Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google search redirect problem


  • This topic is locked This topic is locked
24 replies to this topic

#1 lighthouse784

lighthouse784

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 08 June 2012 - 03:35 AM

Unfortunately my Google searches are being redirected to other sites like click.get-answers-fast and vivofind. I'm running Windows XP (SP3) and the problem is apparently in both Chrome and Firefox. In attempt to fix the problem, I have tried the following failed solutions sequentially while in Safe-mode with Networking: 1)Rkill 2)TDSSkiller 3)Malwarebytes' Anti-Malware (full scan) 4)HitmanPro36 5)ESET 6) reset router. Also, I currently use avast! antivirus. Would appreciate any help. Thank you for your time.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Run by Jason at 23:57:04 on 2012-06-07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.236 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\jason\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [ACU] "c:\program files\atheros\ACU.exe" -nogui
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [TPNF] c:\program files\toshiba\touchpad\TPTray.exe
mRun: [<NO NAME>]
mRun: [ThpSrv] c:\windows\system32\thpsrv /logon
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NDSTray.exe] NDSTray.exe
mRun: [CeEKEY] c:\program files\toshiba\e-key\CeEKey.exe
mRun: [TDispVol] TDispVol.exe
mRun: [HWSetup] c:\program files\toshiba\toshiba applet\HWSetup.exe hwSetUP
mRun: [ZoomingHook] ZoomingHook.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [TAccessibility] c:\program files\toshiba\accessibility\TAccessibility.exe Instant
mRun: [TPSMain] TPSMain.exe
mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe
mRun: [TUSBSleepChargeSrv] %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
mRunOnce: [aswAhAScr.dll] "c:\program files\alwil software\avast5\aswregsvr.exe" "c:\program files\alwil software\avast5\AhAScr.dll"
mRunOnce: [aswasOutExt.dll] "c:\program files\alwil software\avast5\aswregsvr.exe" "c:\program files\alwil software\avast5\asOutExt.dll"
mRunOnce: [aswaswOtl.dll] "c:\program files\alwil software\avast5\aswregsvr.exe" "c:\program files\alwil software\avast5\aswOtl.dll"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: motive.com\patttbc.att
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{46F4E4A9-5DAC-4BBC-A9B7-5A33B294ACDB} : DhcpNameServer = 10.0.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jason\application data\mozilla\firefox\profiles\vbtfrses.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\jason\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\jason\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\jason\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2008-8-21 28536]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2007-9-4 6528]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-8-8 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-8-14 337880]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2001-12-19 8576]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-14 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-20 44768]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2007-3-26 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2007-2-19 134016]
R3 cecnuvc;Chicony USB 2.0 Camera VD;c:\windows\system32\drivers\cec_uvc.sys [2009-7-27 48176]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-24 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-28 257696]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-4-6 1684736]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-24 136176]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [2012-6-7 27424]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-4-6 164864]
S3 RtsUIR;Realtek IR Driver; [x]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-06-07 15:18:11 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2012-06-07 15:18:11 75264 ----a-w- c:\windows\system32\unacev2.dll
2012-06-07 15:18:11 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2012-06-07 15:18:11 598528 ----a-w- c:\windows\system32\ztv7z.dll
2012-06-07 15:18:11 178176 ----a-w- c:\windows\system32\ztvunrar39.dll
2012-06-07 15:18:11 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2012-06-07 15:18:11 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2012-06-07 15:18:08 -------- d-----w- c:\program files\Trojan Remover
2012-06-07 15:18:08 -------- d-----w- c:\documents and settings\jason\application data\Simply Super Software
2012-06-07 15:18:08 -------- d-----w- c:\documents and settings\all users\application data\Simply Super Software
2012-06-07 13:40:33 27424 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-06-07 13:39:55 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2012-05-28 07:27:59 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-28 07:27:59 70304 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 22:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
.
============= FINISH: 23:59:38.12 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:01 AM

Posted 08 June 2012 - 11:46 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 lighthouse784

lighthouse784
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 09 June 2012 - 01:05 AM

Hey Gringo, thanks for the response. Below you will find both my logs for Security Check and for Combofix. The Google redirect problem persists after running both programs. Any help would be appreciated, thanks!



Results of screen317's Security Check version 0.99.41
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Free Antivirus
`````````Anti-malware/Other Utilities Check:`````````
Trojan Remover 6.8.3
Malwarebytes Anti-Malware version 1.61.0.1400
Auslogics Registry Cleaner
Java™ 6 Update 20
Java™ 6 Update 16
Java version out of date!
Adobe Flash Player 9 Flash Player out of date!
Adobe Flash Player 11.2.202.235
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (6.0.2)
Google Chrome 19.0.1084.46
Google Chrome 19.0.1084.52
````````Process Check: objlist.exe by Laurent````````
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 12% Defragment your hard drive soon!
````````````````````End of Log``````````````````````




ComboFix 12-06-08.02 - Jason 06/08/2012 22:39:09.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.571 [GMT -7:00]
Running from: c:\documents and settings\Jason\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\xp
c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\vbtfrses.default\searchplugins\bing-zugo.xml
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\windows\dasetup.log
.
.
((((((((((((((((((((((((( Files Created from 2012-05-09 to 2012-06-09 )))))))))))))))))))))))))))))))
.
.
