Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect virus


  • Please log in to reply
8 replies to this topic

#1 Jr6x

Jr6x

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 16 March 2012 - 05:58 PM

When i google something it redirects me to either Gimmeanswers or Happilee. I have tried Malwarebytes and search and destroy but it keeps happening. Any help? Thanks

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:04 PM

Posted 16 March 2012 - 06:26 PM

Hello, I moved this to Am I Infected.
Are you on a router? Are other machines on it,if so are they redirecting?

Do you use Firefox?


Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.




Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.



If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, [color="#8B0000"]Post new scan log
and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Jr6x

Jr6x
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 21 March 2012 - 03:04 AM

MiniToolBox by Farbar Version: 18-01-2012
Ran by Owner (administrator) on 21-03-2012 at 00:53:22
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: socks=127.0.0.1:4021

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

= Local Area Connection 8 (Disconnected)
Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : Computer

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : gateway.2wire.net



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : gateway.2wire.net

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-13-20-16-DF-DC

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.64

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.254

DHCP Server . . . . . . . . . . . : 192.168.1.254

DNS Servers . . . . . . . . . . . : 192.168.1.254

Lease Obtained. . . . . . . . . . : Wednesday, March 21, 2012 12:37:36 AM

Lease Expires . . . . . . . . . . : Thursday, March 22, 2012 12:37:36 AM

Server: home
Address: 192.168.1.254

Name: google.com
Addresses: 74.125.224.228, 74.125.224.229, 74.125.224.230, 74.125.224.231
74.125.224.232, 74.125.224.233, 74.125.224.238, 74.125.224.224, 74.125.224.225
74.125.224.226, 74.125.224.227



Pinging google.com [74.125.224.228] with 32 bytes of data:



Reply from 74.125.224.228: bytes=32 time=12ms TTL=54

Reply from 74.125.224.228: bytes=32 time=13ms TTL=54



Ping statistics for 74.125.224.228:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 12ms, Maximum = 13ms, Average = 12ms

Server: home
Address: 192.168.1.254

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=137ms TTL=44

Reply from 98.139.183.24: bytes=32 time=107ms TTL=42



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 107ms, Maximum = 137ms, Average = 122ms

Server: home
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 20 16 df dc ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.64 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.64 192.168.1.64 20
192.168.1.0 255.255.255.0 192.168.1.64 192.168.1.64 20
192.168.1.64 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.64 192.168.1.64 20
224.0.0.0 240.0.0.0 192.168.1.64 192.168.1.64 20
255.255.255.255 255.255.255.255 192.168.1.64 192.168.1.64 1
Default Gateway: 192.168.1.254
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\system32\idmmbc.dll [210352] (Tonec Inc.)
Catalog9 02 C:\WINDOWS\system32\idmmbc.dll [210352] (Tonec Inc.)
Catalog9 03 C:\WINDOWS\system32\idmmbc.dll [210352] (Tonec Inc.)
Catalog9 04 C:\WINDOWS\system32\idmmbc.dll [210352] (Tonec Inc.)
Catalog9 05 C:\WINDOWS\system32\idmmbc.dll [210352] (Tonec Inc.)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\idmmbc.dll [210352] (Tonec Inc.)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/20/2012 07:51:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9965609

Error: (03/20/2012 07:51:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9965609

Error: (03/20/2012 07:51:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/19/2012 09:07:49 PM) (Source: Application Hang) (User: )
Description: Hanging application msimn.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/16/2012 07:08:45 PM) (Source: Application Error) (User: )
Description: Faulting application plugin-container.exe, version 5.0.1.4205, faulting module xul.dll, version 5.0.1.4205, fault address 0x008df35b.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (03/15/2012 00:06:16 AM) (Source: Application Error) (User: )
Description: Faulting application gooredfix.exe, version 2.0.0.687, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000101b3.
Processing media-specific event for [gooredfix.exe!ws!]

Error: (03/15/2012 00:06:10 AM) (Source: Application Error) (User: )
Description: Fault bucket -1976765705.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (03/15/2012 00:06:06 AM) (Source: Application Error) (User: )
Description: Faulting application gooredfix.exe, version 2.0.0.687, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000101b3.
Processing media-specific event for [gooredfix.exe!ws!]

Error: (03/15/2012 00:04:10 AM) (Source: Application Error) (User: )
Description: Faulting application gooredfix.exe, version 2.0.0.687, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000101b3.
Processing media-specific event for [gooredfix.exe!ws!]

Error: (03/15/2012 00:00:33 AM) (Source: Application Error) (User: )
Description: Faulting application gooredfix.exe, version 2.0.0.687, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000101b3.
Processing media-specific event for [gooredfix.exe!ws!]


