Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Intermittent Google Redirects


  • Please log in to reply
5 replies to this topic

#1 Vector23

Vector23

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 12 June 2012 - 07:29 PM

Hello,

I've noticed 2 machines on our network in my office that have users that are complaining of redirects happening when they click on the links that are resultant from a google search in either firefox or IE. I've pulled the two machines out of production and have them here at my desk. The symptoms are as follows: do a search in google, click on one of the results 1 in 4 times it will give you the search you are looking for. The other times it redirects randomly to a pool of addresses.

The Fully up to day McAfee Sonic Wall Enforced Client on the system unsurprisingly detects nothing, a malwarebytes scan of the PC found really nothing as windows updates and firewall are disabled by GPO. Logs are inline. A secondary scan by Superantispyware found 117 or so tracking cookies but no real problems.

I need to identify what the particular peice of malware I am dealing with is, so I can know how worried I need to be as this PC is used to do the payroll at my company.'

One of the PC's has already been ghosted and the infection has resurfaced which makes me think this might be a new variant of TDSS, however TDSS Killer finds no infection.

Any help is greatly Appreciated.

===============================================


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.11.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
MichaelL :: PCACCOUNTING9 [administrator]

06/11/12 3:30:37 PM
mbam-log-2012-06-11 (15-30-37).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 440024
Time elapsed: 39 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|NoDispScrSavPage (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

==================================

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/11/2012 at 05:16 PM

Application Version : 5.0.1150

Core Rules Database Version : 8718
Trace Rules Database Version: 6530

Scan type : Complete Scan
Total Scan Time : 00:36:02

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 468
Memory threats detected : 0
Registry items scanned : 34750
Registry threats detected : 0
File items scanned : 31596
File threats detected : 117