2012-06-07 15:18 . 2010-10-24 14:06 598528 ----a-w- c:\windows\system32\ztv7z.dll
2012-06-07 15:18 . 2010-10-24 14:06 178176 ----a-w- c:\windows\system32\ztvunrar39.dll
2012-06-07 15:18 . 2006-06-19 20:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2012-06-07 15:18 . 2006-05-25 22:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2012-06-07 15:18 . 2005-08-26 08:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2012-06-07 15:18 . 2003-02-03 03:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2012-06-07 15:18 . 2002-03-06 08:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2012-06-07 15:18 . 2012-06-07 15:18 -------- d-----w- c:\program files\Trojan Remover
2012-06-07 15:18 . 2012-06-07 15:18 -------- d-----w- c:\documents and settings\Jason\Application Data\Simply Super Software
2012-06-07 15:18 . 2012-06-07 15:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2012-06-07 13:40 . 2012-06-07 13:47 27424 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-06-07 13:39 . 2012-06-07 13:40 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-06-07 08:11 . 2012-06-07 08:11 -------- d-----w- c:\documents and settings\Administrator.J
2012-05-28 07:27 . 2012-05-28 07:27 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 13:22 . 2009-04-06 19:46 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-28 07:27 . 2011-06-16 19:49 70304 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:14 . 2008-04-14 00:54 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2009-04-06 19:48 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 22:56 . 2010-12-29 01:16 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2011-09-03 06:01 . 2011-09-07 03:08 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-06 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 184320]
"ACU"="c:\program files\Atheros\ACU.exe" [2009-03-06 479320]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2008-12-20 83336]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2009-04-03 73728]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-17 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-17 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-17 137752]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-13 17531392]
"NDSTray.exe"="NDSTray.exe" [BU]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2009-03-18 827392]
"TDispVol"="TDispVol.exe" [2009-04-02 210232]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"ZoomingHook"="ZoomingHook.exe" [2005-06-06 24576]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-04-10 159744]
"TAccessibility"="c:\program files\TOSHIBA\Accessibility\TAccessibility.exe" [2009-02-25 110592]
"TPSMain"="TPSMain.exe" [2009-03-17 283960]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-14 311296]
"TUSBSleepChargeSrv"="c:\program files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [2009-03-16 252288]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2007-01-26 136816]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2009-10-22 1577984]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2012-05-14 1266448]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 18:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2009-12-01 17:38 3951976 ----a-w- c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 21:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2009-07-27 19:37 424496 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-06 05:57 136176 ----atw- c:\documents and settings\Jason\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 09:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 12:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-04-06 19:43 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-10-14 07:18 202256 -c--a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\TOSHIBA\\IVP\\ISM\\pinger.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Documents and Settings\\Jason\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [8/21/2008 10:35 AM 28536]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [9/4/2007 10:14 AM 6528]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8/8/2011 5:21 PM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/14/2009 5:30 PM 337880]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [12/19/2001 12:45 PM 8576]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/14/2009 5:30 PM 20696]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [3/26/2007 12:22 PM 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2/19/2007 12:15 PM 134016]
R3 cecnuvc;Chicony USB 2.0 Camera VD;c:\windows\system32\drivers\cec_uvc.sys [7/27/2009 1:22 AM 48176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/24/2010 6:37 PM 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5/28/2012 12:27 AM 257696]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4/6/2009 12:08 PM 1684736]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/24/2010 6:37 PM 136176]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [6/7/2012 6:40 AM 27424]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 11:15 AM 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [4/6/2009 12:09 PM 164864]
S3 RtsUIR;Realtek IR Driver; [x]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-28 07:27]
.
2012-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-25 01:37]
.
2012-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-25 01:37]
.
2012-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-338281255-2323983354-2928877906-1005Core.job
- c:\documents and settings\Jason\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 05:57]
.
2012-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-338281255-2323983354-2928877906-1005UA.job
- c:\documents and settings\Jason\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 05:57]
.
2012-06-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-338281255-2323983354-2928877906-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]
.
2012-06-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-338281255-2323983354-2928877906-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]
.
2012-06-08 c:\windows\Tasks\Windows Codec Update Service.job
- c:\program files\Essentials Codec Pack\WECPUpdate.exe [2012-02-23 01:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: motive.com\patttbc.att
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\vbtfrses.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-08 22:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-06-08 22:55:11
ComboFix-quarantined-files.txt 2012-06-09 05:55
.
Pre-Run: 83,417,014,272 bytes free
Post-Run: 84,709,916,672 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 28A2F3F5EF188A28BB0BE820A4E9EE79

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:01 AM

Posted 09 June 2012 - 03:29 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 lighthouse784

lighthouse784
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 09 June 2012 - 06:47 PM

