Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser randomly hijacked


  • Please log in to reply
13 replies to this topic

#1 vwgn

vwgn

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 23 March 2012 - 05:57 PM

Other hijacking posts seem to be just one issue. Mine is a bit more, or maybe I am at the end of my rope and it all seems so massive!

My norton AV expired, and wife did the "remind me later" option on alert. I dont know how long it went without AV protection but it couldnt have been more than a couple days (I know, it only takes 1 minute). My kids were playing a game, when they announced that the internet had closed (browser crash) and computer wasnt working. I look over to discover the Security Tools/Suite 2012, fake AV software scanning and declaring my computer full of trojans, spyware and porn bots etc! I know of these fakes so I immediately just force shut the computer down with power button. I booted it in safe mode, got on the phone to norton, and got a tech to remote handle getting malware bytes and eradicating the intruder, as well as installing Norton AV renewal/update and getting all that current. A full system scan with Norton 2012 showed all clean. I double checked it with Spybot S&D for an all clear too. I uninstalled malware bytes as I wasnt familiar with it, and the norton / Spybot combo had been fine before this incident in keeping me free of any issues for a few years. Computer was working great for a week (I work from home and I am on it 4-5 hours a day at least).

Now Firefox (latest version) keeps getting hijacked when I do google searches. It typically goes to a site called gimmie answers com when I click on google search results. Norton full scan shows system clean. Spybot s&d will intermittently remove tracking cookies, and Malwate bytes (reinstalled it) will show clean! I uninstalled malware bytes again, installed ad-aware/lavasoft, and it found something, and cleaned it. not a full day went by, and its back again. Intermittently it will go to a site called smart search? and another that starts with an h and has some rainbow color schemes (I backed out too fast to see the name. It alternates between spybot and adaware as to which one will find something on a scan and rectify the problem for a day. In all of this I called Norton back, and the tech walked me through getting norton power eraser. it will intermittently find something low risk, but usually shows clean on each scan.

Norton then said I could pay them AGAIN to remove the virus since this was a difficult one, when I paid them a week prior to clean my system and bought software from them that is supposed to prevent the infection in the first place!!! I should also note, several days after my initial infection, my hotmail acct started sending spam to my contacts. I am VERY aware of phishing and never enter my login etc if I am not sure its the legit site, so I suspect this browser hijack also grabbed my login.

After several days of google searching to get urls then manually enter them, because I am scared to click a link, I got google chrome because I read that it is immune to many of these hijacking attacks. So far (a day in) it has been immune, while firefox is currently infected.

I would be ok with uninstalling FF and forgetting about it, but that means theres still probably a virus on my PC and I dont want that because who knows what its doing. I am starting to grow concerned that the original security 2012 infection was never fully cleared and theres probably some serious something happening on my computer. I just dont see it yet. I am tired of downloading ineffective software, and having software I paid for trying to charge me to remove what should have been prevented in the first place!

Im open to any suggestions because this has been very stressful and I just want my computer to be normal again.

I am running Windows XP pro w/service pack 3, on a Dell Dimension.

BC AdBot (Login to Remove)

 


#2 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:40 AM

Posted 23 March 2012 - 07:40 PM

Hello,

I will be helping you with your problem

Step 1

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Step 2


Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Edited by dev00790, 23 March 2012 - 07:41 PM.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#3 vwgn

vwgn
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 24 March 2012 - 01:39 PM

Mini toolbox reported this log file after running:


MiniToolBox by Farbar Version: 18-01-2012
Ran by Tom Pablo (administrator) on 24-03-2012 at 13:32:29
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: stm-proxy.crefs.capital.ge.com:80

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection 2 (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : J-Jones

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : gateway.2wire.net



Ethernet adapter Local Area Connection 2:



Connection-specific DNS Suffix . : gateway.2wire.net

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-12-3F-70-98-DF

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.64

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.254

DHCP Server . . . . . . . . . . . : 192.168.1.254

DNS Servers . . . . . . . . . . . : 192.168.1.254

Lease Obtained. . . . . . . . . . : Saturday, March 24, 2012 6:14:39 AM

Lease Expires . . . . . . . . . . : Sunday, March 25, 2012 6:14:39 AM

Server: homeportal
Address: 192.168.1.254

Name: google.com
Addresses: 74.125.227.98, 74.125.227.99, 74.125.227.100, 74.125.227.101
74.125.227.102, 74.125.227.103, 74.125.227.104, 74.125.227.105, 74.125.227.110
74.125.227.96, 74.125.227.97



Pinging google.com [74.125.227.97] with 32 bytes of data:



Reply from 74.125.227.97: bytes=32 time=24ms TTL=53

Reply from 74.125.227.97: bytes=32 time=25ms TTL=52



Ping statistics for 74.125.227.97:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 24ms, Maximum = 25ms, Average = 24ms

Server: homeportal
Address: 192.168.1.254

Name: yahoo.com
Addresses: 72.30.38.140, 98.139.183.24, 209.191.122.70



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=61ms TTL=42

Reply from 209.191.122.70: bytes=32 time=59ms TTL=42



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 59ms, Maximum = 61ms, Average = 60ms

Server: homeportal
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 12 3f 70 98 df ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.64 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.64 192.168.1.64 20
192.168.1.0 255.255.255.0 192.168.1.64 192.168.1.64 20
192.168.1.64 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.64 192.168.1.64 20
224.0.0.0 240.0.0.0 192.168.1.64 192.168.1.64 20
255.255.255.255 255.255.255.255 192.168.1.64 192.168.1.64 1
Default Gateway: 192.168.1.254
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/22/2012 10:44:05 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (03/22/2012 10:44:05 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (03/22/2012 10:44:05 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (03/21/2012 07:12:51 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (03/21/2012 07:12:51 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (03/21/2012 07:12:51 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (03/20/2012 00:34:06 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (03/20/2012 00:34:06 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (03/20/2012 00:34:06 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (03/19/2012 10:42:34 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle


System errors:
=============
Error: (03/20/2012 00:35:06 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (03/18/2012 10:51:43 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
iastor

Error: (03/18/2012 01:45:00 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
iastor

Error: (03/18/2012 01:41:39 AM) (Source: DCOM) (User: Tom Pablo)
Description: The server {9E14B23B-5D8A-447F-B962-6D6D6897861E} did not register with DCOM within the required timeout.

Error: (03/16/2012 03:26:59 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the QBCFMonitorService service to connect.

Error: (03/15/2012 10:01:59 PM) (Source: PlugPlayManager) (User: )
Description: The device Root\LEGACY_SMR250\0000 disappeared from the system without first being prepared for removal.