System errors:
=============
Error: (03/20/2012 00:37:49 PM) (Source: Service Control Manager) (User: )
Description: The X4HSX32 service failed to start due to the following error:
%%3

Error: (03/20/2012 00:37:49 PM) (Source: Service Control Manager) (User: )
Description: The Zune Bus Enumerator Driver service failed to start due to the following error:
%%2

Error: (03/20/2012 10:50:47 AM) (Source: Service Control Manager) (User: )
Description: The X4HSX32 service failed to start due to the following error:
%%3

Error: (03/20/2012 10:50:47 AM) (Source: Service Control Manager) (User: )
Description: The Zune Bus Enumerator Driver service failed to start due to the following error:
%%2

Error: (03/19/2012 08:04:39 PM) (Source: Service Control Manager) (User: )
Description: The X4HSX32 service failed to start due to the following error:
%%3

Error: (03/19/2012 08:04:39 PM) (Source: Service Control Manager) (User: )
Description: The Zune Bus Enumerator Driver service failed to start due to the following error:
%%2

Error: (03/19/2012 03:15:37 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (03/19/2012 03:06:22 PM) (Source: Service Control Manager) (User: )
Description: The X4HSX32 service failed to start due to the following error:
%%3

Error: (03/19/2012 03:06:22 PM) (Source: Service Control Manager) (User: )
Description: The Zune Bus Enumerator Driver service failed to start due to the following error:
%%2

Error: (03/19/2012 04:14:50 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.


Microsoft Office Sessions:
=========================
Error: (03/20/2012 07:51:11 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9965609

Error: (03/20/2012 07:51:11 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9965609

Error: (03/20/2012 07:51:11 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/19/2012 09:07:49 PM) (Source: Application Hang)(User: )
Description: msimn.exe6.0.2900.5512hungapp0.0.0.000000000

Error: (03/16/2012 07:08:45 PM) (Source: Application Error)(User: )
Description: plugin-container.exe5.0.1.4205xul.dll5.0.1.4205008df35b

Error: (03/15/2012 00:06:16 AM) (Source: Application Error)(User: )
Description: gooredfix.exe2.0.0.687ntdll.dll5.1.2600.6055000101b3

Error: (03/15/2012 00:06:10 AM) (Source: Application Error)(User: )
Description: -1976765705

Error: (03/15/2012 00:06:06 AM) (Source: Application Error)(User: )
Description: gooredfix.exe2.0.0.687ntdll.dll5.1.2600.6055000101b3

Error: (03/15/2012 00:04:10 AM) (Source: Application Error)(User: )
Description: gooredfix.exe2.0.0.687ntdll.dll5.1.2600.6055000101b3

Error: (03/15/2012 00:00:33 AM) (Source: Application Error)(User: )
Description: gooredfix.exe2.0.0.687ntdll.dll5.1.2600.6055000101b3


=========================== Installed Programs ============================

Adobe Flash Player 10 ActiveX (Version: 10.3.181.26)
Adobe Flash Player 10 Plugin (Version: 10.3.183.5)
Adobe Reader X (10.1.1) (Version: 10.1.1)
AOL Toolbar
AOL You've Got Pictures Screensaver
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
Ask Toolbar (Version: 1.14.1.0)
aTube Catcher (Version: 2.7.778)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.09)
Digital Camera Device Driver
Digital Media Reader (Version: 1.09)
DivX Setup (Version: 2.6.0.34)
Download Updater (AOL LLC)
FM Screen Capture Codec (Remove Only)
FrostWire 4.21.8 (Version: 4.21.8.0)
Google Chrome (Version: 17.0.963.79)
Google Earth (Version: 6.1.0.5001)
Google Toolbar for Internet Explorer
Google Update Helper (Version: 1.3.21.99)
Intel® Extreme Graphics 2 Driver (Version: 6.14.10.4396)
Intel® Network Connections 14.0.40.0 (Version: 14.0.40.0)
Internet Download Manager
iTunes (Version: 10.5.3.3)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
Learn2 Player (Uninstall Only)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
ManyCam 2.6.55 (remove only) (Version: 2.6.55)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Default Manager (Version: 2.2.114.0)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Money 2005 (Version: 14)
Microsoft Search Enhancement Pack (Version: 3.0.131.0)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 08.04.0623)
Mozilla Firefox 5.0.1 (x86 en-US) (Version: 5.0.1)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MySpace Toolbar (Version: 1.0.72.0)
MySpaceIM (Version: 1.0.823.0)
Nero BurnRights
Nero OEM
Norton AntiVirus (Version: 17.9.0.12)
PowerDVD
proXPN 2.4.9 (Version: 2.4.9)
QuickTime (Version: 7.71.80.42)
Realtek AC'97 Audio
Recuva (Version: 1.38)
Revo Uninstaller Pro 2.5.1 (Version: 2.5.1)
SoftV92 Data Fax Modem with SmartCP
Spybot - Search & Destroy (Version: 1.6.2)
System Requirements Lab for Intel (Version: 4.4.24.0)
Unity Web Player (Version: )
Unlocker 1.9.0 (Version: 1.9.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Viewpoint Media Player
WBFS Manager 3.0 (Version: 3.0)
WebFldrs XP (Version: 9.50.7523)
Windows Backup Utility (Version: 5.1)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0 (Version: 2)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
Xiph QuickTime Components
Yahoo! Messenger