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\adminhsi@atdmt[1].txt [ /atdmt ]
C:\Documents and Settings\Administrator\Cookies\adminhsi@c.atdmt[2].txt [ /c.atdmt ]
C:\Documents and Settings\Administrator\Cookies\adminhsi@doubleclick[1].txt [ /doubleclick ]
C:\Documents and Settings\Administrator\Cookies\adminhsi@revsci[1].txt [ /revsci ]
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt [ /atdmt ]
C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[2].txt [ /bs.serving-sys ]
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[2].txt [ /doubleclick ]
C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt [ /msnportal.112.2o7 ]
C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[1].txt [ /serving-sys ]
C:\Documents and Settings\Administrator\Cookies\administrator@statse.webtrendslive[1].txt [ /statse.webtrendslive ]
C:\DOCUMENTS AND SETTINGS\DAVIDS\Cookies\davids@www.accountantforums[2].txt [ Cookie:davids@www.accountantforums.com/ ]
C:\DOCUMENTS AND SETTINGS\DAVIDS\Cookies\davids@ar.atwola[2].txt [ Cookie:davids@ar.atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\DAVIDS\Cookies\davids@advertising[2].txt [ Cookie:davids@advertising.com/ ]
C:\DOCUMENTS AND SETTINGS\DAVIDS\Cookies\davids@c1.atdmt[1].txt [ Cookie:davids@c1.atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\DAVIDS\Cookies\davids@questionmarket[1].txt [ Cookie:davids@questionmarket.com/ ]
C:\DOCUMENTS AND SETTINGS\DAVIDS\Cookies\davids@tribalfusion[1].txt [ Cookie:davids@tribalfusion.com/ ]
C:\DOCUMENTS AND SETTINGS\DAVIDS\Cookies\davids@dmtracker[1].txt [ Cookie:davids@dmtracker.com/ ]
C:\DOCUMENTS AND SETTINGS\DAVIDS\Cookies\davids@mm.chitika[1].txt [ Cookie:davids@mm.chitika.net/ ]
C:\DOCUMENTS AND SETTINGS\DAVIDS\Cookies\davids@specificclick[1].txt [ Cookie:davids@specificclick.net/ ]
C:\DOCUMENTS AND SETTINGS\DAVIDS\Cookies\davids@adtech[1].txt [ Cookie:davids@adtech.de/ ]
C:\DOCUMENTS AND SETTINGS\DAVIDS\Cookies\davids@revsci[1].txt [ Cookie:davids@revsci.net/ ]
C:\DOCUMENTS AND SETTINGS\DAVIDS\Cookies\davids@collective-media[1].txt [ Cookie:davids@collective-media.net/ ]
C:\DOCUMENTS AND SETTINGS\DAVIDS\Cookies\davids@pointroll[2].txt [ Cookie:davids@pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\DAVIDS\Cookies\davids@adbrite[2].txt [ Cookie:davids@adbrite.com/ ]
C:\DOCUMENTS AND SETTINGS\DAVIDS\Cookies\davids@c.atdmt[2].txt [ Cookie:davids@c.atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\DAVIDS\Cookies\davids@microsoftsto.112.2o7[1].txt [ Cookie:davids@microsoftsto.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\DAVIDS\Cookies\davids@ads.pointroll[1].txt [ Cookie:davids@ads.pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\DAVIDS\Cookies\davids@ru4[1].txt [ Cookie:davids@ru4.com/ ]
C:\DOCUMENTS AND SETTINGS\DAVIDS\Cookies\davids@tacoda.at.atwola[1].txt [ Cookie:davids@tacoda.at.atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\DAVIDS\Cookies\davids@doubleclick[2].txt [ Cookie:davids@doubleclick.net/ ]
C:\DOCUMENTS AND SETTINGS\DAVIDS\Cookies\davids@invitemedia[1].txt [ Cookie:davids@invitemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\DOUGLASS\Cookies\douglass@advertising[1].txt [ Cookie:douglass@advertising.com/ ]
C:\DOCUMENTS AND SETTINGS\DOUGLASS\Cookies\douglass@ad.yieldmanager[2].txt [ Cookie:douglass@ad.yieldmanager.com/ ]
C:\DOCUMENTS AND SETTINGS\DOUGLASS\Cookies\douglass@interclick[1].txt [ Cookie:douglass@interclick.com/ ]
C:\DOCUMENTS AND SETTINGS\DOUGLASS\Cookies\douglass@collective-media[1].txt [ Cookie:douglass@collective-media.net/ ]
C:\DOCUMENTS AND SETTINGS\DOUGLASS\Cookies\douglass@invitemedia[2].txt [ Cookie:douglass@invitemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\DOUGLASS\Cookies\douglass@accounting4peachtree[1].txt [ Cookie:douglass@accounting4peachtree.com/ ]
C:\DOCUMENTS AND SETTINGS\JOSHUAF\Cookies\joshuaf@mediaplex[2].txt [ Cookie:joshuaf@mediaplex.com/ ]
C:\DOCUMENTS AND SETTINGS\JOSHUAF\Cookies\joshuaf@tribalfusion[2].txt [ Cookie:joshuaf@tribalfusion.com/ ]
C:\DOCUMENTS AND SETTINGS\JOSHUAF\Cookies\joshuaf@atdmt[2].txt [ Cookie:joshuaf@atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\JOSHUAF\Cookies\joshuaf@kontera[1].txt [ Cookie:joshuaf@kontera.com/ ]
C:\DOCUMENTS AND SETTINGS\JOSHUAF\Cookies\joshuaf@adtech[1].txt [ Cookie:joshuaf@adtech.de/ ]
C:\DOCUMENTS AND SETTINGS\JOSHUAF\Cookies\joshuaf@microsoftsto.112.2o7[1].txt [ Cookie:joshuaf@microsoftsto.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\JOSHUAF\Cookies\joshuaf@doubleclick[1].txt [ Cookie:joshuaf@doubleclick.net/ ]
C:\DOCUMENTS AND SETTINGS\JOSHUAF\Cookies\joshuaf@apmebf[1].txt [ Cookie:joshuaf@apmebf.com/ ]
C:\DOCUMENTS AND SETTINGS\JOSHUAF\Cookies\joshuaf@serving-sys[1].txt [ Cookie:joshuaf@serving-sys.com/ ]
C:\DOCUMENTS AND SETTINGS\JOSHUAF\Cookies\joshuaf@adbrite[2].txt [ Cookie:joshuaf@adbrite.com/ ]
C:\DOCUMENTS AND SETTINGS\JOSHUAF\Cookies\joshuaf@specificclick[1].txt [ Cookie:joshuaf@specificclick.net/ ]
C:\DOCUMENTS AND SETTINGS\JOSHUAF\Cookies\joshuaf@invitemedia[2].txt [ Cookie:joshuaf@invitemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\MICHAELL\Cookies\michaell@adsonar[1].txt [ Cookie:michaell@adsonar.com/adserving ]
C:\DOCUMENTS AND SETTINGS\MICHAELL\Cookies\michaell@www.qsstats[1].txt [ Cookie:michaell@www.qsstats.com/dcs88d31n00000kf5ut75e6wa_8v3z ]
C:\DOCUMENTS AND SETTINGS\MICHAELL\Cookies\michaell@legolas-media[2].txt [ Cookie:michaell@legolas-media.com/ ]
C:\DOCUMENTS AND SETTINGS\MICHAELL\Cookies\michaell@2o7[1].txt [ Cookie:michaell@2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\MICHAELL\Cookies\michaell@ad.yieldmanager[2].txt [ Cookie:michaell@ad.yieldmanager.com/ ]
C:\DOCUMENTS AND SETTINGS\MICHAELL\Cookies\michaell@serving-sys[2].txt [ Cookie:michaell@serving-sys.com/ ]
C:\DOCUMENTS AND SETTINGS\MICHAELL\Cookies\michaell@pointroll[2].txt [ Cookie:michaell@pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\MICHAELL\Cookies\michaell@click.get-answers-fast[2].txt [ Cookie:michaell@click.get-answers-fast.com/ads-clicktrack/click/ ]
C:\DOCUMENTS AND SETTINGS\MICHAELL\Cookies\michaell@interclick[2].txt [ Cookie:michaell@interclick.com/ ]
C:\DOCUMENTS AND SETTINGS\MICHAELL\Cookies\michaell@insightexpressai[1].txt [ Cookie:michaell@insightexpressai.com/ ]
C:\DOCUMENTS AND SETTINGS\MICHAELL\Cookies\michaell@manageelitetraining[1].txt [ Cookie:michaell@manageelitetraining.com/ ]