Error: (03/15/2012 05:11:35 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
iastor

Error: (03/15/2012 00:26:09 AM) (Source: DCOM) (User: Tom Pablo)
Description: The server {9E14B23B-5D8A-447F-B962-6D6D6897861E} did not register with DCOM within the required timeout.

Error: (03/14/2012 07:02:41 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
iastor

Error: (03/14/2012 06:39:01 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
iastor


Microsoft Office Sessions:
=========================
Error: (03/22/2012 10:44:05 AM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (03/22/2012 10:44:05 AM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (03/22/2012 10:44:05 AM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (03/21/2012 07:12:51 PM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (03/21/2012 07:12:51 PM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (03/21/2012 07:12:51 PM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (03/20/2012 00:34:06 PM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (03/20/2012 00:34:06 PM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (03/20/2012 00:34:06 PM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (03/19/2012 10:42:34 PM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle


=========================== Installed Programs ============================

Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.2.443)
Ad-Aware (Version: 9.0.7)
Adobe Acrobat 9 Pro - English, Français, Deutsch (Version: 9.5.0)
Adobe Acrobat 9.5.0 - CPSID_83708
Adobe AIR (Version: 3.1.0.4880)
Adobe Anchor Service CS4 (Version: 2.0)
Adobe Asset Services CS4 (Version: 4)
Adobe Bridge CS4 (Version: 3)
Adobe CMaps CS4 (Version: 2.0)
Adobe Color - Photoshop Specific CS4 (Version: 2.0)
Adobe Color EU Extra Settings CS4 (Version: 2.0)
Adobe Color JA Extra Settings CS4 (Version: 2.0)
Adobe Color NA Recommended Settings CS4 (Version: 2.0)
Adobe Color Video Profiles CS CS4 (Version: 2.0)
Adobe Contribute CS4 (Version: 5.0)
Adobe Creative Suite 4 Web Premium (Version: 4.0)
Adobe CS4 American English Speech Analysis Models (Version: 1)
Adobe CS4 French Speech Analysis Models (Version: 1)
Adobe CS4 German Speech Analysis Models (Version: 1)
Adobe CS4 International English Speech Analysis Models (Version: 1)
Adobe CS4 Italian Speech Analysis Models (Version: 1)
Adobe CS4 Japanese Speech Analysis Models (Version: 1)
Adobe CS4 Korean Speech Analysis Models (Version: 1)
Adobe CS4 Spanish Speech Analysis Models (Version: 1)
Adobe CSI CS4 (Version: 1)
Adobe Default Language CS4 (Version: 2.0)
Adobe Device Central CS4 (Version: 2)
Adobe Digital Editions
Adobe Dreamweaver CS4 (Version: 10.0)
Adobe Drive CS4 (Version: 1)
Adobe Dynamiclink Support (Version: 1)
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0)
Adobe Extension Manager CS4 (Version: 2.0)
Adobe Fireworks CS4 (Version: 10.0)
Adobe Flash CS4 (Version: 10.0)
Adobe Flash CS4 Extension - Flash Lite STI en (Version: 3.0)
Adobe Flash CS4 STI-en (Version: 10.0)
Adobe Flash Player 11 Plugin (Version: 11.1.102.63)
Adobe Fonts All (Version: 2.0)
Adobe Illustrator CS4 (Version: 14.0)
Adobe Linguistics CS4 (Version: 4.0.0)
Adobe Media Encoder CS4 (Version: 1.0)
Adobe Media Encoder CS4 Importer (Version: 1.0)
Adobe Media Player (Version: 0.0.0)
Adobe Media Player (Version: 1.1)
Adobe Output Module (Version: 2.0)
Adobe PDF Library Files CS4 (Version: 9.0)
Adobe Photoshop CS4 (Version: 11.0)
Adobe Photoshop CS4 Support (Version: 11.0)
Adobe Photoshop Lightroom 2.7 (Version: 2.7)
Adobe Photoshop Lightroom 3.6 (Version: 3.6.1)
Adobe Search for Help (Version: 1.0)
Adobe Service Manager Extension (Version: 1.0)
Adobe Setup (Version: 2.0)
Adobe Soundbooth CS4 (Version: 2)
Adobe Soundbooth CS4 Codecs (Version: 2)
Adobe Type Support CS4 (Version: 9.0)
Adobe Update Manager CS4 (Version: 6.0.0)
Adobe Version Cue CS4 Server (Version: 4.0)
Adobe WinSoft Linguistics Plugin (Version: 1.1)
Adobe XMP Panels CS4 (Version: 2.0)
AdobeColorCommonSetCMYK (Version: 2.0)
AdobeColorCommonSetRGB (Version: 2.0)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
ATI - Software Uninstall Utility (Version: 6.14.10.1012)
ATI Control Panel (Version: 6.14.10.5145)
ATI Display Driver (Version: 8.122-050329a-022390C-Dell)
Bonjour (Version: 3.0.0.10)
CamStudio
ColorChecker Passport 1.0.2
Connect (Version: 1.0.0.1)
Coupon Printer for Windows (Version: 5.0.0.0)
Cricut CraftRoom (Version: 1.0.109)
Cricut CraftRoom (Version: v1.0 build-109)
Cricut DesignStudio
EPSON Scan
EPSON WorkForce 500 Series Printer Uninstall
eZsuite (Version: 3.4.2.0)
Facebook Plug-In
Google Chrome (Version: 17.0.963.83)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
ImageMagick 6.5.8-8 Q16 (2010-01-01) (Version: 6.5.8)
Intel® PRO Network Connections Drivers
iTunes (Version: 10.5.2.11)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
kuler (Version: 2.0)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Miller's Albums and Books (Version: 1.255)
Miller's Albums and Books (Version: 1.995)
Miller's Remote Suite (PLUS)
Millers Remote Studio (Version: 6.37.0000)
Millers Sports and Events (Version: 1.123)
Mozilla Firefox 11.0 (x86 en-US) (Version: 11.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
Norton Internet Security (Version: 19.6.1.8)
OpenOffice.org 3.1 (Version: 3.1.9420)
OverDrive Media Console (Version: 3.2.5)
PDF Settings CS4 (Version: 9.0)
Photoshop Camera Raw (Version: 5.0)
Pixel Bender Toolkit (Version: 1.0)
QuickBooks (Version: 22.0.4001.2206)
QuickBooks Pro 2012 (Version: 22.0.4001.2206)
QuickTime (Version: 7.71.80.42)
SigmaTel Audio (Version: 5.10.4350)
SmartSound Quicktracks for Premiere Elements 8.0 (Version: 3.11.3090)
Sony Image Data Suite (Version: 3.1.01.02251)
Spybot - Search & Destroy (Version: 1.6.2)
Suite Shared Configuration CS4 (Version: 1.0)
SupportSoft Assisted Service (Version: 15)
Topaz Adjust 3 (Version: 3.4)
Topaz Denoise 3 (Version: 3.0.1)
Topaz InFocus (Version: 1.0.0)
Topaz ReMask 3 (Version: 3.2.0)
Topaz Simplify 3 (Version: 3.0.2)
Unity Web Player (Version: 2.6.1f3_31223)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB982664) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
USB 2.0 Wireless LAN Card Utility (Version: 8.1.55)
WebFldrs XP (Version: 9.50.7523)
Windows Defender (Version: 1.1.1593.21)
Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16) (Version: 02/17/2009 2.04.16)
Windows Driver Package - FTDI CDM Driver Package (06/27/2007 2.02.04) (Version: 06/27/2007 2.02.04)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
XML Paper Specification Shared Components Pack 1.0

