.0.6 192.168.0.6 10
255.255.255.255 255.255.255.255 192.168.0.6 192.168.0.6 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\wshbth.dll [108032] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/08/2012 10:55:16 PM) (Source: nview) (User: )
Description: failed to retrieve module name

Error: (02/08/2012 10:55:16 PM) (Source: nview) (User: )
Description: failed to retrieve module name

Error: (02/08/2012 10:55:16 PM) (Source: nview) (User: )
Description: failed to retrieve module name

Error: (02/08/2012 10:55:16 PM) (Source: nview) (User: )
Description: failed to retrieve module name

Error: (02/08/2012 10:55:14 PM) (Source: nview) (User: )
Description: failed to retrieve module name

Error: (02/08/2012 10:55:14 PM) (Source: nview) (User: )
Description: failed to retrieve module name

Error: (02/08/2012 10:54:58 PM) (Source: nview) (User: )
Description: failed to retrieve module name

Error: (02/08/2012 10:54:57 PM) (Source: nview) (User: )
Description: failed to retrieve module name

Error: (02/08/2012 10:54:57 PM) (Source: nview) (User: )
Description: failed to retrieve module name

Error: (02/08/2012 10:54:56 PM) (Source: nview) (User: )
Description: failed to retrieve module name


System errors:
=============
Error: (02/09/2012 07:08:28 AM) (Source: DCOM) (User: SYSTEM)
Description: The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register with DCOM within the required timeout.

Error: (02/09/2012 07:00:00 AM) (Source: Service Control Manager) (User: )
Description: The Intel® Quick Resume technology service terminated with the following error:
%%203

Error: (02/08/2012 08:00:03 PM) (Source: Service Control Manager) (User: )
Description: The Intel® Quick Resume technology service terminated with the following error:
%%203

Error: (02/08/2012 06:42:26 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).

Error: (02/08/2012 06:41:58 PM) (Source: Service Control Manager) (User: )
Description: The Intel® Quick Resume technology service terminated with the following error:
%%203

Error: (02/08/2012 07:04:08 AM) (Source: Service Control Manager) (User: )
Description: The Intel® Quick Resume technology service terminated with the following error:
%%203

Error: (02/07/2012 11:09:16 PM) (Source: Print) (User: Bill)
Description: The document 2130 CYPRESS CROSS DR owned by Bill failed to print on printer Brother HL-2070N series. Data type: NT EMF 1.008. Size of the spool file in bytes: 0. Number of bytes printed: 0. Total number of pages in the document: 0. Number of pages printed: 0. Client machine: \\BOSS. Win32 error code returned by the print processor: 2130 CYPRESS CROSS DR0. 2130 CYPRESS CROSS DR1

Error: (02/07/2012 04:23:11 PM) (Source: Service Control Manager) (User: )
Description: The Intel® Quick Resume technology service terminated with the following error:
%%203

Error: (02/07/2012 07:00:01 AM) (Source: Service Control Manager) (User: )
Description: The Intel® Quick Resume technology service terminated with the following error:
%%203

Error: (02/06/2012 07:02:48 AM) (Source: Service Control Manager) (User: )
Description: The Intel® Quick Resume technology service terminated with the following error:
%%203


Microsoft Office Sessions:
=========================
Error: (02/08/2012 10:55:16 PM) (Source: nview)(User: )
Description: failed to retrieve module name

Error: (02/08/2012 10:55:16 PM) (Source: nview)(User: )
Description: failed to retrieve module name

Error: (02/08/2012 10:55:16 PM) (Source: nview)(User: )
Description: failed to retrieve module name

Error: (02/08/2012 10:55:16 PM) (Source: nview)(User: )
Description: failed to retrieve module name

Error: (02/08/2012 10:55:14 PM) (Source: nview)(User: )
Description: failed to retrieve module name

Error: (02/08/2012 10:55:14 PM) (Source: nview)(User: )
Description: failed to retrieve module name

Error: (02/08/2012 10:54:58 PM) (Source: nview)(User: )
Description: failed to retrieve module name

Error: (02/08/2012 10:54:57 PM) (Source: nview)(User: )
Description: failed to retrieve module name

Error: (02/08/2012 10:54:57 PM) (Source: nview)(User: )
Description: failed to retrieve module name