========================= Devices: ================================

Name:
Description:
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 61%
Total physical RAM: 494.73 MB
Available physical RAM: 188.87 MB
Total Pagefile: 1152.17 MB
Available Pagefile: 826.62 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.76 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:70.79 GB) (Free:23.53 GB) NTFS
2 Drive d: () (Fixed) (Total:3.72 GB) (Free:1.67 GB) FAT32

========================= Users: ========================================

User accounts for \\COMPUTER

Administrator ASPNET Guest
HelpAssistant Owner SUPPORT_388945a0


**** End of log ****




.


00:47:52.0031 3860 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
00:47:53.0156 3860 ============================================================
00:47:53.0156 3860 Current date / time: 2012/03/21 00:47:53.0156
00:47:53.0156 3860 SystemInfo:
00:47:53.0156 3860
00:47:53.0156 3860 OS Version: 5.1.2600 ServicePack: 3.0
00:47:53.0156 3860 Product type: Workstation
00:47:53.0156 3860 ComputerName: COMPUTER
00:47:53.0156 3860 UserName: Owner
00:47:53.0156 3860 Windows directory: C:\WINDOWS
00:47:53.0156 3860 System windows directory: C:\WINDOWS
00:47:53.0156 3860 Processor architecture: Intel x86
00:47:53.0156 3860 Number of processors: 1
00:47:53.0156 3860 Page size: 0x1000
00:47:53.0156 3860 Boot type: Normal boot
00:47:53.0156 3860 ============================================================
00:47:57.0125 3860 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:47:57.0296 3860 \Device\Harddisk0\DR0:
00:47:57.0328 3860 MBR used
00:47:57.0328 3860 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x776127, BlocksNum 0x8D944D9
00:47:57.0328 3860 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x7760E8
00:47:57.0390 3860 Initialize success
00:47:57.0390 3860 ============================================================
00:48:01.0687 3960 ============================================================
00:48:01.0687 3960 Scan started
00:48:01.0687 3960 Mode: Manual;
00:48:01.0687 3960 ============================================================
00:48:03.0109 3960 Abiosdsk - ok
00:48:03.0343 3960 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
00:48:03.0359 3960 abp480n5 - ok
00:48:03.0734 3960 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:48:03.0796 3960 ACPI - ok
00:48:04.0125 3960 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
00:48:04.0125 3960 ACPIEC - ok
00:48:04.0515 3960 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
00:48:04.0546 3960 adpu160m - ok
00:48:04.0937 3960 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:48:04.0984 3960 aec - ok
00:48:05.0390 3960 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
00:48:05.0437 3960 AFD - ok
00:48:05.0812 3960 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
00:48:05.0828 3960 agp440 - ok
00:48:06.0218 3960 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
00:48:06.0234 3960 agpCPQ - ok
00:48:06.0593 3960 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
00:48:06.0609 3960 Aha154x - ok
00:48:06.0968 3960 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
00:48:06.0984 3960 aic78u2 - ok
00:48:07.0359 3960 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
00:48:07.0375 3960 aic78xx - ok
00:48:08.0468 3960 ALCXWDM (3cb2e2c258bfff962f90e26c0649c638) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
00:48:09.0218 3960 ALCXWDM - ok
00:48:09.0593 3960 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
00:48:09.0609 3960 AliIde - ok
00:48:09.0984 3960 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
00:48:09.0984 3960 alim1541 - ok
00:48:10.0390 3960 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
00:48:10.0406 3960 amdagp - ok
00:48:10.0796 3960 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
00:48:10.0812 3960 amsint - ok
00:48:11.0140 3960 androidusb (e94e2ea7faaa05c776a711edb198b9fd) C:\WINDOWS\system32\Drivers\smhwadb.sys
00:48:11.0156 3960 androidusb - ok
00:48:11.0515 3960 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
00:48:11.0531 3960 asc - ok
00:48:11.0906 3960 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
00:48:11.0906 3960 asc3350p - ok
00:48:12.0296 3960 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
00:48:12.0296 3960 asc3550 - ok
00:48:12.0671 3960 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:48:12.0671 3960 AsyncMac - ok
00:48:13.0046 3960 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:48:13.0046 3960 atapi - ok
00:48:13.0406 3960 Atdisk - ok
00:48:13.0656 3960 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:48:13.0687 3960 Atmarpc - ok
00:48:14.0015 3960 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:48:14.0031 3960 audstub - ok
00:48:14.0390 3960 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:48:14.0390 3960 Beep - ok
00:48:14.0890 3960 BHDrvx86 (eb7f1f1dfa95c25d762c22d3cf13d4e0) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20120302.001\BHDrvx86.sys
00:48:15.0234 3960 BHDrvx86 - ok
00:48:15.0265 3960 catchme - ok
00:48:15.0609 3960 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
00:48:15.0625 3960 cbidf - ok