========================= Devices: ================================

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : This device is not configured correctly. (Code1)
Resolution: You may be prompted to provide the path of the driver. Windows may have the driver built-in, or may still have the driver files installed from the last time that you set up the device. If you are asked for the driver and you do not have it, you can try to download the latest driver from the hardware vendor’s Web site.
In the device properties dialog box, click the "Driver" tab, and then click "Update Driver" to start the "Hardware Update Wizard". Follow the instructions to update the driver. If updating the driver does not work, see your hardware documentation for more information.


========================= Memory info: ===================================

Percentage of memory in use: 31%
Total physical RAM: 3710.09 MB
Available physical RAM: 2523.6 MB
Total Pagefile: 5079.66 MB
Available Pagefile: 3912.53 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.07 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:461.75 GB) (Free:364.29 GB) NTFS
7 Drive i: (HD-CEU2) (Fixed) (Total:465.65 GB) (Free:30.52 GB) FAT32
8 Drive k: (Expansion Drive) (Fixed) (Total:931.51 GB) (Free:391.11 GB) NTFS
10 Drive v: (Storage 1) (Fixed) (Total:465.76 GB) (Free:3.92 GB) NTFS
11 Drive w: (V Backup) (Fixed) (Total:465.76 GB) (Free:53.58 GB) NTFS

========================= Users: ========================================

User accounts for \\J-JONES

Administrator ASPNET Guest
HelpAssistant SUPPORT_388945a0 Tom Pablo

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini010210-01.dmp
C:\WINDOWS\Minidump\Mini010210-02.dmp
C:\WINDOWS\Minidump\Mini010210-03.dmp
C:\WINDOWS\Minidump\Mini010510-01.dmp
C:\WINDOWS\Minidump\Mini010510-02.dmp
C:\WINDOWS\Minidump\Mini012510-01.dmp
C:\WINDOWS\Minidump\Mini012710-01.dmp
C:\WINDOWS\Minidump\Mini012810-01.dmp
C:\WINDOWS\Minidump\Mini020110-01.dmp
C:\WINDOWS\Minidump\Mini020110-02.dmp
C:\WINDOWS\Minidump\Mini020210-01.dmp
C:\WINDOWS\Minidump\Mini020210-02.dmp
C:\WINDOWS\Minidump\Mini122710-01.dmp

**** End of log ****

#4 vwgn

vwgn
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 24 March 2012 - 01:45 PM

TDSS reported no items found after scanning. Here is the log file:


13:35:47.0703 3712 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
13:35:48.0500 3712 ============================================================
13:35:48.0500 3712 Current date / time: 2012/03/24 13:35:48.0500
13:35:48.0500 3712 SystemInfo:
13:35:48.0500 3712
13:35:48.0500 3712 OS Version: 5.1.2600 ServicePack: 3.0
13:35:48.0500 3712 Product type: Workstation
13:35:48.0500 3712 ComputerName: J-JONES
13:35:48.0500 3712 UserName: Tom Pablo
13:35:48.0500 3712 Windows directory: C:\WINDOWS
13:35:48.0500 3712 System windows directory: C:\WINDOWS
13:35:48.0500 3712 Processor architecture: Intel x86
13:35:48.0500 3712 Number of processors: 2
13:35:48.0500 3712 Page size: 0x1000
13:35:48.0500 3712 Boot type: Normal boot
13:35:48.0500 3712 ============================================================
13:35:50.0781 3712 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:35:50.0796 3712 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:35:50.0812 3712 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:35:50.0812 3712 Drive \Device\Harddisk3\DR8 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:35:50.0843 3712 Drive \Device\Harddisk8\DR13 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:35:50.0843 3712 \Device\Harddisk0\DR0:
13:35:50.0843 3712 MBR used
13:35:50.0843 3712 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x39B828B9
13:35:50.0843 3712 \Device\Harddisk1\DR1:
13:35:50.0843 3712 MBR used
13:35:50.0843 3712 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
13:35:50.0843 3712 \Device\Harddisk2\DR2:
13:35:50.0843 3712 MBR used
13:35:50.0843 3712 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
13:35:50.0843 3712 \Device\Harddisk3\DR8:
13:35:50.0843 3712 MBR used
13:35:50.0843 3712 \Device\Harddisk3\DR8\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C02
13:35:50.0843 3712 \Device\Harddisk8\DR13:
13:35:50.0843 3712 MBR used
13:35:50.0843 3712 \Device\Harddisk8\DR13\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
13:35:51.0109 3712 Initialize success
13:35:51.0109 3712 ============================================================
13:36:05.0234 1944 ============================================================
13:36:05.0234 1944 Scan started
13:36:05.0234 1944 Mode: Manual;
13:36:05.0234 1944 ============================================================
13:36:05.0750 1944 Abiosdsk - ok
13:36:05.0765 1944 abp480n5 - ok
13:36:05.0796 1944 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:36:05.0796 1944 ACPI - ok
13:36:05.0828 1944 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:36:05.0843 1944 ACPIEC - ok
13:36:05.0921 1944 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\WINDOWS\system32\drivers\adfs.sys
13:36:05.0921 1944 adfs - ok
13:36:06.0046 1944 Adobe Version Cue CS4 (9444a3530c2e88b7ed96a566ff9ccc13) C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
13:36:06.0046 1944 Adobe Version Cue CS4 - ok
13:36:06.0093 1944 adpu160m - ok
13:36:06.0140 1944 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:36:06.0140 1944 aec - ok
13:36:06.0171 1944 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
13:36:06.0171 1944 AegisP - ok
13:36:06.0265 1944 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:36:06.0281 1944 AFD - ok
13:36:06.0281 1944 Aha154x - ok
13:36:06.0296 1944 aic78u2 - ok
13:36:06.0296 1944 aic78xx - ok
13:36:06.0343 1944 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
13:36:06.0343 1944 Alerter - ok
13:36:06.0390 1944 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
13:36:06.0390 1944 ALG - ok
13:36:06.0390 1944 AliIde - ok
13:36:06.0406 1944 amsint - ok
13:36:06.0500 1944 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:36:06.0500 1944 Apple Mobile Device - ok
13:36:06.0578 1944 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
13:36:06.0593 1944 AppMgmt - ok
13:36:06.0593 1944 asc - ok
13:36:06.0609 1944 asc3350p - ok
13:36:06.0609 1944 asc3550 - ok
13:36:06.0703 1944 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:36:06.0703 1944 aspnet_state - ok
13:36:06.0781 1944 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:36:06.0781 1944 AsyncMac - ok
13:36:06.0796 1944 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:36:06.0796 1944 atapi - ok
13:36:06.0812 1944 Atdisk - ok
13:36:06.0859 1944 Ati HotKey Poller (68ccf9573df16bce2236e07c430e607d) C:\WINDOWS\system32\Ati2evxx.exe
13:36:06.0859 1944 Ati HotKey Poller - ok
13:36:06.0937 1944 ATI Smart (5b8e2189d5fe9ed9b94e2249eb358a8a) C:\WINDOWS\system32\ati2sgag.exe
13:36:06.0937 1944 ATI Smart - ok
13:36:06.0984 1944 ati2mtag (5b9320783e76a46ef97734f113a82ad8) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
13:36:07.0000 1944 ati2mtag - ok
13:36:07.0015 1944 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:36:07.0015 1944 Atmarpc - ok
13:36:07.0109 1944 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
13:36:07.0109 1944 AudioSrv - ok
13:36:07.0156 1944 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:36:07.0156 1944 audstub - ok
13:36:07.0203 1944 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:36:07.0203 1944 Beep - ok
13:36:07.0421 1944 BHDrvx86 (eb7f1f1dfa95c25d762c22d3cf13d4e0) C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120317.002\BHDrvx86.sys
13:36:07.0437 1944 BHDrvx86 - ok
13:36:07.0546 1944 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
13:36:07.0562 1944 BITS - ok
13:36:07.0640 1944 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
13:36:07.0656 1944 Bonjour Service - ok
13:36:07.0734 1944 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
13:36:07.0734 1944 Browser - ok
13:36:07.0765 1944 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:36:07.0765 1944 cbidf2k - ok
13:36:07.0828 1944 ccSet_NIS (599e7f6259a127c174c49938d2aa6a60) C:\WINDOWS\system32\drivers\NIS\1306020.00A\ccSetx86.sys
13:36:07.0843 1944 ccSet_NIS - ok
13:36:07.0890 1944 cd20xrnt - ok
13:36:07.0906 1944 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:36:07.0906 1944 Cdaudio - ok
13:36:07.0968 1944 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:36:07.0968 1944 Cdfs - ok
13:36:08.0109 1944 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:36:08.0109 1944 Cdrom - ok
13:36:08.0250 1944 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
13:36:08.0250 1944 cercsr6 - ok
13:36:08.0265 1944 Changer - ok
13:36:08.0296 1944 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
13:36:08.0296 1944 CiSvc - ok
13:36:08.0328 1944 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
13:36:08.0328 1944 ClipSrv - ok
13:36:08.0468 1944 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:36:08.0468 1944 clr_optimization_v2.0.50727_32 - ok
13:36:08.0562 1944 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:36:08.0609 1944 clr_optimization_v4.0.30319_32 - ok
13:36:08.0656 1944 CmdIde - ok
13:36:08.0656 1944 COMSysApp - ok
13:36:08.0671 1944 Cpqarray - ok
13:36:08.0703 1944 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
13:36:08.0718 1944 CryptSvc - ok
13:36:08.0734 1944 dac2w2k - ok
13:36:08.0750 1944 dac960nt - ok
13:36:08.0812 1944 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
13:36:08.0812 1944 DcomLaunch - ok
13:36:08.0890 1944 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
13:36:08.0890 1944 Dhcp - ok
13:36:08.0906 1944 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:36:08.0906 1944 Disk - ok
13:36:08.0906 1944 dmadmin - ok
13:36:08.0953 1944 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:36:08.0953 1944 dmboot - ok
13:36:09.0078 1944 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:36:09.0078 1944 dmio - ok
13:36:09.0125 1944 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:36:09.0125 1944 dmload - ok
13:36:09.0140 1944 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
13:36:09.0140 1944 dmserver - ok
13:36:09.0156 1944 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:36:09.0156 1944 DMusic - ok
13:36:09.0203 1944 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
13:36:09.0218 1944 Dnscache - ok
13:36:09.0265 1944 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
13:36:09.0265 1944 Dot3svc - ok
13:36:09.0296 1944 dpti2o - ok
13:36:09.0359 1944 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:36:09.0359 1944 drmkaud - ok