Error: (02/08/2012 10:54:56 PM) (Source: nview)(User: )
Description: failed to retrieve module name


=========================== Installed Programs ============================

a la mode Vault (Version: 3.10)
ACI Desktop Additional Components (Version: 1.00.069)
Adobe Acrobat 4.0 (Version: 4.0)
Adobe ActiveShare 1.2
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 10 Plugin (Version: 10.3.181.34)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe PhotoDeluxe Home Edition 4.0 (Version: 4.0)
Adobe Reader X (10.1.2) (Version: 10.1.2)
Adobe Shockwave Player 11.6 (Version: 11.6.0.626)
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.96)
Apple Software Update (Version: 2.1.3.127)
ArcSoft MediaImpression for Kodak (Version: 2.0.24.761)
AVG 2012 (Version: 12.0.1913)
AVG 2012 (Version: 12.0.2112)
AVG 2012 (Version: 2012.0.1913)
BlackBerry Desktop Software 6.0.1 (Version: 6.0.1.18)
BlackBerry Device Software Updater (Version: 6.0.1.37)
Bonjour (Version: 3.0.0.10)
Brother HL-2070N (Version: 1.00)
Brother MFL-Pro Suite (Version: 1.00.000)
CardRecovery 5.30
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conexant D850 56K V.9x DFVc Modem
Dell Driver Download Manager (Version: 2.1.0.0)
Dell Resource CD (Version: 1.00.0000)
Garmin Lifetime Updater (Version: 2.0.12)
Garmin USB Drivers (Version: 2.3.0.0)
Garmin WebUpdater (Version: 2.5.1)
GemMaster Mystic
Google Chrome (Version: 17.0.963.46)
Google Earth Plug-in (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.99)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
Hotfix 2055 for SQL Server 2000 ENU (KB960082) (Version: 1)
Intel® PRO Network Connections (Version: )
Intel® Quick Resume Technology Drivers
Intel® Viiv™ Software (Version: 1.0.3.2019)
Internet Explorer (Enable DEP)
iTunes (Version: 10.5.0.142)
J2SE Runtime Environment 5.0 Update 6 (Version: 1.5.0.60)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 30 (Version: 6.0.300)
Junk Mail filter update (Version: 14.0.8117.416)
Kazoo Player
Linksys Wireless-G PCI Adapter
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft ActiveSync (Version: 4.5.5096.0)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.3 (Version: 2.0.2313.0)
Microsoft Office Outlook Connector (Version: 14.0.6106.5001)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server Desktop Engine (ALAMODE) (Version: 8.00.2039)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MobileMe Control Panel (Version: 3.1.6.0)
Mozilla Firefox 8.0.1 (x86 en-US) (Version: 8.0.1)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NVIDIA Control Panel 280.26 (Version: 280.26)
NVIDIA Drivers
NVIDIA Graphics Driver 280.26 (Version: 280.26)
NVIDIA Install Application (Version: 2.1000.25.170)
NVIDIA nView 135.94 (Version: 135.94)
NVIDIA nView Desktop Manager (Version: 6.14.10.13594)
NVIDIA Update 1.4.28 (Version: 1.4.28)
NVIDIA Update Components (Version: 1.4.28)
Otto
Pandora (Version: 2.0.5)
PC Pitstop Optimize 1.5 (Version: 1.5.10.9)
PDF-XChange 3
QuickBooks Pro 2006 (Version: )
QuickTime (Version: 7.70.80.34)
Safari (Version: 5.33.21.1)
SanctionedMedia
Segoe UI (Version: 14.0.4327.805)
SigmaTel Audio (Version: 5.10.4803.0)
Sonic Encoders (Version: 1.00)
Spotify (Version: 0.5.2)
Stellar Phoenix Photo Recovery v3.5
swMSM (Version: 12.0.0.1)
TOTAL 2011 (Version: 6.100.0075)
Unity Web Player (Version: )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update for Windows XP (KB978207) (Version: 1)
Update Rollup 2 for Windows XP Media Center Edition 2005
WD Anywhere Backup
WebFldrs XP (Version: 9.50.7523)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB894476
Windows Media Player 11
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Memory info: ===================================