00:48:15.0968 3960 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:48:15.0968 3960 cbidf2k - ok
00:48:16.0359 3960 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
00:48:16.0359 3960 CCDECODE - ok
00:48:16.0937 3960 ccHP (1fa1c0e73eca849bed29a47c508f7f17) C:\WINDOWS\system32\drivers\NAV\1109000.00C\ccHPx86.sys
00:48:17.0140 3960 ccHP - ok
00:48:17.0500 3960 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
00:48:17.0515 3960 cd20xrnt - ok
00:48:17.0875 3960 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:48:17.0875 3960 Cdaudio - ok
00:48:18.0453 3960 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:48:18.0593 3960 Cdfs - ok
00:48:20.0187 3960 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:48:20.0250 3960 Cdrom - ok
00:48:22.0328 3960 Changer - ok
00:48:23.0234 3960 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
00:48:23.0250 3960 CmdIde - ok
00:48:24.0046 3960 CoachUsb (fafa3c99864e9df18cb68725bbcf7bca) C:\WINDOWS\system32\DRIVERS\CoachUsb.sys
00:48:24.0156 3960 CoachUsb - ok
00:48:26.0625 3960 CoachVid (7aefe82c02d4933cee4b7cb78c409845) C:\WINDOWS\system32\DRIVERS\CoachVid.sys
00:48:26.0671 3960 CoachVid - ok
00:48:28.0171 3960 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
00:48:28.0234 3960 Cpqarray - ok
00:48:28.0890 3960 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
00:48:28.0984 3960 cpudrv - ok
00:48:29.0875 3960 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
00:48:29.0953 3960 dac2w2k - ok
00:48:30.0406 3960 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
00:48:30.0437 3960 dac960nt - ok
00:48:30.0953 3960 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
00:48:30.0984 3960 Disk - ok
00:48:32.0187 3960 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
00:48:32.0578 3960 dmboot - ok
00:48:33.0265 3960 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
00:48:33.0328 3960 dmio - ok
00:48:33.0968 3960 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:48:33.0984 3960 dmload - ok
00:48:34.0671 3960 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:48:34.0703 3960 DMusic - ok
00:48:35.0203 3960 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
00:48:35.0218 3960 dpti2o - ok
00:48:35.0640 3960 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:48:35.0687 3960 drmkaud - ok
00:48:37.0078 3960 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys
00:48:37.0187 3960 E100B - ok
00:48:37.0625 3960 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
00:48:38.0000 3960 eeCtrl - ok
00:48:38.0578 3960 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
00:48:38.0625 3960 EraserUtilRebootDrv - ok
00:48:39.0359 3960 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:48:39.0468 3960 Fastfat - ok
00:48:41.0406 3960 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
00:48:41.0593 3960 Fdc - ok
00:48:43.0562 3960 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
00:48:43.0671 3960 Fips - ok
00:48:45.0062 3960 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
00:48:45.0187 3960 Flpydisk - ok
00:48:46.0984 3960 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
00:48:47.0218 3960 FltMgr - ok
00:48:49.0109 3960 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:48:49.0234 3960 Fs_Rec - ok
00:48:50.0875 3960 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:48:50.0968 3960 Ftdisk - ok
00:48:51.0640 3960 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
00:48:51.0703 3960 GEARAspiWDM - ok
00:48:52.0359 3960 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:48:52.0390 3960 Gpc - ok
00:48:52.0953 3960 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:48:52.0968 3960 HidUsb - ok
00:48:54.0203 3960 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
00:48:54.0312 3960 hpn - ok
00:48:55.0218 3960 HSFHWBS2 (33dfc0afa95f9a2c753ff2adb7d4a21f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
00:48:55.0296 3960 HSFHWBS2 - ok
00:48:56.0656 3960 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
00:48:57.0406 3960 HSF_DP - ok
00:48:58.0468 3960 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
00:48:58.0968 3960 HTTP - ok
00:48:59.0562 3960 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
00:48:59.0609 3960 i2omgmt - ok
00:49:00.0453 3960 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
00:49:00.0453 3960 i2omp - ok
00:49:01.0171 3960 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:49:01.0281 3960 i8042prt - ok
00:49:03.0000 3960 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
00:49:04.0625 3960 ialm - ok
00:49:05.0656 3960 IDSxpx86 (cfbc1ce72e5353d428704659199147b1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20120316.005\IDSxpx86.sys
00:49:05.0859 3960 IDSxpx86 - ok
00:49:06.0703 3960 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:49:06.0734 3960 Imapi - ok
00:49:07.0312 3960 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
00:49:07.0453 3960 ini910u - ok
00:49:08.0156 3960 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
00:49:08.0156 3960 IntelIde - ok
00:49:08.0703 3960 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:49:08.0750 3960 intelppm - ok
00:49:09.0156 3960 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
00:49:09.0187 3960 Ip6Fw - ok