C:\DOCUMENTS AND SETTINGS\MICHAELL\Cookies\michaell@tacoda.at.atwola[2].txt [ Cookie:michaell@tacoda.at.atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\MICHAELL\Cookies\michaell@casalemedia[1].txt [ Cookie:michaell@casalemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\MICHAELL\Cookies\michaell@mediaplex[1].txt [ Cookie:michaell@mediaplex.com/ ]
C:\DOCUMENTS AND SETTINGS\MICHAELL\Cookies\michaell@collective-media[1].txt [ Cookie:michaell@collective-media.net/ ]
C:\DOCUMENTS AND SETTINGS\MICHAELL\Cookies\michaell@advertising[1].txt [ Cookie:michaell@advertising.com/ ]
C:\DOCUMENTS AND SETTINGS\MICHAELL\Cookies\michaell@2americanexpress.122.2o7[1].txt [ Cookie:michaell@2americanexpress.122.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\MICHAELL\Cookies\michaell@fastclick[1].txt [ Cookie:michaell@fastclick.net/ ]
C:\DOCUMENTS AND SETTINGS\MICHAELL\Cookies\michaell@adbrite[2].txt [ Cookie:michaell@adbrite.com/ ]
C:\DOCUMENTS AND SETTINGS\MICHAELL\Cookies\michaell@realmedia[1].txt [ Cookie:michaell@realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\MICHAELL\Cookies\michaell@doubleclick[1].txt [ Cookie:michaell@doubleclick.net/ ]
C:\DOCUMENTS AND SETTINGS\MICHAELL\Cookies\michaell@ads.pointroll[2].txt [ Cookie:michaell@ads.pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\MICHAELL\Cookies\michaell@imrworldwide[2].txt [ Cookie:michaell@imrworldwide.com/cgi-bin ]
C:\DOCUMENTS AND SETTINGS\MICHAELL\Cookies\michaell@mm.chitika[1].txt [ Cookie:michaell@mm.chitika.net/ ]
C:\DOCUMENTS AND SETTINGS\MICHAELL\Cookies\michaell@ru4[2].txt [ Cookie:michaell@ru4.com/ ]
C:\DOCUMENTS AND SETTINGS\MICHAELL\Cookies\michaell@questionmarket[2].txt [ Cookie:michaell@questionmarket.com/ ]
C:\DOCUMENTS AND SETTINGS\MICHAELL\Cookies\michaell@testdata.coremetrics[1].txt [ Cookie:michaell@testdata.coremetrics.com/ ]
C:\DOCUMENTS AND SETTINGS\MICHAELL\Cookies\michaell@ads.saymedia[1].txt [ Cookie:michaell@ads.saymedia.com/ ]
C:\DOCUMENTS AND SETTINGS\MICHAELL\Cookies\michaell@ar.atwola[2].txt [ Cookie:michaell@ar.atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\MICHAELL\Cookies\michaell@zedo[1].txt [ Cookie:michaell@zedo.com/ ]
C:\DOCUMENTS AND SETTINGS\MICHAELL\Cookies\michaell@network.realmedia[2].txt [ Cookie:michaell@network.realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\MICHAELL\Cookies\michaell@c1.atdmt[1].txt [ Cookie:michaell@c1.atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\MICHAELL\Cookies\michaell@lucidmedia[2].txt [ Cookie:michaell@lucidmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\MICHAELL\Cookies\michaell@c.atdmt[2].txt [ Cookie:michaell@c.atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\MICHAELL\Cookies\michaell@tribalfusion[2].txt [ Cookie:michaell@tribalfusion.com/ ]
C:\DOCUMENTS AND SETTINGS\NORAA\Cookies\noraa@atdmt[1].txt [ Cookie:noraa@atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\NORAA\Cookies\noraa@msnportal.112.2o7[1].txt [ Cookie:noraa@msnportal.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\DAVIDS\COOKIES\DAVIDS@AMAZON-ADSYSTEM[1].TXT [ /AMAZON-ADSYSTEM ]
click.get-answers-fast.com [ C:\DOCUMENTS AND SETTINGS\MICHAELL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FALMDB5C.DEFAULT\COOKIES.SQLITE ]
click.get-answers-fast.com [ C:\DOCUMENTS AND SETTINGS\MICHAELL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FALMDB5C.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\MICHAELL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FALMDB5C.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\MICHAELL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FALMDB5C.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\MICHAELL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FALMDB5C.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\MICHAELL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FALMDB5C.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\DOCUMENTS AND SETTINGS\MICHAELL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FALMDB5C.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\MICHAELL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FALMDB5C.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\MICHAELL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FALMDB5C.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\MICHAELL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FALMDB5C.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\MICHAELL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FALMDB5C.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\MICHAELL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FALMDB5C.DEFAULT\COOKIES.SQLITE ]
adserver.zonemedia.com [ C:\DOCUMENTS AND SETTINGS\MICHAELL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FALMDB5C.DEFAULT\COOKIES.SQLITE ]
adserver.zonemedia.com [ C:\DOCUMENTS AND SETTINGS\MICHAELL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FALMDB5C.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\MICHAELL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FALMDB5C.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\MICHAELL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FALMDB5C.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\MICHAELL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FALMDB5C.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\MICHAELL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FALMDB5C.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\MICHAELL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FALMDB5C.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\MICHAELL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FALMDB5C.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\MICHAELL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\FALMDB5C.DEFAULT\COOKIES.SQLITE ]
C:\DOCUMENTS AND SETTINGS\MICHAELL\COOKIES\MICHAELL@ADS.CNN[2].TXT [ /ADS.CNN ]
C:\DOCUMENTS AND SETTINGS\MICHAELL\COOKIES\MICHAELL@ADS.POF[2].TXT [ /ADS.POF ]
C:\DOCUMENTS AND SETTINGS\MICHAELL\COOKIES\MICHAELL@ADS.UNDERTONE[1].TXT [ /ADS.UNDERTONE ]
C:\DOCUMENTS AND SETTINGS\MICHAELL\COOKIES\MICHAELL@AKAMAI.INTERCLICKPROXY[2].TXT [ /AKAMAI.INTERCLICKPROXY ]
C:\DOCUMENTS AND SETTINGS\MICHAELL\COOKIES\MICHAELL@AT.ATWOLA[2].TXT [ /AT.ATWOLA ]
C:\DOCUMENTS AND SETTINGS\MICHAELL\COOKIES\MICHAELL@INVITEMEDIA[1].TXT [ /INVITEMEDIA ]
C:\DOCUMENTS AND SETTINGS\MICHAELL\COOKIES\MICHAELL@KANOODLE[1].TXT [ /KANOODLE ]
C:\DOCUMENTS AND SETTINGS\MICHAELL\COOKIES\MICHAELL@PRO-MARKET[1].TXT [ /PRO-MARKET ]
C:\DOCUMENTS AND SETTINGS\MICHAELL\COOKIES\MICHAELL@STATSE.WEBTRENDSLIVE[2].TXT [ /STATSE.WEBTRENDSLIVE ]