Percentage of memory in use: 24%
Total physical RAM: 3069.85 MB
Available physical RAM: 2321.58 MB
Total Pagefile: 4954.93 MB
Available Pagefile: 4212.07 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.03 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:228.12 GB) (Free:136.17 GB) NTFS
4 Drive f: (PAM'S IPOD) (Removable) (Total:0.94 GB) (Free:0.05 GB) FAT32
5 Drive x: (Download) (Network) (Total:928.3 GB) (Free:839.03 GB) NTFS
6 Drive y: (Public) (Network) (Total:928.3 GB) (Free:839.03 GB) NTFS

========================= Users: ========================================

User accounts for \\BOSS

Administrator ASPNET Bill
Guest HelpAssistant SUPPORT_388945a0
UpdatusUser


**** End of log ****









09:17:16.0562 4704 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
09:17:17.0078 4704 ============================================================
09:17:17.0078 4704 Current date / time: 2012/02/09 09:17:17.0078
09:17:17.0078 4704 SystemInfo:
09:17:17.0078 4704
09:17:17.0078 4704 OS Version: 5.1.2600 ServicePack: 3.0
09:17:17.0078 4704 Product type: Workstation
09:17:17.0078 4704 ComputerName: BOSS
09:17:17.0078 4704 UserName: Bill
09:17:17.0078 4704 Windows directory: C:\WINDOWS
09:17:17.0078 4704 System windows directory: C:\WINDOWS
09:17:17.0078 4704 Processor architecture: Intel x86
09:17:17.0078 4704 Number of processors: 2
09:17:17.0078 4704 Page size: 0x1000
09:17:17.0078 4704 Boot type: Normal boot
09:17:17.0078 4704 ============================================================
09:17:17.0406 4704 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:17:17.0406 4704 Drive \Device\Harddisk1\DR4 - Size: 0x3C800000 (0.95 Gb), SectorSize: 0x800, Cylinders: 0x1E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:17:17.0406 4704 \Device\Harddisk0\DR0:
09:17:17.0406 4704 MBR used
09:17:17.0406 4704 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F608, BlocksNum 0x1C83CC93
09:17:17.0406 4704 \Device\Harddisk1\DR4:
09:17:17.0406 4704 MBR used
09:17:17.0453 4704 Initialize success
09:17:17.0453 4704 ============================================================
09:17:26.0218 4832 ============================================================
09:17:26.0218 4832 Scan started
09:17:26.0218 4832 Mode: Manual;
09:17:26.0218 4832 ============================================================
09:17:26.0531 4832 Abiosdsk - ok
09:17:26.0546 4832 abp480n5 - ok
09:17:26.0609 4832 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:17:26.0609 4832 ACPI - ok
09:17:26.0640 4832 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:17:26.0656 4832 ACPIEC - ok
09:17:26.0656 4832 adpu160m - ok
09:17:26.0687 4832 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:17:26.0687 4832 aec - ok
09:17:26.0718 4832 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
09:17:26.0718 4832 AegisP - ok
09:17:26.0765 4832 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
09:17:26.0765 4832 Afc - ok
09:17:26.0796 4832 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:17:26.0796 4832 AFD - ok
09:17:26.0812 4832 Aha154x - ok
09:17:26.0812 4832 aic78u2 - ok
09:17:26.0828 4832 aic78xx - ok
09:17:26.0843 4832 AliIde - ok
09:17:26.0843 4832 amsint - ok
09:17:26.0875 4832 ArcCD (a82f1a1b09593c73efd02a59dc94920c) C:\WINDOWS\system32\drivers\ArcCD.sys
09:17:26.0875 4832 ArcCD - ok
09:17:26.0890 4832 ArcRec (1af9061b61741a912368ab4dc309d25e) C:\WINDOWS\system32\drivers\ArcRec.sys
09:17:26.0890 4832 ArcRec - ok
09:17:26.0937 4832 ArcUdfs (3ee9e41102a2c6b8f7dbad5d44abda05) C:\WINDOWS\system32\drivers\ArcUdfs.sys
09:17:26.0937 4832 ArcUdfs - ok
09:17:27.0000 4832 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:17:27.0000 4832 Arp1394 - ok
09:17:27.0000 4832 asc - ok
09:17:27.0015 4832 asc3350p - ok
09:17:27.0015 4832 asc3550 - ok
09:17:27.0078 4832 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:17:27.0078 4832 AsyncMac - ok
09:17:27.0109 4832 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
09:17:27.0125 4832 atapi - ok
09:17:27.0203 4832 Atdisk - ok
09:17:27.0218 4832 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:17:27.0234 4832 Atmarpc - ok
09:17:27.0281 4832 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:17:27.0281 4832 audstub - ok
09:17:27.0312 4832 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
09:17:27.0312 4832 AVGIDSDriver - ok
09:17:27.0343 4832 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
09:17:27.0343 4832 AVGIDSEH - ok
09:17:27.0390 4832 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
09:17:27.0390 4832 AVGIDSFilter - ok
09:17:27.0421 4832 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