00:49:09.0656 3960 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:49:09.0703 3960 IpFilterDriver - ok
00:49:10.0125 3960 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:49:10.0156 3960 IpInIp - ok
00:49:10.0671 3960 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:49:10.0718 3960 IpNat - ok
00:49:11.0171 3960 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:49:11.0203 3960 IPSec - ok
00:49:11.0718 3960 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:49:11.0734 3960 IRENUM - ok
00:49:12.0171 3960 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:49:12.0187 3960 isapnp - ok
00:49:12.0687 3960 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:49:12.0718 3960 Kbdclass - ok
00:49:13.0218 3960 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:49:13.0265 3960 kmixer - ok
00:49:13.0734 3960 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
00:49:13.0796 3960 KSecDD - ok
00:49:14.0171 3960 lbrtfdc - ok
00:49:14.0468 3960 ManyCam (c6d085c7045200143528136a43a65fde) C:\WINDOWS\system32\DRIVERS\ManyCam.sys
00:49:14.0468 3960 ManyCam - ok
00:49:14.0843 3960 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
00:49:14.0859 3960 mdmxsdk - ok
00:49:15.0265 3960 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:49:15.0281 3960 mnmdd - ok
00:49:15.0750 3960 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
00:49:15.0765 3960 Modem - ok
00:49:16.0218 3960 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:49:16.0250 3960 Mouclass - ok
00:49:16.0750 3960 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:49:16.0796 3960 MountMgr - ok
00:49:16.0953 3960 MpKsl62a86370 - ok
00:49:17.0421 3960 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
00:49:17.0437 3960 mraid35x - ok
00:49:17.0953 3960 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:49:18.0015 3960 MRxDAV - ok
00:49:18.0671 3960 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:49:18.0875 3960 MRxSmb - ok
00:49:19.0500 3960 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:49:19.0515 3960 Msfs - ok
00:49:20.0156 3960 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:49:20.0187 3960 MSKSSRV - ok
00:49:20.0890 3960 msloop (64e8b7c65eb4796939c0f64f8170821b) C:\WINDOWS\system32\DRIVERS\loop.sys
00:49:20.0921 3960 msloop - ok
00:49:21.0453 3960 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:49:21.0453 3960 MSPCLOCK - ok
00:49:21.0828 3960 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
00:49:21.0828 3960 MSPQM - ok
00:49:22.0406 3960 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:49:22.0421 3960 mssmbios - ok
00:49:22.0765 3960 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
00:49:22.0781 3960 MSTEE - ok
00:49:23.0250 3960 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
00:49:23.0281 3960 Mup - ok
00:49:23.0703 3960 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys
00:49:23.0703 3960 mxnic - ok
00:49:24.0203 3960 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
00:49:24.0234 3960 NABTSFEC - ok
00:49:24.0578 3960 NAL (481daa2cba98521a4e40f75518c06330) C:\WINDOWS\system32\Drivers\iqvw32.sys
00:49:24.0593 3960 NAL - ok
00:49:24.0796 3960 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20120318.006\NAVENG.SYS
00:49:24.0828 3960 NAVENG - ok
00:49:25.0609 3960 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20120318.006\NAVEX15.SYS
00:49:26.0281 3960 NAVEX15 - ok
00:49:26.0812 3960 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:49:26.0875 3960 NDIS - ok
00:49:27.0359 3960 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
00:49:27.0359 3960 NdisIP - ok
00:49:27.0718 3960 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:49:27.0718 3960 NdisTapi - ok
00:49:28.0203 3960 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:49:28.0203 3960 Ndisuio - ok
00:49:28.0609 3960 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:49:28.0640 3960 NdisWan - ok
00:49:28.0984 3960 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
00:49:29.0000 3960 NDProxy - ok
00:49:29.0484 3960 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:49:29.0500 3960 NetBIOS - ok
00:49:29.0890 3960 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:49:29.0953 3960 NetBT - ok
00:49:30.0468 3960 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:49:30.0468 3960 Npfs - ok
00:49:31.0031 3960 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:49:31.0343 3960 Ntfs - ok
00:49:31.0703 3960 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:49:31.0703 3960 Null - ok
00:49:32.0781 3960 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
00:49:33.0921 3960 nv - ok
00:49:34.0625 3960 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:49:34.0656 3960 NwlnkFlt - ok
00:49:35.0312 3960 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:49:35.0359 3960 NwlnkFwd - ok
00:49:35.0859 3960 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
00:49:35.0890 3960 P3 - ok
00:49:36.0578 3960 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
00:49:36.0625 3960 Parport - ok
00:49:37.0140 3960 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:49:37.0281 3960 PartMgr - ok
00:49:37.0843 3960 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
00:49:37.0890 3960 ParVdm - ok