13:36:09.0421 1944 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
13:36:09.0421 1944 E100B - ok
13:36:09.0515 1944 e1express (0849eacdc01487573add86f5e470806c) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
13:36:09.0515 1944 e1express - ok
13:36:09.0546 1944 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
13:36:09.0546 1944 EapHost - ok
13:36:09.0625 1944 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
13:36:09.0625 1944 eeCtrl - ok
13:36:09.0750 1944 EPSON_EB_RPCV4_01 (ec6a73cd8413f68655e5e0b99c415a21) C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
13:36:09.0750 1944 EPSON_EB_RPCV4_01 - ok
13:36:09.0765 1944 EPSON_PM_RPCV4_01 (8fe6ab59cab8f2c038fea9522a5eeba7) C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
13:36:09.0765 1944 EPSON_PM_RPCV4_01 - ok
13:36:09.0859 1944 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
13:36:09.0859 1944 EraserUtilRebootDrv - ok
13:36:09.0937 1944 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
13:36:09.0937 1944 ERSvc - ok
13:36:10.0046 1944 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:36:10.0046 1944 Eventlog - ok
13:36:10.0062 1944 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
13:36:10.0078 1944 EventSystem - ok
13:36:10.0109 1944 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:36:10.0109 1944 Fastfat - ok
13:36:10.0203 1944 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:36:10.0203 1944 FastUserSwitchingCompatibility - ok
13:36:10.0265 1944 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
13:36:10.0265 1944 Fdc - ok
13:36:10.0328 1944 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:36:10.0328 1944 Fips - ok
13:36:10.0453 1944 FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:36:10.0453 1944 FLEXnet Licensing Service - ok
13:36:10.0593 1944 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
13:36:10.0593 1944 Flpydisk - ok
13:36:10.0609 1944 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:36:10.0609 1944 FltMgr - ok
13:36:10.0687 1944 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:36:10.0687 1944 FontCache3.0.0.0 - ok
13:36:10.0734 1944 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:36:10.0734 1944 Fs_Rec - ok
13:36:10.0781 1944 FTDIBUS (a36e8beedb3aaca09bf55a1d17904bc8) C:\WINDOWS\system32\drivers\ftdibus.sys
13:36:10.0781 1944 FTDIBUS - ok
13:36:10.0812 1944 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:36:10.0812 1944 Ftdisk - ok
13:36:10.0906 1944 FTSER2K (a14a1f4bb391df9c233cb5dbd05feb70) C:\WINDOWS\system32\drivers\ftser2k.sys
13:36:10.0906 1944 FTSER2K - ok
13:36:10.0937 1944 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:36:10.0937 1944 GEARAspiWDM - ok
13:36:11.0015 1944 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:36:11.0015 1944 Gpc - ok
13:36:11.0125 1944 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:36:11.0125 1944 HDAudBus - ok
13:36:11.0187 1944 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:36:11.0187 1944 helpsvc - ok
13:36:11.0250 1944 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
13:36:11.0250 1944 HidServ - ok
13:36:11.0296 1944 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:36:11.0296 1944 hidusb - ok
13:36:11.0343 1944 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
13:36:11.0359 1944 hkmsvc - ok
13:36:11.0359 1944 hpn - ok
13:36:11.0406 1944 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:36:11.0406 1944 HTTP - ok
13:36:11.0484 1944 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
13:36:11.0484 1944 HTTPFilter - ok
13:36:11.0500 1944 i2omgmt - ok
13:36:11.0500 1944 i2omp - ok
13:36:11.0546 1944 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
13:36:11.0546 1944 i8042prt - ok
13:36:11.0640 1944 iastor (294110966cedd127629c5be48367c8cf) C:\WINDOWS\system32\DRIVERS\iaStor.sys
13:36:11.0640 1944 iastor - ok
13:36:11.0734 1944 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:36:11.0750 1944 idsvc - ok
13:36:11.0953 1944 IDSxpx86 (cfbc1ce72e5353d428704659199147b1) C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120323.002\IDSxpx86.sys
13:36:11.0968 1944 IDSxpx86 - ok
13:36:12.0093 1944 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:36:12.0093 1944 Imapi - ok
13:36:12.0156 1944 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
13:36:12.0156 1944 ImapiService - ok
13:36:12.0187 1944 ini910u - ok
13:36:12.0203 1944 IntelIde - ok
13:36:12.0218 1944 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:36:12.0218 1944 intelppm - ok
13:36:12.0250 1944 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:36:12.0250 1944 Ip6Fw - ok
13:36:12.0343 1944 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:36:12.0343 1944 IpFilterDriver - ok
13:36:12.0359 1944 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:36:12.0359 1944 IpInIp - ok
13:36:12.0406 1944 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:36:12.0406 1944 IpNat - ok
13:36:12.0484 1944 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe
13:36:12.0500 1944 iPod Service - ok
13:36:12.0593 1944 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:36:12.0593 1944 IPSec - ok
13:36:12.0640 1944 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:36:12.0640 1944 IRENUM - ok
13:36:12.0671 1944 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:36:12.0671 1944 isapnp - ok
13:36:12.0781 1944 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
13:36:12.0781 1944 JavaQuickStarterService - ok
13:36:12.0828 1944 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:36:12.0828 1944 Kbdclass - ok
13:36:12.0921 1944 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:36:12.0921 1944 kbdhid - ok
13:36:12.0968 1944 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:36:12.0968 1944 kmixer - ok
13:36:13.0015 1944 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:36:13.0015 1944 KSecDD - ok
13:36:13.0109 1944 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
13:36:13.0109 1944 lanmanserver - ok
13:36:13.0125 1944 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
13:36:13.0125 1944 lanmanworkstation - ok
13:36:13.0250 1944 Lavasoft Ad-Aware Service (ea38136981c61c571d52c380daad46ef) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
13:36:13.0281 1944 Lavasoft Ad-Aware Service - ok
13:36:13.0343 1944 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
13:36:13.0343 1944 Lavasoft Kernexplorer - ok
13:36:13.0421 1944 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
13:36:13.0421 1944 Lbd - ok
13:36:13.0437 1944 lbrtfdc - ok
13:36:13.0484 1944 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
13:36:13.0484 1944 LmHosts - ok
13:36:13.0562 1944 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
13:36:13.0562 1944 Messenger - ok
13:36:13.0609 1944 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:36:13.0609 1944 mnmdd - ok
13:36:13.0671 1944 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
13:36:13.0671 1944 mnmsrvc - ok
13:36:13.0718 1944 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:36:13.0718 1944 Modem - ok
13:36:13.0828 1944 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:36:13.0828 1944 Mouclass - ok
13:36:13.0859 1944 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:36:13.0875 1944 mouhid - ok
13:36:13.0890 1944 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:36:13.0890 1944 MountMgr - ok
13:36:13.0890 1944 mraid35x - ok
13:36:13.0906 1944 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:36:13.0906 1944 MRxDAV - ok
13:36:13.0937 1944 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:36:13.0937 1944 MRxSmb - ok
13:36:14.0000 1944 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
13:36:14.0000 1944 MSDTC - ok
13:36:14.0078 1944 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:36:14.0078 1944 Msfs - ok
13:36:14.0093 1944 MSIServer - ok
13:36:14.0125 1944 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:36:14.0125 1944 MSKSSRV - ok
13:36:14.0125 1944 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:36:14.0125 1944 MSPCLOCK - ok
13:36:14.0203 1944 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:36:14.0203 1944 MSPQM - ok
13:36:14.0234 1944 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:36:14.0234 1944 mssmbios - ok