09:17:27.0421 4832 AVGIDSShim - ok
09:17:27.0468 4832 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
09:17:27.0468 4832 Avgldx86 - ok
09:17:27.0484 4832 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
09:17:27.0484 4832 Avgmfx86 - ok
09:17:27.0500 4832 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
09:17:27.0500 4832 Avgrkx86 - ok
09:17:27.0531 4832 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
09:17:27.0531 4832 Avgtdix - ok
09:17:27.0562 4832 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:17:27.0562 4832 Beep - ok
09:17:27.0671 4832 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
09:17:27.0671 4832 BthEnum - ok
09:17:27.0734 4832 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
09:17:27.0734 4832 BthPan - ok
09:17:27.0781 4832 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
09:17:27.0781 4832 BTHPORT - ok
09:17:27.0828 4832 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
09:17:27.0828 4832 BTHUSB - ok
09:17:27.0875 4832 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:17:27.0875 4832 cbidf2k - ok
09:17:27.0906 4832 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:17:27.0921 4832 CCDECODE - ok
09:17:27.0921 4832 cd20xrnt - ok
09:17:27.0953 4832 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:17:27.0953 4832 Cdaudio - ok
09:17:27.0984 4832 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:17:27.0984 4832 Cdfs - ok
09:17:28.0000 4832 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:17:28.0000 4832 Cdrom - ok
09:17:28.0031 4832 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
09:17:28.0031 4832 cercsr6 - ok
09:17:28.0031 4832 Changer - ok
09:17:28.0046 4832 CmdIde - ok
09:17:28.0078 4832 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
09:17:28.0078 4832 Compbatt - ok
09:17:28.0093 4832 Cpqarray - ok
09:17:28.0093 4832 dac2w2k - ok
09:17:28.0109 4832 dac960nt - ok
09:17:28.0125 4832 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:17:28.0125 4832 Disk - ok
09:17:28.0171 4832 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:17:28.0203 4832 dmboot - ok
09:17:28.0250 4832 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:17:28.0250 4832 dmio - ok
09:17:28.0281 4832 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:17:28.0281 4832 dmload - ok
09:17:28.0312 4832 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:17:28.0312 4832 DMusic - ok
09:17:28.0343 4832 dpti2o - ok
09:17:28.0375 4832 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:17:28.0375 4832 drmkaud - ok
09:17:28.0421 4832 e1express (00192f0c612591d585594e9467e6ca8b) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
09:17:28.0437 4832 e1express - ok
09:17:28.0484 4832 ELacpi (0923aec043f5d355b4ef0c2b29a362de) C:\WINDOWS\system32\DRIVERS\ELacpi.sys
09:17:28.0484 4832 ELacpi - ok
09:17:28.0531 4832 ELhid (cbd71e7772f92bfb85ccc302b2deefba) C:\WINDOWS\System32\Drivers\Elhid.sys
09:17:28.0531 4832 ELhid - ok
09:17:28.0562 4832 ELkbd (ac75b576c45d144e146fd1f0576a1f53) C:\WINDOWS\System32\Drivers\Elkbd.sys
09:17:28.0562 4832 ELkbd - ok
09:17:28.0609 4832 ELmon (483cce5e40137d4e437f4def55c80007) C:\WINDOWS\System32\Drivers\Elmon.sys
09:17:28.0609 4832 ELmon - ok
09:17:28.0640 4832 ELmou (8e88cafeac0812bf2d15beeedfcce8bd) C:\WINDOWS\System32\Drivers\Elmou.sys
09:17:28.0640 4832 ELmou - ok
09:17:28.0687 4832 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:17:28.0687 4832 Fastfat - ok
09:17:28.0734 4832 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:17:28.0734 4832 Fdc - ok
09:17:28.0781 4832 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:17:28.0781 4832 Fips - ok
09:17:28.0828 4832 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:17:28.0828 4832 Flpydisk - ok
09:17:28.0875 4832 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:17:28.0875 4832 FltMgr - ok
09:17:28.0921 4832 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:17:28.0921 4832 Fs_Rec - ok
09:17:28.0953 4832 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:17:28.0953 4832 Ftdisk - ok
09:17:29.0000 4832 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:17:29.0000 4832 GEARAspiWDM - ok
09:17:29.0046 4832 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:17:29.0046 4832 Gpc - ok
09:17:29.0093 4832 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:17:29.0093 4832 HDAudBus - ok
09:17:29.0171 4832 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
09:17:29.0171 4832 HidBatt - ok
09:17:29.0218 4832 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:17:29.0218 4832 hidusb - ok
09:17:29.0234 4832 hpn - ok