00:49:38.0562 3960 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
00:49:38.0609 3960 PCI - ok
00:49:39.0031 3960 PCIDump - ok
00:49:39.0703 3960 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
00:49:39.0734 3960 PCIIde - ok
00:49:40.0421 3960 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:49:40.0531 3960 Pcmcia - ok
00:49:40.0953 3960 PDCOMP - ok
00:49:41.0531 3960 PDFRAME - ok
00:49:42.0359 3960 PDRELI - ok
00:49:43.0125 3960 PDRFRAME - ok
00:49:44.0515 3960 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
00:49:44.0546 3960 perc2 - ok
00:49:45.0031 3960 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
00:49:45.0031 3960 perc2hib - ok
00:49:45.0656 3960 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:49:45.0687 3960 PptpMiniport - ok
00:49:46.0109 3960 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:49:46.0140 3960 PSched - ok
00:49:46.0687 3960 PsSdk41 (0c234a4a2fbab98e5e1bafaf3e3e403a) C:\WINDOWS\system32\Drivers\pssdk41.sys
00:49:46.0703 3960 PsSdk41 - ok
00:49:47.0031 3960 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:49:47.0031 3960 Ptilink - ok
00:49:47.0531 3960 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
00:49:47.0546 3960 PxHelp20 - ok
00:49:47.0968 3960 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
00:49:47.0984 3960 ql1080 - ok
00:49:48.0500 3960 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
00:49:48.0500 3960 Ql10wnt - ok
00:49:48.0875 3960 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
00:49:48.0890 3960 ql12160 - ok
00:49:49.0375 3960 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
00:49:49.0390 3960 ql1240 - ok
00:49:49.0796 3960 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
00:49:49.0812 3960 ql1280 - ok
00:49:50.0156 3960 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:49:50.0156 3960 RasAcd - ok
00:49:50.0656 3960 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:49:50.0671 3960 Rasl2tp - ok
00:49:51.0031 3960 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:49:51.0046 3960 RasPppoe - ok
00:49:51.0515 3960 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:49:51.0515 3960 Raspti - ok
00:49:51.0937 3960 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:49:51.0984 3960 Rdbss - ok
00:49:52.0468 3960 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:49:52.0468 3960 RDPCDD - ok
00:49:52.0953 3960 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:49:53.0015 3960 rdpdr - ok
00:49:53.0484 3960 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
00:49:53.0531 3960 RDPWD - ok
00:49:53.0906 3960 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:49:53.0937 3960 redbook - ok
00:49:54.0296 3960 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
00:49:54.0421 3960 Revoflt - ok
00:49:54.0796 3960 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:49:54.0812 3960 Secdrv - ok
00:49:55.0156 3960 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
00:49:55.0156 3960 serenum - ok
00:49:55.0656 3960 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
00:49:55.0687 3960 Serial - ok
00:49:56.0078 3960 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:49:56.0078 3960 Sfloppy - ok
00:49:56.0500 3960 Simbad - ok
00:49:56.0812 3960 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
00:49:56.0828 3960 sisagp - ok
00:49:57.0109 3960 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
00:49:57.0109 3960 SLIP - ok
00:49:57.0593 3960 smhwdev (2a0bde6dd58ac2935a80f984b3af0b0e) C:\WINDOWS\system32\DRIVERS\smhwdev.sys
00:49:57.0625 3960 smhwdev - ok
00:49:57.0984 3960 smhwser (54b5dd15eef72aee8d1c765ab2235610) C:\WINDOWS\system32\DRIVERS\smhwser.sys
00:49:58.0015 3960 smhwser - ok
00:49:58.0484 3960 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
00:49:58.0484 3960 Sparrow - ok
00:49:58.0859 3960 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:49:58.0875 3960 splitter - ok
00:49:59.0250 3960 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
00:49:59.0265 3960 sr - ok
00:49:59.0937 3960 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\NAV\1109000.00C\SRTSP.SYS
00:50:00.0046 3960 SRTSP - ok
00:50:00.0562 3960 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\NAV\1109000.00C\SRTSPX.SYS
00:50:00.0578 3960 SRTSPX - ok
00:50:01.0078 3960 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
00:50:01.0187 3960 Srv - ok
00:50:01.0687 3960 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
00:50:01.0703 3960 streamip - ok
00:50:02.0046 3960 SunkFilt (9152dc78005a58a17e79390aa0853bb1) C:\WINDOWS\System32\Drivers\sunkfilt.sys
00:50:02.0062 3960 SunkFilt - ok
00:50:02.0562 3960 SunkFilt39 (ed67900e1553b2fc56daa64aab4b304f) C:\WINDOWS\System32\Drivers\sunkfilt39.sys
00:50:02.0578 3960 SunkFilt39 - ok
00:50:02.0937 3960 Sunkfiltp - ok
00:50:03.0171 3960 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:50:03.0171 3960 swenum - ok
00:50:03.0640 3960 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:50:03.0656 3960 swmidi - ok
00:50:04.0031 3960 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
00:50:04.0046 3960 symc810 - ok
00:50:04.0500 3960 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
00:50:04.0515 3960 symc8xx - ok