Hey Gringo, I was able to run TDSkiller but not aswMBR. Midway through running aswMBR, a blue screen would appear and my computer would restart. This happened on multiple attempts and I was unable to generate a log. Below I've posted the report from TDSkiller. Google redirect problem still persists. Thank you for your time.


08:28:59.0296 3148 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
08:28:59.0828 3148 ============================================================
08:28:59.0828 3148 Current date / time: 2012/06/09 08:28:59.0828
08:28:59.0828 3148 SystemInfo:
08:28:59.0828 3148
08:28:59.0828 3148 OS Version: 5.1.2600 ServicePack: 3.0
08:28:59.0828 3148 Product type: Workstation
08:28:59.0828 3148 ComputerName: J
08:28:59.0843 3148 UserName: Jason
08:28:59.0843 3148 Windows directory: C:\WINDOWS
08:28:59.0843 3148 System windows directory: C:\WINDOWS
08:28:59.0843 3148 Processor architecture: Intel x86
08:28:59.0843 3148 Number of processors: 2
08:28:59.0843 3148 Page size: 0x1000
08:28:59.0843 3148 Boot type: Normal boot
08:28:59.0843 3148 ============================================================
08:29:01.0109 3148 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:29:01.0109 3148 ============================================================
08:29:01.0109 3148 \Device\Harddisk0\DR0:
08:29:01.0109 3148 MBR partitions:
08:29:01.0109 3148 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x11B18E6F
08:29:01.0109 3148 ============================================================
08:29:01.0140 3148 C: <-> \Device\Harddisk0\DR0\Partition0
08:29:01.0140 3148 ============================================================
08:29:01.0140 3148 Initialize success
08:29:01.0140 3148 ============================================================
08:29:03.0609 2036 ============================================================
08:29:03.0609 2036 Scan started
08:29:03.0609 2036 Mode: Manual;
08:29:03.0609 2036 ============================================================
08:29:05.0703 2036 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
08:29:05.0703 2036 Aavmker4 - ok
08:29:05.0718 2036 Abiosdsk - ok
08:29:05.0734 2036 abp480n5 - ok
08:29:05.0796 2036 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:29:05.0812 2036 ACPI - ok
08:29:05.0812 2036 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
08:29:05.0812 2036 ACPIEC - ok
08:29:05.0890 2036 ACS (75265152c2a2d1cbd2df180d63081d01) C:\WINDOWS\system32\acs.exe
08:29:05.0906 2036 ACS - ok
08:29:05.0984 2036 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:29:06.0000 2036 AdobeFlashPlayerUpdateSvc - ok
08:29:06.0000 2036 adpu160m - ok
08:29:06.0062 2036 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:29:06.0062 2036 aec - ok
08:29:06.0125 2036 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:29:06.0125 2036 AFD - ok
08:29:06.0125 2036 Aha154x - ok
08:29:06.0140 2036 aic78u2 - ok
08:29:06.0156 2036 aic78xx - ok
08:29:06.0203 2036 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
08:29:06.0203 2036 Alerter - ok
08:29:06.0234 2036 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
08:29:06.0250 2036 ALG - ok
08:29:06.0265 2036 AliIde - ok
08:29:06.0406 2036 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
08:29:06.0484 2036 Ambfilt - ok
08:29:06.0593 2036 amsint - ok
08:29:06.0625 2036 ApfiltrService (95116e2bcfaf5a36af0369050e92b9a5) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
08:29:06.0640 2036 ApfiltrService - ok
08:29:06.0796 2036 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:29:06.0812 2036 Apple Mobile Device - ok
08:29:06.0812 2036 AppMgmt - ok
08:29:07.0046 2036 AR5416 (864160f5f4fbdd97b6a686854bfebd86) C:\WINDOWS\system32\DRIVERS\athw.sys
08:29:07.0078 2036 AR5416 - ok
08:29:07.0437 2036 asc - ok
08:29:07.0437 2036 asc3350p - ok
08:29:07.0453 2036 asc3550 - ok
08:29:07.0546 2036 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:29:07.0578 2036 aspnet_state - ok
08:29:07.0609 2036 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
08:29:07.0609 2036 aswFsBlk - ok
08:29:07.0625 2036 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
08:29:07.0625 2036 aswMon2 - ok
08:29:07.0656 2036 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys
08:29:07.0656 2036 aswRdr - ok
08:29:07.0718 2036 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
08:29:07.0734 2036 aswSnx - ok
08:29:07.0781 2036 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
08:29:07.0796 2036 aswSP - ok
08:29:07.0812 2036 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
08:29:07.0828 2036 aswTdi - ok
08:29:07.0859 2036 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:29:07.0859 2036 AsyncMac - ok
08:29:07.0890 2036 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:29:07.0890 2036 atapi - ok
08:29:07.0906 2036 Atdisk - ok
08:29:07.0953 2036 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:29:07.0953 2036 Atmarpc - ok
08:29:07.0984 2036 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
08:29:08.0000 2036 AudioSrv - ok
08:29:08.0046 2036 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:29:08.0046 2036 audstub - ok
08:29:08.0156 2036 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
08:29:08.0156 2036 avast! Antivirus - ok
08:29:08.0203 2036 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:29:08.0203 2036 Beep - ok
08:29:08.0296 2036 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
08:29:08.0437 2036 BITS - ok
08:29:08.0531 2036 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
08:29:08.0546 2036 Bonjour Service - ok
08:29:08.0578 2036 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
08:29:08.0578 2036 Browser - ok
08:29:08.0703 2036 catchme - ok
08:29:08.0750 2036 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:29:08.0750 2036 cbidf2k - ok
08:29:08.0750 2036 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
08:29:08.0765 2036 CCDECODE - ok
08:29:08.0765 2036 cd20xrnt - ok
08:29:08.0796 2036 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:29:08.0796 2036 Cdaudio - ok
08:29:08.0828 2036 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:29:08.0828 2036 Cdfs - ok
08:29:08.0859 2036 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:29:08.0859 2036 Cdrom - ok
08:29:08.0906 2036 cecnuvc (8f71e5e7b51450a11ab4530d6b3d5574) C:\WINDOWS\system32\Drivers\cec_uvc.sys
08:29:08.0906 2036 cecnuvc - ok
08:29:08.0968 2036 CFSvcs (3cb0cc8879956c187e87e18634ee5164) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
08:29:08.0968 2036 CFSvcs - ok
08:29:08.0984 2036 Changer - ok
08:29:09.0031 2036 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
08:29:09.0031 2036 CiSvc - ok
08:29:09.0093 2036 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
08:29:09.0093 2036 ClipSrv - ok
08:29:09.0343 2036 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:29:09.0437 2036 clr_optimization_v2.0.50727_32 - ok
08:29:09.0531 2036 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:29:09.0531 2036 clr_optimization_v4.0.30319_32 - ok
08:29:09.0562 2036 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
08:29:09.0562 2036 CmBatt - ok