09:17:29.0296 4832 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
09:17:29.0296 4832 HSFHWBS2 - ok
09:17:29.0359 4832 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
09:17:29.0390 4832 HSF_DP - ok
09:17:29.0437 4832 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:17:29.0453 4832 HTTP - ok
09:17:29.0453 4832 i2omgmt - ok
09:17:29.0468 4832 i2omp - ok
09:17:29.0515 4832 iastor (e5a0034847537eaee3c00349d5c34c5f) C:\WINDOWS\system32\drivers\iastor.sys
09:17:29.0515 4832 iastor - ok
09:17:29.0531 4832 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:17:29.0531 4832 Imapi - ok
09:17:29.0546 4832 ini910u - ok
09:17:29.0546 4832 IntelIde - ok
09:17:29.0578 4832 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:17:29.0578 4832 intelppm - ok
09:17:29.0625 4832 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:17:29.0625 4832 Ip6Fw - ok
09:17:29.0671 4832 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:17:29.0671 4832 IpFilterDriver - ok
09:17:29.0703 4832 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:17:29.0703 4832 IpInIp - ok
09:17:29.0750 4832 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:17:29.0750 4832 IpNat - ok
09:17:29.0781 4832 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:17:29.0781 4832 IPSec - ok
09:17:29.0812 4832 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:17:29.0812 4832 IRENUM - ok
09:17:29.0859 4832 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:17:29.0875 4832 isapnp - ok
09:17:29.0937 4832 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:17:29.0937 4832 Kbdclass - ok
09:17:29.0968 4832 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:17:29.0968 4832 kbdhid - ok
09:17:30.0015 4832 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:17:30.0015 4832 kmixer - ok
09:17:30.0046 4832 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:17:30.0046 4832 KSecDD - ok
09:17:30.0046 4832 lbrtfdc - ok
09:17:30.0125 4832 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
09:17:30.0125 4832 mdmxsdk - ok
09:17:30.0156 4832 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
09:17:30.0156 4832 MHNDRV - ok
09:17:30.0187 4832 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:17:30.0203 4832 mnmdd - ok
09:17:30.0234 4832 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:17:30.0234 4832 Modem - ok
09:17:30.0265 4832 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
09:17:30.0265 4832 MODEMCSA - ok
09:17:30.0296 4832 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:17:30.0296 4832 Mouclass - ok
09:17:30.0328 4832 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:17:30.0328 4832 mouhid - ok
09:17:30.0343 4832 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:17:30.0343 4832 MountMgr - ok
09:17:30.0406 4832 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
09:17:30.0406 4832 MPE - ok
09:17:30.0406 4832 mraid35x - ok
09:17:30.0437 4832 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:17:30.0453 4832 MRxDAV - ok
09:17:30.0500 4832 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:17:30.0500 4832 MRxSmb - ok
09:17:30.0531 4832 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:17:30.0531 4832 Msfs - ok
09:17:30.0578 4832 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:17:30.0578 4832 MSKSSRV - ok
09:17:30.0625 4832 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:17:30.0625 4832 MSPCLOCK - ok
09:17:30.0687 4832 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:17:30.0687 4832 MSPQM - ok
09:17:30.0734 4832 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:17:30.0750 4832 mssmbios - ok
09:17:30.0765 4832 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
09:17:30.0765 4832 MSTEE - ok
09:17:30.0796 4832 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:17:30.0796 4832 Mup - ok
09:17:30.0828 4832 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:17:30.0828 4832 NABTSFEC - ok
09:17:30.0859 4832 NAL (1e59aaed42a5e3a5ed86ec403f9c0776) C:\WINDOWS\system32\Drivers\iqvw32.sys
09:17:30.0859 4832 NAL - ok
09:17:30.0875 4832 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:17:30.0875 4832 NDIS - ok
09:17:30.0906 4832 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:17:30.0906 4832 NdisIP - ok
09:17:30.0937 4832 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:17:30.0937 4832 NdisTapi - ok
09:17:30.0968 4832 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:17:30.0968 4832 Ndisuio - ok
09:17:31.0015 4832 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:17:31.0015 4832 NdisWan - ok
09:17:31.0046 4832 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:17:31.0046 4832 NDProxy - ok