00:50:05.0031 3960 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\NAV\1109000.00C\SYMDS.SYS
00:50:05.0140 3960 SymDS - ok
00:50:05.0828 3960 SymEFA (10ba64273feff4df0a7ccb0ff3b9b26b) C:\WINDOWS\system32\drivers\NAV\1109000.00C\SYMEFA.SYS
00:50:05.0890 3960 SymEFA - ok
00:50:06.0265 3960 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
00:50:06.0312 3960 SymEvent - ok
00:50:06.0750 3960 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\NAV\1109000.00C\Ironx86.SYS
00:50:06.0781 3960 SymIRON - ok
00:50:07.0296 3960 SYMTDI (be6de8fbf2df9f13a90b8b6e943871b7) C:\WINDOWS\System32\Drivers\NAV\1109000.00C\SYMTDI.SYS
00:50:07.0421 3960 SYMTDI - ok
00:50:07.0796 3960 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
00:50:07.0796 3960 sym_hi - ok
00:50:08.0171 3960 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
00:50:08.0171 3960 sym_u3 - ok
00:50:08.0531 3960 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:50:08.0562 3960 sysaudio - ok
00:50:08.0953 3960 tap0901 (2d6bf6c02111f9cf9faf8acfb933dd78) C:\WINDOWS\system32\DRIVERS\tap0901.sys
00:50:08.0953 3960 tap0901 - ok
00:50:09.0312 3960 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
00:50:09.0312 3960 taphss - ok
00:50:09.0812 3960 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:50:09.0937 3960 Tcpip - ok
00:50:10.0265 3960 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:50:10.0281 3960 TDPIPE - ok
00:50:10.0609 3960 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:50:10.0609 3960 TDTCP - ok
00:50:11.0234 3960 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:50:11.0250 3960 TermDD - ok
00:50:11.0593 3960 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
00:50:11.0593 3960 TosIde - ok
00:50:11.0968 3960 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:50:12.0000 3960 Udfs - ok
00:50:12.0328 3960 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
00:50:12.0343 3960 ultra - ok
00:50:12.0859 3960 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:50:13.0015 3960 Update - ok
00:50:13.0390 3960 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
00:50:13.0406 3960 USBAAPL - ok
00:50:13.0750 3960 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
00:50:13.0765 3960 usbaudio - ok
00:50:14.0125 3960 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:50:14.0140 3960 usbccgp - ok
00:50:14.0484 3960 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:50:14.0500 3960 usbehci - ok
00:50:14.0859 3960 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:50:14.0875 3960 usbhub - ok
00:50:15.0218 3960 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:50:15.0218 3960 usbscan - ok
00:50:15.0562 3960 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:50:15.0578 3960 USBSTOR - ok
00:50:15.0937 3960 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:50:15.0937 3960 usbuhci - ok
00:50:16.0296 3960 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:50:16.0312 3960 VgaSave - ok
00:50:16.0671 3960 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
00:50:16.0687 3960 viaagp - ok
00:50:17.0046 3960 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
00:50:17.0062 3960 ViaIde - ok
00:50:17.0421 3960 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
00:50:17.0437 3960 VolSnap - ok
00:50:17.0828 3960 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:50:17.0843 3960 Wanarp - ok
00:50:18.0156 3960 wanatw - ok
00:50:18.0671 3960 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
00:50:18.0828 3960 Wdf01000 - ok
00:50:19.0140 3960 WDICA - ok
00:50:19.0406 3960 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:50:19.0437 3960 wdmaud - ok
00:50:20.0031 3960 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
00:50:20.0250 3960 winachsf - ok
00:50:20.0656 3960 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
00:50:20.0671 3960 WpdUsb - ok
00:50:21.0031 3960 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
00:50:21.0062 3960 WS2IFSL - ok
00:50:21.0406 3960 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
00:50:21.0406 3960 WSTCODEC - ok
00:50:21.0765 3960 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:50:21.0796 3960 WudfPf - ok
00:50:22.0156 3960 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:50:22.0187 3960 WudfRd - ok
00:50:22.0250 3960 X4HSX32 - ok
00:50:22.0593 3960 xusb21 (ee9144207ee0211eb5656ba6808ac4a0) C:\WINDOWS\system32\DRIVERS\xusb21.sys
00:50:22.0625 3960 xusb21 - ok
00:50:22.0968 3960 zumbus - ok
00:50:23.0000 3960 MBR (0x1B8) (b20939cd98b7710036274839082ae757) \Device\Harddisk0\DR0
00:50:23.0031 3960 \Device\Harddisk0\DR0 - ok
00:50:23.0062 3960 Boot (0x1200) (234197336b1fe08b60c8eca1e88cea3e) \Device\Harddisk0\DR0\Partition0
00:50:23.0062 3960 \Device\Harddisk0\DR0\Partition0 - ok
00:50:23.0093 3960 Boot (0x1200) (7ce6d5ab79ef58e57b86c46505075fef) \Device\Harddisk0\DR0\Partition1
00:50:23.0093 3960 \Device\Harddisk0\DR0\Partition1 - ok
00:50:23.0093 3960 ============================================================
00:50:23.0093 3960 Scan finished
00:50:23.0093 3960 ============================================================
00:50:23.0125 1772 Detected object count: 0
00:50:23.0125 1772 Actual detected object count: 0











Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.14.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: COMPUTER [administrator]

3/20/2012 11:57:03 PM
mbam-log-2012-03-20 (23-57-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 181295
Time elapsed: 26 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCR\FilmFanatic.DataControl (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\FilmFanatic.DataControl.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:04 PM

Posted 21 March 2012 - 09:12 AM

Are you on a router? Are other machines on it,if so are they redirecting?

Do you use Firefox?

There are 4 toolbars in the Installed programs list. I would uninstall them thru the Control Panel>>Add /Remove ,unless you actually use them. They are generally spyware.

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Jr6x

Jr6x
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 10 April 2012 - 08:15 PM

I'm on a 2wire. No other machine is redirecting.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:04 PM

Posted 10 April 2012 - 08:26 PM

Appears to be a rootkit in the partition.. We need special tools to get this.

We need a deeper look. Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Jr6x

Jr6x
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 10 April 2012 - 08:29 PM

GooredFix by jpshortstuff (03.07.10.1)
Log created at 18:27 on 10/04/2012 (Owner)
Firefox version 5.0.1 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
GameTapPlayer@gametap.com [23:55 17/10/2011]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [22:55 21/07/2010]

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v0i82lgr.default\extensions\
{3112ca9c-de6d-4884-a869-9855de68056c} [04:10 04/06/2011]
{7affbfae-c4e2-4915-8c0f-00fa3ec610a1} [20:57 07/03/2012]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [11:40 24/07/2010]
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"="C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5" [09:38 30/08/2011]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [07:02 15/03/2012]
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\" [07:44 03/04/2012]
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\" [17:56 10/04/2012]

---------- Old Logs ----------
GooredFix[01.27.04_11-04-2012].txt

-=E.O.F=-

ok

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:04 PM

Posted 10 April 2012 - 08:32 PM

We need to move ...It's obviously hidden or protected.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Jr6x

Jr6x
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 10 April 2012 - 08:53 PM

ok




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users