13:36:14.0281 1944 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:36:14.0281 1944 Mup - ok
13:36:14.0375 1944 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
13:36:14.0375 1944 napagent - ok
13:36:14.0593 1944 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120323.023\NAVENG.SYS
13:36:14.0593 1944 NAVENG - ok
13:36:14.0656 1944 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120323.023\NAVEX15.SYS
13:36:14.0671 1944 NAVEX15 - ok
13:36:14.0750 1944 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:36:14.0765 1944 NDIS - ok
13:36:14.0796 1944 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:36:14.0796 1944 NdisTapi - ok
13:36:14.0890 1944 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:36:14.0890 1944 Ndisuio - ok
13:36:14.0906 1944 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:36:14.0906 1944 NdisWan - ok
13:36:14.0968 1944 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:36:14.0968 1944 NDProxy - ok
13:36:15.0046 1944 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:36:15.0046 1944 NetBIOS - ok
13:36:15.0140 1944 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:36:15.0156 1944 NetBT - ok
13:36:15.0203 1944 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:36:15.0218 1944 NetDDE - ok
13:36:15.0218 1944 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:36:15.0218 1944 NetDDEdsdm - ok
13:36:15.0265 1944 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:36:15.0265 1944 Netlogon - ok
13:36:15.0343 1944 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
13:36:15.0343 1944 Netman - ok
13:36:15.0468 1944 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:36:15.0468 1944 NetTcpPortSharing - ok
13:36:15.0656 1944 NIS (7a02f128a454bb22e300f3f80bc1bd22) C:\Program Files\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
13:36:15.0656 1944 NIS - ok
13:36:15.0734 1944 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
13:36:15.0734 1944 Nla - ok
13:36:15.0781 1944 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:36:15.0781 1944 Npfs - ok
13:36:15.0796 1944 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:36:15.0796 1944 Ntfs - ok
13:36:15.0843 1944 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:36:15.0843 1944 NtLmSsp - ok
13:36:15.0921 1944 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
13:36:15.0921 1944 NtmsSvc - ok
13:36:15.0968 1944 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:36:15.0968 1944 Null - ok
13:36:16.0015 1944 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:36:16.0015 1944 NwlnkFlt - ok
13:36:16.0156 1944 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:36:16.0156 1944 NwlnkFwd - ok
13:36:16.0203 1944 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
13:36:16.0218 1944 Parport - ok
13:36:16.0265 1944 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:36:16.0265 1944 PartMgr - ok
13:36:16.0328 1944 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:36:16.0328 1944 ParVdm - ok
13:36:16.0359 1944 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:36:16.0359 1944 PCI - ok
13:36:16.0359 1944 PCIDump - ok
13:36:16.0390 1944 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:36:16.0390 1944 PCIIde - ok
13:36:16.0406 1944 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:36:16.0406 1944 Pcmcia - ok
13:36:16.0453 1944 PDCOMP - ok
13:36:16.0468 1944 PDFRAME - ok
13:36:16.0468 1944 PDRELI - ok
13:36:16.0484 1944 PDRFRAME - ok
13:36:16.0500 1944 perc2 - ok
13:36:16.0500 1944 perc2hib - ok
13:36:16.0562 1944 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:36:16.0562 1944 PlugPlay - ok
13:36:16.0640 1944 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:36:16.0640 1944 PolicyAgent - ok
13:36:16.0656 1944 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:36:16.0656 1944 PptpMiniport - ok
13:36:16.0703 1944 PRISMSVC (d5a9221f57656c99248d0b526e077bcf) C:\WINDOWS\system32\PRISMSVC.EXE
13:36:16.0703 1944 PRISMSVC - ok
13:36:16.0781 1944 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:36:16.0796 1944 ProtectedStorage - ok
13:36:16.0828 1944 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:36:16.0828 1944 PSched - ok
13:36:16.0843 1944 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:36:16.0843 1944 Ptilink - ok
13:36:16.0890 1944 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:36:16.0890 1944 PxHelp20 - ok
13:36:17.0015 1944 QBCFMonitorService (1431f734dcabc6edaa8791f067a144d9) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
13:36:17.0015 1944 QBCFMonitorService - ok
13:36:17.0062 1944 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
13:36:17.0062 1944 QBFCService - ok
13:36:17.0109 1944 QBVSS (25fc19badf78b7fb1d835aac4b0b91a5) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
13:36:17.0125 1944 QBVSS - ok
13:36:17.0187 1944 ql1080 - ok
13:36:17.0187 1944 Ql10wnt - ok
13:36:17.0203 1944 ql12160 - ok
13:36:17.0203 1944 ql1240 - ok
13:36:17.0218 1944 ql1280 - ok
13:36:17.0234 1944 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:36:17.0234 1944 RasAcd - ok
13:36:17.0265 1944 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
13:36:17.0265 1944 RasAuto - ok
13:36:17.0406 1944 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:36:17.0406 1944 Rasl2tp - ok
13:36:17.0453 1944 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
13:36:17.0453 1944 RasMan - ok
13:36:17.0515 1944 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:36:17.0515 1944 RasPppoe - ok
13:36:17.0531 1944 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:36:17.0531 1944 Raspti - ok
13:36:17.0562 1944 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:36:17.0578 1944 Rdbss - ok
13:36:17.0593 1944 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:36:17.0593 1944 RDPCDD - ok
13:36:17.0671 1944 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:36:17.0671 1944 rdpdr - ok
13:36:17.0734 1944 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
13:36:17.0734 1944 RDPWD - ok
13:36:17.0796 1944 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
13:36:17.0796 1944 RDSessMgr - ok
13:36:17.0843 1944 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:36:17.0843 1944 redbook - ok
13:36:17.0906 1944 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
13:36:17.0921 1944 RemoteAccess - ok
13:36:18.0015 1944 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
13:36:18.0015 1944 RemoteRegistry - ok
13:36:18.0062 1944 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
13:36:18.0062 1944 RpcLocator - ok
13:36:18.0140 1944 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
13:36:18.0156 1944 RpcSs - ok
13:36:18.0203 1944 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
13:36:18.0203 1944 RSVP - ok
13:36:18.0265 1944 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:36:18.0281 1944 SamSs - ok
13:36:18.0359 1944 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
13:36:18.0359 1944 SCardSvr - ok
13:36:18.0390 1944 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
13:36:18.0390 1944 Schedule - ok
13:36:18.0453 1944 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:36:18.0453 1944 Secdrv - ok
13:36:18.0500 1944 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
13:36:18.0500 1944 seclogon - ok
13:36:18.0515 1944 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
13:36:18.0515 1944 SENS - ok
13:36:18.0515 1944 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:36:18.0515 1944 Serenum - ok
13:36:18.0546 1944 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
13:36:18.0546 1944 Serial - ok
13:36:18.0640 1944 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:36:18.0640 1944 Sfloppy - ok
13:36:18.0687 1944 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
13:36:18.0687 1944 SharedAccess - ok
13:36:18.0734 1944 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:36:18.0734 1944 ShellHWDetection - ok
13:36:18.0812 1944 Simbad - ok
13:36:18.0828 1944 Sparrow - ok
13:36:18.0875 1944 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:36:18.0875 1944 splitter - ok
13:36:18.0906 1944 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
13:36:18.0906 1944 Spooler - ok
13:36:18.0921 1944 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:36:18.0921 1944 sr - ok