09:17:31.0062 4832 Netaapl (1352e1648213551923a0a822e441553c) C:\WINDOWS\system32\DRIVERS\netaapl.sys
09:17:31.0062 4832 Netaapl - ok
09:17:31.0093 4832 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:17:31.0109 4832 NetBIOS - ok
09:17:31.0125 4832 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:17:31.0140 4832 NetBT - ok
09:17:31.0156 4832 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:17:31.0156 4832 NIC1394 - ok
09:17:31.0171 4832 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:17:31.0171 4832 Npfs - ok
09:17:31.0203 4832 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:17:31.0218 4832 Ntfs - ok
09:17:31.0265 4832 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
09:17:31.0265 4832 NuidFltr - ok
09:17:31.0296 4832 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:17:31.0296 4832 Null - ok
09:17:31.0468 4832 nv (5950e6cc9fb3fabb61604d395dbc8550) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:17:31.0625 4832 nv - ok
09:17:31.0703 4832 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:17:31.0703 4832 NwlnkFlt - ok
09:17:31.0718 4832 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:17:31.0718 4832 NwlnkFwd - ok
09:17:31.0734 4832 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:17:31.0734 4832 ohci1394 - ok
09:17:31.0750 4832 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
09:17:31.0765 4832 Parport - ok
09:17:31.0765 4832 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:17:31.0765 4832 PartMgr - ok
09:17:31.0796 4832 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:17:31.0796 4832 ParVdm - ok
09:17:31.0796 4832 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:17:31.0796 4832 PCI - ok
09:17:31.0812 4832 PCIDump - ok
09:17:31.0812 4832 PCIIde - ok
09:17:31.0859 4832 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:17:31.0859 4832 Pcmcia - ok
09:17:31.0859 4832 PDCOMP - ok
09:17:31.0875 4832 PDFRAME - ok
09:17:31.0875 4832 PDRELI - ok
09:17:31.0890 4832 PDRFRAME - ok
09:17:31.0906 4832 perc2 - ok
09:17:31.0906 4832 perc2hib - ok
09:17:31.0937 4832 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:17:31.0937 4832 PptpMiniport - ok
09:17:31.0953 4832 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:17:31.0953 4832 PSched - ok
09:17:31.0984 4832 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:17:31.0984 4832 Ptilink - ok
09:17:32.0015 4832 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:17:32.0015 4832 PxHelp20 - ok
09:17:32.0015 4832 ql1080 - ok
09:17:32.0031 4832 Ql10wnt - ok
09:17:32.0046 4832 ql12160 - ok
09:17:32.0046 4832 ql1240 - ok
09:17:32.0062 4832 ql1280 - ok
09:17:32.0078 4832 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:17:32.0093 4832 RasAcd - ok
09:17:32.0093 4832 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:17:32.0093 4832 Rasl2tp - ok
09:17:32.0109 4832 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:17:32.0109 4832 RasPppoe - ok
09:17:32.0125 4832 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:17:32.0125 4832 Raspti - ok
09:17:32.0140 4832 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:17:32.0140 4832 Rdbss - ok
09:17:32.0171 4832 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:17:32.0171 4832 RDPCDD - ok
09:17:32.0187 4832 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:17:32.0203 4832 rdpdr - ok
09:17:32.0250 4832 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
09:17:32.0250 4832 RDPWD - ok
09:17:32.0296 4832 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:17:32.0296 4832 redbook - ok
09:17:32.0343 4832 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
09:17:32.0343 4832 RFCOMM - ok
09:17:32.0375 4832 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\WINDOWS\system32\Drivers\RimUsb.sys
09:17:32.0375 4832 RimUsb - ok
09:17:32.0406 4832 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
09:17:32.0406 4832 RimVSerPort - ok
09:17:32.0406 4832 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
09:17:32.0406 4832 ROOTMODEM - ok
09:17:32.0468 4832 RT61 (581e74880aeb1dba1cb5ac8e6e6c0a69) C:\WINDOWS\system32\DRIVERS\RT61.sys
09:17:32.0484 4832 RT61 - ok
09:17:32.0531 4832 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:17:32.0531 4832 Secdrv - ok
09:17:32.0562 4832 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
09:17:32.0562 4832 Serial - ok
09:17:32.0593 4832 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:17:32.0593 4832 Sfloppy - ok
09:17:32.0609 4832 Simbad - ok
09:17:32.0640 4832 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:17:32.0640 4832 SLIP - ok
09:17:32.0703 4832 Sparrow - ok