08:29:09.0562 2036 CmdIde - ok
08:29:09.0609 2036 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
08:29:09.0609 2036 Compbatt - ok
08:29:09.0625 2036 COMSysApp - ok
08:29:09.0640 2036 Cpqarray - ok
08:29:09.0687 2036 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
08:29:09.0687 2036 CryptSvc - ok
08:29:09.0687 2036 dac2w2k - ok
08:29:09.0703 2036 dac960nt - ok
08:29:09.0765 2036 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
08:29:09.0781 2036 DcomLaunch - ok
08:29:09.0812 2036 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
08:29:09.0812 2036 Dhcp - ok
08:29:09.0859 2036 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:29:09.0859 2036 Disk - ok
08:29:09.0859 2036 dmadmin - ok
08:29:09.0937 2036 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
08:29:09.0953 2036 dmboot - ok
08:29:09.0984 2036 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
08:29:09.0984 2036 dmio - ok
08:29:10.0203 2036 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:29:10.0203 2036 dmload - ok
08:29:10.0234 2036 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
08:29:10.0250 2036 dmserver - ok
08:29:10.0281 2036 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:29:10.0281 2036 DMusic - ok
08:29:10.0328 2036 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
08:29:10.0328 2036 Dnscache - ok
08:29:10.0375 2036 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
08:29:10.0375 2036 Dot3svc - ok
08:29:10.0375 2036 dpti2o - ok
08:29:10.0406 2036 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:29:10.0406 2036 drmkaud - ok
08:29:10.0453 2036 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
08:29:10.0468 2036 EapHost - ok
08:29:10.0484 2036 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
08:29:10.0500 2036 ERSvc - ok
08:29:10.0531 2036 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
08:29:10.0546 2036 Eventlog - ok
08:29:10.0593 2036 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
08:29:10.0609 2036 EventSystem - ok
08:29:10.0656 2036 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:29:10.0671 2036 Fastfat - ok
08:29:10.0718 2036 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:29:10.0734 2036 FastUserSwitchingCompatibility - ok
08:29:10.0828 2036 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
08:29:10.0843 2036 Fax - ok
08:29:10.0875 2036 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
08:29:10.0875 2036 Fdc - ok
08:29:10.0890 2036 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
08:29:10.0890 2036 Fips - ok
08:29:10.0921 2036 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
08:29:10.0921 2036 Flpydisk - ok
08:29:10.0953 2036 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
08:29:10.0953 2036 FltMgr - ok
08:29:11.0078 2036 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:29:11.0078 2036 FontCache3.0.0.0 - ok
08:29:11.0125 2036 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:29:11.0125 2036 Fs_Rec - ok
08:29:11.0171 2036 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:29:11.0187 2036 Ftdisk - ok
08:29:11.0218 2036 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
08:29:11.0234 2036 GEARAspiWDM - ok
08:29:11.0281 2036 getPlusHelper - ok
08:29:11.0312 2036 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:29:11.0312 2036 Gpc - ok
08:29:11.0390 2036 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
08:29:11.0390 2036 gupdate - ok
08:29:11.0406 2036 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
08:29:11.0406 2036 gupdatem - ok
08:29:11.0468 2036 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
08:29:11.0500 2036 gusvc - ok
08:29:11.0531 2036 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:29:11.0531 2036 HDAudBus - ok
08:29:11.0593 2036 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:29:11.0593 2036 helpsvc - ok
08:29:11.0625 2036 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
08:29:11.0640 2036 HidServ - ok
08:29:11.0671 2036 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:29:11.0671 2036 HidUsb - ok
08:29:11.0734 2036 hitmanpro35 (47eece68857817f39c8c6f33a7e5e76c) C:\WINDOWS\system32\drivers\hitmanpro36.sys
08:29:11.0734 2036 hitmanpro35 - ok
08:29:11.0765 2036 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
08:29:11.0765 2036 hkmsvc - ok
08:29:11.0781 2036 hpn - ok
08:29:11.0828 2036 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
08:29:11.0843 2036 HPZid412 - ok
08:29:11.0859 2036 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
08:29:11.0859 2036 HPZipr12 - ok
08:29:11.0906 2036 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
08:29:11.0906 2036 HPZius12 - ok
08:29:11.0968 2036 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:29:11.0984 2036 HTTP - ok
08:29:12.0015 2036 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
08:29:12.0046 2036 HTTPFilter - ok
08:29:12.0062 2036 i2omgmt - ok
08:29:12.0062 2036 i2omp - ok
08:29:12.0125 2036 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:29:12.0125 2036 i8042prt - ok
08:29:12.0515 2036 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
08:29:12.0671 2036 ialm - ok
08:29:12.0843 2036 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\WINDOWS\system32\drivers\iaStor.sys
08:29:12.0843 2036 iaStor - ok
08:29:12.0921 2036 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
08:29:12.0921 2036 IDriverT - ok
08:29:13.0109 2036 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:29:13.0140 2036 idsvc - ok
08:29:13.0234 2036 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:29:13.0234 2036 Imapi - ok
08:29:13.0296 2036 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
08:29:13.0312 2036 ImapiService - ok
08:29:13.0312 2036 ini910u - ok
08:29:13.0656 2036 IntcAzAudAddService (2b1cddfe53715372b2677ace12fc9fe5) C:\WINDOWS\system32\drivers\RtkHDAud.sys
08:29:13.0828 2036 IntcAzAudAddService - ok
08:29:13.0937 2036 IntelIde - ok
08:29:13.0984 2036 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:29:14.0000 2036 intelppm - ok
08:29:14.0031 2036 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
08:29:14.0031 2036 Ip6Fw - ok
08:29:14.0046 2036 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:29:14.0046 2036 IpFilterDriver - ok
08:29:14.0062 2036 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:29:14.0062 2036 IpInIp - ok
08:29:14.0140 2036 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:29:14.0156 2036 IpNat - ok
08:29:14.0296 2036 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe
08:29:14.0312 2036 iPod Service - ok
08:29:14.0359 2036 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:29:14.0359 2036 IPSec - ok
08:29:14.0390 2036 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:29:14.0390 2036 IRENUM - ok
08:29:14.0421 2036 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:29:14.0421 2036 isapnp - ok
08:29:14.0500 2036 JavaQuickStarterService (1834c96fb1f9280bcf6ddfa6de8338bf) C:\Program Files\Java\jre6\bin\jqs.exe
08:29:14.0500 2036 JavaQuickStarterService - ok