13:36:19.0000 1944 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
13:36:19.0000 1944 srservice - ok
13:36:19.0078 1944 SRTSP (c16d048faf2978d2121f9f40594a6bdc) C:\WINDOWS\System32\Drivers\NIS\1306010.008\SRTSP.SYS
13:36:19.0093 1944 SRTSP - ok
13:36:19.0234 1944 SRTSPX (f0d02c2e25970c9c72a5cd278c17cdb6) C:\WINDOWS\system32\drivers\NIS\1306020.00A\SRTSPX.SYS
13:36:19.0234 1944 SRTSPX - ok
13:36:19.0281 1944 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:36:19.0281 1944 Srv - ok
13:36:19.0406 1944 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
13:36:19.0406 1944 SSDPSRV - ok
13:36:19.0437 1944 STHDA (6b14c6e98f752ebbab24a4e0bd0f3a24) C:\WINDOWS\system32\drivers\sthda.sys
13:36:19.0453 1944 STHDA - ok
13:36:19.0515 1944 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
13:36:19.0515 1944 stisvc - ok
13:36:19.0578 1944 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:36:19.0578 1944 swenum - ok
13:36:19.0625 1944 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:36:19.0625 1944 swmidi - ok
13:36:19.0625 1944 SwPrv - ok
13:36:19.0640 1944 symc810 - ok
13:36:19.0640 1944 symc8xx - ok
13:36:19.0734 1944 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\NIS\1306020.00A\SYMDS.SYS
13:36:19.0734 1944 SymDS - ok
13:36:19.0890 1944 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\WINDOWS\system32\drivers\NIS\1306020.00A\SYMEFA.SYS
13:36:19.0890 1944 SymEFA - ok
13:36:20.0046 1944 SymEvent (555fb450fe6908600310e990738b41d6) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
13:36:20.0046 1944 SymEvent - ok
13:36:20.0125 1944 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\WINDOWS\system32\drivers\NIS\1306020.00A\Ironx86.SYS
13:36:20.0125 1944 SymIRON - ok
13:36:20.0250 1944 SYMTDI (508bd882040f9cb12319e3a4fc78edb9) C:\WINDOWS\System32\Drivers\NIS\1306010.008\SYMTDI.SYS
13:36:20.0250 1944 SYMTDI - ok
13:36:20.0312 1944 sym_hi - ok
13:36:20.0312 1944 sym_u3 - ok
13:36:20.0359 1944 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:36:20.0359 1944 sysaudio - ok
13:36:20.0390 1944 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
13:36:20.0390 1944 SysmonLog - ok
13:36:20.0421 1944 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
13:36:20.0421 1944 TapiSrv - ok
13:36:20.0531 1944 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:36:20.0531 1944 Tcpip - ok
13:36:20.0562 1944 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:36:20.0562 1944 TDPIPE - ok
13:36:20.0578 1944 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:36:20.0578 1944 TDTCP - ok
13:36:20.0671 1944 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:36:20.0671 1944 TermDD - ok
13:36:20.0718 1944 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
13:36:20.0718 1944 TermService - ok
13:36:20.0812 1944 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:36:20.0828 1944 Themes - ok
13:36:20.0859 1944 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
13:36:20.0875 1944 TlntSvr - ok
13:36:20.0937 1944 TosIde - ok
13:36:20.0984 1944 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
13:36:21.0000 1944 TrkWks - ok
13:36:21.0031 1944 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:36:21.0031 1944 Udfs - ok
13:36:21.0125 1944 ultra - ok
13:36:21.0171 1944 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:36:21.0171 1944 Update - ok
13:36:21.0203 1944 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
13:36:21.0203 1944 upnphost - ok
13:36:21.0265 1944 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
13:36:21.0265 1944 UPS - ok
13:36:21.0328 1944 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
13:36:21.0328 1944 USBAAPL - ok
13:36:21.0375 1944 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:36:21.0375 1944 usbccgp - ok
13:36:21.0484 1944 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:36:21.0484 1944 usbehci - ok
13:36:21.0500 1944 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:36:21.0500 1944 usbhub - ok
13:36:21.0515 1944 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:36:21.0515 1944 usbprint - ok
13:36:21.0578 1944 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:36:21.0578 1944 usbscan - ok
13:36:21.0609 1944 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:36:21.0609 1944 usbstor - ok
13:36:21.0671 1944 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:36:21.0671 1944 usbuhci - ok
13:36:21.0687 1944 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:36:21.0687 1944 VgaSave - ok
13:36:21.0687 1944 ViaIde - ok
13:36:21.0703 1944 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:36:21.0703 1944 VolSnap - ok
13:36:21.0781 1944 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
13:36:21.0796 1944 VSS - ok
13:36:21.0812 1944 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
13:36:21.0812 1944 W32Time - ok
13:36:21.0859 1944 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:36:21.0859 1944 Wanarp - ok
13:36:21.0937 1944 WDICA - ok
13:36:21.0984 1944 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:36:21.0984 1944 wdmaud - ok
13:36:22.0031 1944 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
13:36:22.0031 1944 WebClient - ok
13:36:22.0140 1944 WinDefend (f45dd1e1365d857dd08bc23563370d0e) C:\Program Files\Windows Defender\MsMpEng.exe
13:36:22.0140 1944 WinDefend - ok
13:36:22.0265 1944 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
13:36:22.0265 1944 winmgmt - ok
13:36:22.0359 1944 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
13:36:22.0359 1944 WmdmPmSN - ok
13:36:22.0453 1944 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
13:36:22.0468 1944 Wmi - ok
13:36:22.0531 1944 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:36:22.0546 1944 WmiApSrv - ok
13:36:22.0625 1944 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
13:36:22.0640 1944 WMPNetworkSvc - ok
13:36:22.0796 1944 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:36:22.0796 1944 WPFFontCache_v0400 - ok
13:36:22.0859 1944 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
13:36:22.0875 1944 wscsvc - ok
13:36:22.0921 1944 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
13:36:22.0937 1944 wuauserv - ok
13:36:23.0062 1944 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:36:23.0062 1944 WudfPf - ok
13:36:23.0109 1944 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
13:36:23.0125 1944 WudfSvc - ok
13:36:23.0156 1944 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
13:36:23.0171 1944 WZCSVC - ok
13:36:23.0218 1944 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
13:36:23.0218 1944 xmlprov - ok
13:36:23.0234 1944 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:36:23.0421 1944 \Device\Harddisk0\DR0 - ok
13:36:23.0437 1944 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
13:36:23.0437 1944 \Device\Harddisk1\DR1 - ok
13:36:23.0453 1944 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
13:36:23.0453 1944 \Device\Harddisk2\DR2 - ok
13:36:23.0484 1944 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk3\DR8
13:36:23.0484 1944 \Device\Harddisk3\DR8 - ok
13:36:23.0484 1944 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk8\DR13
13:36:23.0500 1944 \Device\Harddisk8\DR13 - ok
13:36:23.0500 1944 Boot (0x1200) (aa46dfcdcedf4b06b6b45bcc1b473a4e) \Device\Harddisk0\DR0\Partition0
13:36:23.0500 1944 \Device\Harddisk0\DR0\Partition0 - ok
13:36:23.0500 1944 Boot (0x1200) (10ffb1b6a3b6766dfaf3ceb53d71299b) \Device\Harddisk1\DR1\Partition0
13:36:23.0500 1944 \Device\Harddisk1\DR1\Partition0 - ok
13:36:23.0515 1944 Boot (0x1200) (9f4df7cc33fd0dc664cac8ab4d4d24a8) \Device\Harddisk2\DR2\Partition0
13:36:23.0515 1944 \Device\Harddisk2\DR2\Partition0 - ok
13:36:23.0515 1944 Boot (0x1200) (09e9d06c684d6f30efbfa18610123536) \Device\Harddisk3\DR8\Partition0
13:36:23.0515 1944 \Device\Harddisk3\DR8\Partition0 - ok
13:36:23.0515 1944 Boot (0x1200) (9f847e71803feddab8afb7ed7ee5bbd6) \Device\Harddisk8\DR13\Partition0
13:36:23.0515 1944 \Device\Harddisk8\DR13\Partition0 - ok
13:36:23.0531 1944 ============================================================
13:36:23.0531 1944 Scan finished
13:36:23.0531 1944 ============================================================
13:36:23.0531 4040 Detected object count: 0
13:36:23.0531 4040 Actual detected object count: 0