09:17:32.0718 4832 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:17:32.0718 4832 splitter - ok
09:17:32.0750 4832 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:17:32.0750 4832 sr - ok
09:17:32.0781 4832 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:17:32.0796 4832 Srv - ok
09:17:32.0859 4832 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys
09:17:32.0859 4832 STHDA - ok
09:17:32.0890 4832 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:17:32.0890 4832 streamip - ok
09:17:32.0890 4832 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:17:32.0890 4832 swenum - ok
09:17:32.0921 4832 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:17:32.0921 4832 swmidi - ok
09:17:32.0937 4832 symc810 - ok
09:17:32.0937 4832 symc8xx - ok
09:17:32.0953 4832 sym_hi - ok
09:17:32.0968 4832 sym_u3 - ok
09:17:32.0984 4832 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:17:32.0984 4832 sysaudio - ok
09:17:33.0031 4832 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:17:33.0046 4832 Tcpip - ok
09:17:33.0062 4832 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:17:33.0062 4832 TDPIPE - ok
09:17:33.0109 4832 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:17:33.0109 4832 TDTCP - ok
09:17:33.0125 4832 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:17:33.0125 4832 TermDD - ok
09:17:33.0140 4832 TosIde - ok
09:17:33.0171 4832 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:17:33.0171 4832 Udfs - ok
09:17:33.0187 4832 ultra - ok
09:17:33.0218 4832 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:17:33.0234 4832 Update - ok
09:17:33.0296 4832 USB28xxBGA (56b0b784e0ed3b6a9beb67f63cd6d4a2) C:\WINDOWS\system32\DRIVERS\emBDA.sys
09:17:33.0328 4832 USB28xxBGA - ok
09:17:33.0343 4832 USB28xxOEM (d74634509e22ea69692ea173586db8e6) C:\WINDOWS\system32\DRIVERS\emOEM.sys
09:17:33.0343 4832 USB28xxOEM - ok
09:17:33.0390 4832 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
09:17:33.0390 4832 USBAAPL - ok
09:17:33.0468 4832 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:17:33.0484 4832 usbccgp - ok
09:17:33.0515 4832 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:17:33.0515 4832 usbehci - ok
09:17:33.0546 4832 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:17:33.0546 4832 usbhub - ok
09:17:33.0578 4832 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:17:33.0578 4832 usbprint - ok
09:17:33.0640 4832 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:17:33.0640 4832 usbscan - ok
09:17:33.0687 4832 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:17:33.0687 4832 USBSTOR - ok
09:17:33.0718 4832 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:17:33.0718 4832 usbuhci - ok
09:17:33.0718 4832 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:17:33.0718 4832 VgaSave - ok
09:17:33.0734 4832 ViaIde - ok
09:17:33.0750 4832 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:17:33.0750 4832 VolSnap - ok
09:17:33.0796 4832 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:17:33.0796 4832 Wanarp - ok
09:17:33.0828 4832 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
09:17:33.0828 4832 wceusbsh - ok
09:17:33.0859 4832 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
09:17:33.0875 4832 Wdf01000 - ok
09:17:33.0890 4832 WDICA - ok
09:17:33.0921 4832 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:17:33.0921 4832 wdmaud - ok
09:17:33.0984 4832 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
09:17:34.0000 4832 winachsf - ok
09:17:34.0078 4832 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
09:17:34.0078 4832 WpdUsb - ok
09:17:34.0140 4832 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:17:34.0140 4832 WSTCODEC - ok
09:17:34.0156 4832 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:17:34.0156 4832 WudfPf - ok
09:17:34.0171 4832 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:17:34.0171 4832 WudfRd - ok
09:17:34.0218 4832 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
09:17:34.0359 4832 \Device\Harddisk0\DR0 - ok
09:17:34.0390 4832 MBR (0x1B8) (2dcf4693fd8831b3cc1cafd431586e65) \Device\Harddisk1\DR4
09:18:34.0046 4832 \Device\Harddisk1\DR4 - ok
09:18:34.0062 4832 Boot (0x1200) (cb3e6898885f8e6ac12d666f03969524) \Device\Harddisk0\DR0\Partition0
09:18:34.0062 4832 \Device\Harddisk0\DR0\Partition0 - ok
09:18:34.0062 4832 ============================================================
09:18:34.0062 4832 Scan finished
09:18:34.0062 4832 ============================================================
09:18:34.0062 4824 Detected object count: 0
09:18:34.0062 4824 Actual detected object count: 0