08:29:14.0515 2036 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:29:14.0515 2036 Kbdclass - ok
08:29:14.0562 2036 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:29:14.0562 2036 kbdhid - ok
08:29:14.0625 2036 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:29:14.0625 2036 kmixer - ok
08:29:14.0671 2036 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:29:14.0671 2036 KSecDD - ok
08:29:14.0718 2036 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
08:29:14.0734 2036 LanmanServer - ok
08:29:14.0781 2036 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
08:29:14.0796 2036 lanmanworkstation - ok
08:29:14.0812 2036 lbrtfdc - ok
08:29:14.0859 2036 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
08:29:14.0859 2036 LmHosts - ok
08:29:14.0953 2036 McciCMService (f8b823414a22dbf3bec10dcaa5f93cd8) C:\Program Files\Common Files\Motive\McciCMService.exe
08:29:14.0953 2036 McciCMService - ok
08:29:14.0984 2036 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
08:29:15.0000 2036 Messenger - ok
08:29:15.0078 2036 Microsoft SharePoint Workspace Audit Service - ok
08:29:15.0125 2036 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:29:15.0140 2036 mnmdd - ok
08:29:15.0171 2036 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
08:29:15.0218 2036 mnmsrvc - ok
08:29:15.0250 2036 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
08:29:15.0250 2036 Modem - ok
08:29:15.0531 2036 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
08:29:15.0562 2036 Monfilt - ok
08:29:15.0734 2036 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:29:15.0750 2036 Mouclass - ok
08:29:15.0781 2036 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:29:15.0781 2036 mouhid - ok
08:29:15.0812 2036 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:29:15.0812 2036 MountMgr - ok
08:29:15.0828 2036 mraid35x - ok
08:29:15.0937 2036 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
08:29:15.0937 2036 MREMP50 - ok
08:29:15.0953 2036 MREMPR5 - ok
08:29:15.0953 2036 MRENDIS5 - ok
08:29:15.0968 2036 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
08:29:15.0984 2036 MRESP50 - ok
08:29:16.0015 2036 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:29:16.0015 2036 MRxDAV - ok
08:29:16.0078 2036 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:29:16.0078 2036 MRxSmb - ok
08:29:16.0125 2036 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
08:29:16.0140 2036 MSDTC - ok
08:29:16.0203 2036 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:29:16.0203 2036 Msfs - ok
08:29:16.0203 2036 MSIServer - ok
08:29:16.0234 2036 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:29:16.0234 2036 MSKSSRV - ok
08:29:16.0250 2036 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:29:16.0250 2036 MSPCLOCK - ok
08:29:16.0250 2036 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:29:16.0265 2036 MSPQM - ok
08:29:16.0296 2036 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:29:16.0296 2036 mssmbios - ok
08:29:16.0296 2036 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
08:29:16.0296 2036 MSTEE - ok
08:29:16.0343 2036 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
08:29:16.0343 2036 Mup - ok
08:29:16.0390 2036 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
08:29:16.0390 2036 NABTSFEC - ok
08:29:16.0453 2036 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
08:29:16.0468 2036 napagent - ok
08:29:16.0500 2036 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:29:16.0500 2036 NDIS - ok
08:29:16.0531 2036 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
08:29:16.0531 2036 NdisIP - ok
08:29:16.0578 2036 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:29:16.0578 2036 NdisTapi - ok
08:29:16.0609 2036 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:29:16.0625 2036 Ndisuio - ok
08:29:16.0625 2036 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:29:16.0640 2036 NdisWan - ok
08:29:16.0640 2036 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
08:29:16.0656 2036 NDProxy - ok
08:29:16.0671 2036 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:29:16.0671 2036 NetBIOS - ok
08:29:16.0687 2036 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:29:16.0703 2036 NetBT - ok
08:29:16.0734 2036 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
08:29:16.0750 2036 NetDDE - ok
08:29:16.0750 2036 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
08:29:16.0765 2036 NetDDEdsdm - ok
08:29:16.0796 2036 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
08:29:16.0796 2036 Netdevio - ok
08:29:16.0828 2036 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:29:16.0843 2036 Netlogon - ok
08:29:16.0859 2036 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
08:29:16.0875 2036 Netman - ok
08:29:17.0000 2036 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:29:17.0015 2036 NetTcpPortSharing - ok
08:29:17.0078 2036 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
08:29:17.0093 2036 Nla - ok
08:29:17.0140 2036 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:29:17.0156 2036 Npfs - ok
08:29:17.0203 2036 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:29:17.0218 2036 Ntfs - ok
08:29:17.0218 2036 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:29:17.0234 2036 NtLmSsp - ok
08:29:17.0312 2036 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
08:29:17.0343 2036 NtmsSvc - ok
08:29:17.0390 2036 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
08:29:17.0390 2036 NuidFltr - ok
08:29:17.0437 2036 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:29:17.0437 2036 Null - ok
08:29:17.0437 2036 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:29:17.0437 2036 NwlnkFlt - ok
08:29:17.0484 2036 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:29:17.0484 2036 NwlnkFwd - ok
08:29:17.0578 2036 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:29:17.0578 2036 ose - ok
08:29:17.0890 2036 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:29:18.0031 2036 osppsvc - ok
08:29:18.0187 2036 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
08:29:18.0187 2036 Parport - ok
08:29:18.0218 2036 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:29:18.0218 2036 PartMgr - ok
08:29:18.0250 2036 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
08:29:18.0250 2036 ParVdm - ok
08:29:18.0265 2036 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
08:29:18.0265 2036 PCI - ok
08:29:18.0281 2036 PCIDump - ok
08:29:18.0281 2036 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
08:29:18.0296 2036 PCIIde - ok
08:29:18.0312 2036 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
08:29:18.0312 2036 Pcmcia - ok
08:29:18.0328 2036 PDCOMP - ok
08:29:18.0328 2036 PDFRAME - ok
08:29:18.0343 2036 PDRELI - ok
08:29:18.0359 2036 PDRFRAME - ok
08:29:18.0359 2036 perc2 - ok
08:29:18.0375 2036 perc2hib - ok
08:29:18.0453 2036 pinger (6dbf2ac2bdaff355995ab25eccc4cfe1) C:\TOSHIBA\IVP\ISM\pinger.exe
08:29:18.0453 2036 pinger - ok
08:29:18.0500 2036 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
08:29:18.0515 2036 PlugPlay - ok