#5 vwgn

vwgn
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 24 March 2012 - 01:46 PM

Immediatly after running these tools, I opened firefox, did a google search and was redirercted to gimmie answers com website by clicking on any link in the search results

#6 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:40 AM

Posted 24 March 2012 - 02:38 PM

edited: alternate instructions:

Does the redirect happen in other browsers than Firefox? or just Firefox only?

Edited by dev00790, 24 March 2012 - 02:46 PM.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#7 vwgn

vwgn
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 25 March 2012 - 03:45 PM

edited: alternate instructions:

Does the redirect happen in other browsers than Firefox? or just Firefox only?


Only in Firefox. I downloaded google chrome after several attempts to remove this and failed. I had read in my search that Chrome is immune to most browser hijacks, so I thought Id try it. I have not had a redirect in chrome yet. I only use IE8 about once every 2 weeks to FTP some stuff to an online server for work. I tried it today and no redirect in IE either.

Do you think this is something inside firefox and not really a virus or system infection?

#8 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:40 AM

Posted 25 March 2012 - 04:25 PM

Hi vwgn,

Ok thanks.

Do you think this is something inside firefox and not really a virus or system infection?

Possibly. Too early to say currently.

Please do the following:

Step 1

Please download GooredFix from one of the locations below and save it to your Desktop Download Mirror #1 Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear.
  • Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#9 vwgn

vwgn
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 27 March 2012 - 11:26 AM

Log/data from Goored scan:

GooredFix by jpshortstuff (03.07.10.1)
Log created at 11:25 on 27/03/2012 (Tom Pablo)
Firefox version 11.0 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [16:48 14/03/2012]
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [03:03 16/03/2012]

C:\Documents and Settings\Tom Pablo\Application Data\Mozilla\Firefox\Profiles\h50oieqy.default\extensions\
support@ancestry.com [03:13 13/03/2011]
{20a82645-c095-46ed-80e3-08825760534b} [12:23 27/04/2010]
{c1dffba0-628e-11d9-9669-0800200c9a66} [16:06 20/02/2012]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [22:42 02/01/2010]
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\" [04:17 11/03/2012]
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\" [15:42 22/03/2012]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [03:02 16/03/2012]

-=E.O.F=-

#10 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:40 AM

Posted 29 March 2012 - 01:22 PM

Hi

Please follow step 8 of the preparation guide here, and post the log in your reply.
If GMER crashes please give details along with any error message if applicable.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#11 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:40 AM

Posted 30 March 2012 - 05:33 AM

Hi vwgn,

In addition to the GMER scan, please try the below and let me know if the redirects are present after this?

To disable all of Firefox's add-ons, you have to open the browser in its Safe Mode (no relation to Windows' own Safe Mode) by clicking Start > All Programs > Mozilla Firefox > Mozilla Firefox (Safe Mode). A quicker way is to press the Windows key (in XP, follow this by pressing R), type Firefox -safe-mode, and press Enter.


Posted Image

Disable all add-ons in Firefox by starting the browser in Safe Mode and selecting the "Disable" option.

(Credit: Mozilla)

In the Firefox Safe Mode dialog box that appears before Firefox opens, click "Disable all add-ons" and choose the Make Changes and Restart button to run the browser with no add-ons or extensions enabled.


Edited by dev00790, 30 March 2012 - 05:33 AM.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#12 vwgn

vwgn
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 30 March 2012 - 10:16 AM

Before running GMER, I verified redirect was present. GMER ran for almost 9 hours! then it crashed the computer and I had a blue screen, with no text, all functions locked up. I force rebooted with power button. No log file etc. I did the FF safe mode like you said, and redirect is gone. If I just delete Firefox, do you think it will remove this? I am happy with Chrome since downloading it and really havent missed firefox.

#13 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:40 AM

Posted 30 March 2012 - 04:23 PM

Hi

Step 1

Ok let's uninstall Firefox first, then please download & run SecurityCheck

Uninstall Programs
  • Click the "windows Orb" Start button on your destktop
  • Type "control" in the search box and press enter
  • Double click "Programs and Features" (Vista / Win7) or "Add / Remove Programs" (Win XP)
  • Please uninstall the following programs:
    Firefox
  • After the programs have been uninstalled, make sure you restart the computer.

Step 2

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the on-screen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step 3

Please download Farbar Service Scanner to your Desktop and run it on the computer with the issue.
  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Step 4
How is your computer running now?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#14 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:40 AM

Posted 05 April 2012 - 06:55 PM

Hi vwgn,

Are you still with me?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users