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.09.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Bill :: BOSS [administrator]

2/9/2012 9:34:47 AM
mbam-log-2012-02-09 (09-34-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207451
Time elapsed: 14 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Documents and Settings\All Users\Application Data\CD6.tmp (Rogue.InternetSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\Local Settings\Temp\yr0.7495681106902611.exe (Trojan.Agent.TW) -> Quarantined and deleted successfully.

(end)

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:02 PM

Posted 09 February 2012 - 11:40 AM

You're welcome. If you can check to see if the other machine redirects as that may mean a router infection.



Your HOSTS file may be infected.
Reset the HOSTS file
As this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system.
Some types of malware will alter the HOSTS file as part of its infection. Please follow the instructions provided in How do I reset the hosts file back to the default?

To reset the hosts file automatically,go HERE click the Posted Image button. Then just follow the prompts in the Fix it wizard.


OR
Click Run in the File Download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the promots in the Fix it wizard.

>>>>
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).


As you found a Rogue Security......

Run RKill....


Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select FULL scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 wrhatt

wrhatt
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 10 February 2012 - 12:27 AM

The other computer connected by wifi does not seem infected. However I ran the Microsoft Fix it just in case.

GooredFix by jpshortstuff (03.07.10.1)
Log created at 23:22 on 09/02/2012 (Bill)
Firefox version 8.0.1 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [14:28 16/12/2011]
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [01:51 09/02/2012]

C:\Documents and Settings\Bill\Application Data\Mozilla\Firefox\Profiles\en3w9z6y.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [13:09 31/08/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [22:06 30/07/2010]
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"="C:\Program Files\AVG\AVG2012\Firefox4\" [14:42 22/09/2011]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [05:13 27/03/2010]

-=E.O.F=-

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 02/09/2012 at 23:25:13.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

xe


Rkill completed on 02/09/2012 at 23:25:21.

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.09.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Bill :: BOSS [administrator]

2/9/2012 11:33:22 PM
mbam-log-2012-02-09 (23-33-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207466
Time elapsed: 16 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0

ESET Scan

C:\Documents and Settings\Bill\Application

Data\Sun\Java\Deployment\cache\6.0\43\206b916b-50708487

Win32/TrojanDownloader.Vespula.AA Trojan

cleaned by deleting - quarantined

Edited by wrhatt, 10 February 2012 - 07:18 AM.


#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:02 PM

Posted 10 February 2012 - 10:51 AM

Is the redirect gone now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 wrhatt

wrhatt
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:11:02 PM

Posted 10 February 2012 - 01:19 PM

Google appears to be back to normal. Thanks again for your help. Over the years I have tried various virus protection programs. Obviously AVG free 2012 has limitations. I’ve tried Norton but it slowed the computer to a crawl. McAfee wanted me to click a button for every web site I went to which was time consuming. What Virus protection would you recommend?

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:02 PM

Posted 10 February 2012 - 02:03 PM

I use and recommond this for free Avira Antivir

If I were to want a paid service I feel I would select ESET/Nod32


If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users