08:29:18.0546 2036 Pml Driver HPZ12 (2d091a99624fb9e7eef0a86d872ec0c3) C:\WINDOWS\system32\HPZipm12.exe
08:29:18.0546 2036 Pml Driver HPZ12 - ok
08:29:18.0593 2036 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:29:18.0609 2036 PolicyAgent - ok
08:29:18.0640 2036 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:29:18.0656 2036 PptpMiniport - ok
08:29:18.0656 2036 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:29:18.0671 2036 ProtectedStorage - ok
08:29:18.0671 2036 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:29:18.0687 2036 PSched - ok
08:29:18.0687 2036 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:29:18.0687 2036 Ptilink - ok
08:29:18.0734 2036 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
08:29:18.0734 2036 PxHelp20 - ok
08:29:18.0750 2036 ql1080 - ok
08:29:18.0750 2036 Ql10wnt - ok
08:29:18.0765 2036 ql12160 - ok
08:29:18.0781 2036 ql1240 - ok
08:29:18.0781 2036 ql1280 - ok
08:29:18.0812 2036 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:29:18.0812 2036 RasAcd - ok
08:29:18.0859 2036 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
08:29:18.0875 2036 RasAuto - ok
08:29:18.0890 2036 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:29:18.0906 2036 Rasl2tp - ok
08:29:18.0921 2036 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
08:29:18.0937 2036 RasMan - ok
08:29:18.0953 2036 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:29:18.0953 2036 RasPppoe - ok
08:29:18.0968 2036 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:29:18.0968 2036 Raspti - ok
08:29:19.0015 2036 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:29:19.0031 2036 Rdbss - ok
08:29:19.0046 2036 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:29:19.0046 2036 RDPCDD - ok
08:29:19.0109 2036 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
08:29:19.0125 2036 RDPWD - ok
08:29:19.0171 2036 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
08:29:19.0187 2036 RDSessMgr - ok
08:29:19.0312 2036 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:29:19.0312 2036 redbook - ok
08:29:19.0375 2036 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
08:29:19.0390 2036 RemoteAccess - ok
08:29:19.0453 2036 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
08:29:19.0468 2036 RpcLocator - ok
08:29:19.0546 2036 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
08:29:19.0562 2036 RpcSs - ok
08:29:19.0609 2036 RSUSBSTOR (2ab66b8ccd92d4d8e33c98fea874325b) C:\WINDOWS\system32\Drivers\RtsUStor.sys
08:29:19.0625 2036 RSUSBSTOR - ok
08:29:19.0671 2036 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
08:29:19.0687 2036 RSVP - ok
08:29:19.0750 2036 RTLE8023xp (6e7470477d08f6e47e91016d6a1c5a5f) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
08:29:19.0750 2036 RTLE8023xp - ok
08:29:19.0765 2036 RtsUIR - ok
08:29:19.0796 2036 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:29:19.0812 2036 SamSs - ok
08:29:19.0859 2036 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
08:29:19.0875 2036 SCardSvr - ok
08:29:19.0921 2036 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
08:29:19.0937 2036 Schedule - ok
08:29:19.0984 2036 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:29:19.0984 2036 Secdrv - ok
08:29:20.0015 2036 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
08:29:20.0031 2036 seclogon - ok
08:29:20.0062 2036 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
08:29:20.0078 2036 SENS - ok
08:29:20.0109 2036 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
08:29:20.0156 2036 Serial - ok
08:29:20.0203 2036 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:29:20.0203 2036 Sfloppy - ok
08:29:20.0250 2036 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
08:29:20.0265 2036 SharedAccess - ok
08:29:20.0312 2036 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:29:20.0328 2036 ShellHWDetection - ok
08:29:20.0328 2036 Simbad - ok
08:29:20.0359 2036 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
08:29:20.0359 2036 SLIP - ok
08:29:20.0375 2036 Sparrow - ok
08:29:20.0421 2036 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:29:20.0421 2036 splitter - ok
08:29:20.0468 2036 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
08:29:20.0484 2036 Spooler - ok
08:29:20.0500 2036 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
08:29:20.0515 2036 sr - ok
08:29:20.0562 2036 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
08:29:20.0562 2036 srservice - ok
08:29:20.0625 2036 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
08:29:20.0625 2036 Srv - ok
08:29:20.0656 2036 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
08:29:20.0656 2036 SSDPSRV - ok
08:29:20.0718 2036 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
08:29:20.0734 2036 stisvc - ok
08:29:20.0765 2036 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
08:29:20.0765 2036 streamip - ok
08:29:20.0796 2036 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:29:20.0796 2036 swenum - ok
08:29:20.0828 2036 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:29:20.0828 2036 swmidi - ok
08:29:20.0828 2036 SwPrv - ok
08:29:20.0890 2036 Swupdtmr (4a5bb3e94b31063718228187ceab619e) c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
08:29:20.0890 2036 Swupdtmr - ok
08:29:20.0890 2036 symc810 - ok
08:29:20.0906 2036 symc8xx - ok
08:29:20.0921 2036 sym_hi - ok
08:29:20.0921 2036 sym_u3 - ok
08:29:20.0968 2036 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:29:20.0968 2036 sysaudio - ok
08:29:21.0031 2036 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
08:29:21.0046 2036 SysmonLog - ok
08:29:21.0078 2036 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
08:29:21.0093 2036 TapiSrv - ok
08:29:21.0140 2036 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:29:21.0140 2036 Tcpip - ok
08:29:21.0187 2036 tdcmdpst (2f8bfbdb5824c71f672779b4b8cf8b01) C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys
08:29:21.0187 2036 tdcmdpst - ok
08:29:21.0218 2036 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:29:21.0218 2036 TDPIPE - ok
08:29:21.0250 2036 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:29:21.0250 2036 TDTCP - ok
08:29:21.0281 2036 tdudf (f56a9327c58ff985616c5e197472932c) C:\WINDOWS\system32\DRIVERS\tdudf.sys
08:29:21.0281 2036 tdudf - ok
08:29:21.0312 2036 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:29:21.0312 2036 TermDD - ok
08:29:21.0406 2036 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
08:29:21.0421 2036 TermService - ok
08:29:21.0484 2036 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:29:21.0500 2036 Themes - ok
08:29:21.0546 2036 Thpdrv (b3556bc3e38cc3c4ab2dc09bc7f51ccb) C:\WINDOWS\system32\DRIVERS\thpdrv.sys
08:29:21.0546 2036 Thpdrv - ok
08:29:21.0562 2036 Thpevm (beeca51c9ef368a1038e455278e4715e) C:\WINDOWS\system32\DRIVERS\Thpevm.SYS
08:29:21.0562 2036 Thpevm - ok
08:29:21.0609 2036 Thpsrv (a2b6029763f7c7d340aea8a0b1d44306) C:\WINDOWS\system32\ThpSrv.exe
08:29:21.0640 2036 Thpsrv - ok
08:29:21.0687 2036 TODDSrv (c5ac715b65b01788abc22d10749dddd8) C:\WINDOWS\system32\TODDSrv.exe
08:29:21.0703 2036 TODDSrv - ok
08:29:21.0843 2036 TOSHIBA Bluetooth Service (f1ff6b201a6385e54c492f8e92efd62b) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
08:29:21.0843 2036 TOSHIBA Bluetooth Service - ok
08:29:21.0843 2036 TosIde - ok
08:29:21.0906 2036 tosporte (2c15b4856f929ac7dd144044d8334b54) C:\WINDOWS\system32\DRIVERS\tosporte.sys
08:29:21.0906 2036 tosporte - ok
08:29:21.0953 2036 Tosrfbd (6750328ab04ae5faf01403a575d66978) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys
08:29:21.0968 2036 Tosrfbd - ok
08:29:21.0984 2036 tosrfbnp (181e217a7a326817d97946d045b3cb46) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
08:29:22.0015 2036 tosrfbnp - ok
08:29:22.0046 2036 Tosrfcom (f6158c41bf2ba736deb779b625597016) C:\WINDOWS\system32\Drivers\tosrfcom.sys
08:29:22.0046 2036 Tosrfcom - ok
08:29:22.0062 2036 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
08:29:22.0078 2036 tosrfec - ok
08:29:22.0109 2036 Tosrfhid (97c2dc66dfec6706267ecf64f5899ad4) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
08:29:22.0109 2036 Tosrfhid - ok
08:29:22.0156 2036 TosRfSnd (bac179b6fce8531d693163cc1fb630c8) C:\WINDOWS\system32\drivers\tosrfsnd.sys
08:29:22.0156 2036 TosRfSnd - ok
08:29:22.0187 2036 Tosrfusb (905db72f85213c28890d6bc5033c56d4) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys
08:29:22.0203 2036 Tosrfusb - ok
08:29:22.0250 2036 TPwSav (4026b9c7b042ea99946ce6bbea73ed1b) C:\WINDOWS\system32\drivers\TPwSav.sys
08:29:22.0250 2036 TPwSav - ok
08:29:22.0296 2036 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
08:29:22.0312 2036 TrkWks - ok
08:29:22.0343 2036 trudf (3f9ba8878aa26d0831116733f9bc53ff) C:\WINDOWS\system32\DRIVERS\trudf.sys
08:29:22.0343 2036 trudf - ok
08:29:22.0359 2036 TVALZ (fc5d508107166a84b2147e5b009206b5) C:\WINDOWS\system32\DRIVERS\TVALZ_O.SYS
08:29:22.0359 2036 TVALZ - ok
08:29:22.0375 2036 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:29:22.0375 2036 Udfs - ok
08:29:22.0390 2036 ultra - ok
08:29:22.0421 2036 UMWdf (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\system32\wdfmgr.exe
08:29:22.0437 2036 UMWdf - ok
08:29:22.0484 2036 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:29:22.0500 2036 Update - ok
08:29:22.0531 2036 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
08:29:22.0546 2036 upnphost - ok
08:29:22.0578 2036 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
08:29:22.0578 2036 UPS - ok
08:29:22.0640 2036 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
08:29:22.0640 2036 USBAAPL - ok
08:29:22.0687 2036 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:29:22.0687 2036 usbccgp - ok
08:29:22.0703 2036 USBCCID - ok
08:29:22.0718 2036 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:29:22.0718 2036 usbehci - ok
08:29:22.0734 2036 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:29:22.0765 2036 usbhub - ok
08:29:22.0812 2036 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:29:22.0812 2036 usbprint - ok
08:29:22.0843 2036 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:29:22.0859 2036 usbscan - ok
08:29:22.0906 2036 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:29:22.0906 2036 USBSTOR - ok
08:29:22.0953 2036 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:29:22.0953 2036 usbuhci - ok
08:29:23.0000 2036 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
08:29:23.0015 2036 usbvideo - ok
08:29:23.0062 2036 UVCFTR (237c444fbd1c697a2e3fa60f02c61f22) C:\WINDOWS\system32\Drivers\UVCFTR_S.SYS
08:29:23.0062 2036 UVCFTR - ok
08:29:23.0109 2036 vcdrom (bfa4ae30b3ac10e9223830bf103f5a3f) C:\WINDOWS\system32\drivers\VCdRom.sys
08:29:23.0125 2036 vcdrom - ok
08:29:23.0125 2036 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:29:23.0125 2036 VgaSave - ok
08:29:23.0140 2036 ViaIde - ok
08:29:23.0156 2036 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
08:29:23.0156 2036 VolSnap - ok
08:29:23.0234 2036 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
08:29:23.0250 2036 VSS - ok
08:29:23.0281 2036 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
08:29:23.0296 2036 W32Time - ok
08:29:23.0328 2036 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:29:23.0343 2036 Wanarp - ok
08:29:23.0421 2036 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
08:29:23.0437 2036 Wdf01000 - ok
08:29:23.0437 2036 WDICA - ok
08:29:23.0484 2036 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:29:23.0484 2036 wdmaud - ok
08:29:23.0531 2036 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
08:29:23.0546 2036 WebClient - ok
08:29:23.0609 2036 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
08:29:23.0609 2036 winmgmt - ok
08:29:23.0671 2036 WmdmPmSN (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\system32\MsPMSNSv.dll
08:29:23.0671 2036 WmdmPmSN - ok
08:29:23.0718 2036 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
08:29:23.0750 2036 WmiApSrv - ok
08:29:23.0781 2036 WpdUsb (c1b3d9d75c3fb735f5fa3a5806aded57) C:\WINDOWS\system32\Drivers\wpdusb.sys
08:29:23.0781 2036 WpdUsb - ok
08:29:23.0984 2036 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:29:24.0093 2036 WPFFontCache_v0400 - ok
08:29:24.0109 2036 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:29:24.0125 2036 WS2IFSL - ok
08:29:24.0171 2036 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
08:29:24.0187 2036 wscsvc - ok
08:29:24.0234 2036 WSIMD (7a36f3083e28405d6c5ecdb942513c3b) C:\WINDOWS\system32\DRIVERS\wsimd.sys
08:29:24.0250 2036 WSIMD - ok
08:29:24.0281 2036 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
08:29:24.0281 2036 WSTCODEC - ok
08:29:24.0328 2036 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
08:29:24.0343 2036 wuauserv - ok
08:29:24.0390 2036 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
08:29:24.0406 2036 WZCSVC - ok
08:29:24.0437 2036 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
08:29:24.0453 2036 xmlprov - ok
08:29:24.0500 2036 MBR (0x1B8) (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk0\DR0
08:29:25.0171 2036 \Device\Harddisk0\DR0 - ok
08:29:25.0281 2036 Boot (0x1200) (3a669551473929219e7630b71dae2096) \Device\Harddisk0\DR0\Partition0
08:29:25.0281 2036 \Device\Harddisk0\DR0\Partition0 - ok
08:29:25.0281 2036 ============================================================
08:29:25.0281 2036 Scan finished
08:29:25.0281 2036 ============================================================
08:29:25.0296 0940 Detected object count: 0
08:29:25.0296 0940 Actual detected object count: 0
08:31:30.0734 0372 Deinitialize success

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:01 AM

Posted 09 June 2012 - 08:17 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 lighthouse784

lighthouse784
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 10 June 2012 - 12:56 AM

Hey Gringo. I was able to download and open OTL. However, the programmed closes several seconds after opening. This occurred upon multiple downloads as well. Restarting my computer did not fix the problem. Thoughts? Suggestions?

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:01 AM

Posted 10 June 2012 - 01:02 AM

greetings

in which browser are you getting redirected? check all that are installed


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 lighthouse784

lighthouse784
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 10 June 2012 - 04:37 PM

Hey Gringo. The browsers being redirected are Chrome and Firefox. Internet Explorer seems to have no issue. My primary browser is Chrome.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:01 AM

Posted 10 June 2012 - 04:42 PM

Greetings

I want you to uninstall FireFox and Chrome, If asked about user data or settings then remove those also (bookmarks may be backed up)

restart the computer and reinstall both browsers and check them for me


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 lighthouse784

lighthouse784
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 10 June 2012 - 09:43 PM

Hey Gringo. Looks like the restart and reinstall did the trick! I feel silly to not have thought of this solution earlier. Thank you for your time and patience during this process. Your help has been much appreciated.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:01 AM

Posted 10 June 2012 - 10:03 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 lighthouse784

lighthouse784
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 11 June 2012 - 02:22 AM

Hey Gringo. Computer is doing well after running the script. Here is my log from Combofix:


ComboFix 12-06-10.01 - Jason 06/10/2012 22:39:12.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.675 [GMT -7:00]
Running from: c:\documents and settings\Jason\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Jason\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-11 to 2012-06-11 )))))))))))))))))))))))))))))))
.
.
2012-06-07 15:18 . 2010-10-24 14:06 178176 ----a-w- c:\windows\system32\ztvunrar39.dll
2012-06-07 15:18 . 2006-06-19 20:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2012-06-07 15:18 . 2006-05-25 22:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2012-06-07 15:18 . 2005-08-26 08:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2012-06-07 15:18 . 2003-02-03 03:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2012-06-07 15:18 . 2002-03-06 08:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2012-06-07 13:40 . 2012-06-07 13:47 27424 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-06-07 13:39 . 2012-06-07 13:40 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-06-07 08:11 . 2012-06-07 08:11 -------- d-----w- c:\documents and settings\Administrator.J
2012-05-28 07:27 . 2012-05-28 07:27 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 13:22 . 2009-04-06 19:46 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-28 07:27 . 2011-06-16 19:49 70304 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:14 . 2008-04-14 00:54 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2009-04-06 19:48 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 22:56 . 2010-12-29 01:16 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-09_05.51.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-11 04:15 . 2012-06-11 04:15 16384 c:\windows\Temp\Perflib_Perfdata_34c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-06 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 184320]
"ACU"="c:\program files\Atheros\ACU.exe" [2009-03-06 479320]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2008-12-20 83336]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2009-04-03 73728]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-17 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-17 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-17 137752]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-13 17531392]
"NDSTray.exe"="NDSTray.exe" [BU]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2009-03-18 827392]
"TDispVol"="TDispVol.exe" [2009-04-02 210232]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"ZoomingHook"="ZoomingHook.exe" [2005-06-06 24576]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-04-10 159744]
"TAccessibility"="c:\program files\TOSHIBA\Accessibility\TAccessibility.exe" [2009-02-25 110592]
"TPSMain"="TPSMain.exe" [2009-03-17 283960]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-14 311296]
"TUSBSleepChargeSrv"="c:\program files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [2009-03-16 252288]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2007-01-26 136816]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2009-10-22 1577984]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-06 4241512]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 18:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2009-12-01 17:38 3951976 ----a-w- c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 21:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2009-07-27 19:37 424496 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-06 05:57 136176 ----atw- c:\documents and settings\Jason\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 09:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 12:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-04-06 19:43 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-10-14 07:18 202256 -c--a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\TOSHIBA\\IVP\\ISM\\pinger.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Documents and Settings\\Jason\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [8/21/2008 10:35 AM 28536]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [9/4/2007 10:14 AM 6528]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8/8/2011 5:21 PM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/14/2009 5:30 PM 337880]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [12/19/2001 12:45 PM 8576]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/14/2009 5:30 PM 20696]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [3/26/2007 12:22 PM 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2/19/2007 12:15 PM 134016]
R3 cecnuvc;Chicony USB 2.0 Camera VD;c:\windows\system32\drivers\cec_uvc.sys [7/27/2009 1:22 AM 48176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/24/2010 6:37 PM 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5/28/2012 12:27 AM 257696]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4/6/2009 12:08 PM 1684736]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/24/2010 6:37 PM 136176]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [6/7/2012 6:40 AM 27424]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 11:15 AM 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [4/6/2009 12:09 PM 164864]
S3 RtsUIR;Realtek IR Driver; [x]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-28 07:27]
.
2012-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-25 01:37]
.
2012-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-25 01:37]
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-338281255-2323983354-2928877906-1005Core.job
- c:\documents and settings\Jason\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 05:57]
.
2012-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-338281255-2323983354-2928877906-1005UA.job
- c:\documents and settings\Jason\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 05:57]
.
2012-06-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-338281255-2323983354-2928877906-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]
.
2012-06-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-338281255-2323983354-2928877906-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]
.
2012-06-11 c:\windows\Tasks\Windows Codec Update Service.job
- c:\program files\Essentials Codec Pack\WECPUpdate.exe [2012-02-23 01:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: motive.com\patttbc.att
TCP: DhcpNameServer = 10.0.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-10 22:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2824)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~3\Office14\1033\GrooveIntlResource.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
Completion time: 2012-06-10 22:52:25
ComboFix-quarantined-files.txt 2012-06-11 05:52
.
Pre-Run: 85,378,367,488 bytes free
Post-Run: 85,421,404,160 bytes free
.
- - End Of File - - FAF8F6D089A2FA0A8A7167D53053F0E6

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:01 AM

Posted 11 June 2012 - 09:48 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.5.1
Java™ 6 Update 16
Java™ 6 Update 20
Search Toolbar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 lighthouse784

lighthouse784
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 12 June 2012 - 12:16 AM

Hey Gringo, thanks for your prompt response. I was unsure of what exact "search toolbar" you wanted me to remove using Revo. Google toolbar for internet explorer? The following is the log from MBAM and report from hijackthis. The google redirect issue has been resolved and everything seems to be running well.


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.12.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jason :: J [administrator]

6/11/2012 9:48:07 PM
mbam-log-2012-06-11 (21-48-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 235303
Time elapsed: 14 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:13:06 PM, on 6/11/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [ThpSrv] C:\WINDOWS\system32\thpsrv /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TAccessibility] C:\Program Files\TOSHIBA\Accessibility\TAccessibility.exe Instant
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [TUSBSleepChargeSrv] %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 11939 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users