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,537 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:28 AM

Posted 12 June 2012 - 07:51 PM

Hello please next do these

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.



If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. [color=green]In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Vector23

Vector23
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 12 June 2012 - 08:04 PM

Ran MiniToolbox and TDSSKiller - TDSSKiller Found nothing, I've included its logs inline in any case. Redirects happening regularly.

MiniToolBox by Farbar Version: 09-06-2012
Ran by AdminHSI (administrator) on 12-06-2012 at 17:58:22
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: :0

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . :

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsi.com

hsi.com



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet

Physical Address. . . . . . . . . : 00-23-AE-85-B2-41

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.71

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.13

DHCP Server . . . . . . . . . . . : 192.168.0.3

DNS Servers . . . . . . . . . . . : 192.168.0.8

192.168.0.3

Lease Obtained. . . . . . . . . . : Tuesday, June 12, 2012 5:09:53 PM

Lease Expires . . . . . . . . . . : Friday, June 15, 2012 5:09:53 PM

Server: lion.hsi.com
Address: 192.168.0.8

Name: google.com
Addresses: 74.125.224.206, 74.125.224.199, 74.125.224.195, 74.125.224.196
74.125.224.197, 74.125.224.192, 74.125.224.193, 74.125.224.198, 74.125.224.200
74.125.224.194, 74.125.224.201



Pinging google.com [74.125.224.206] with 32 bytes of data:



Reply from 74.125.224.206: bytes=32 time=7ms TTL=55

Reply from 74.125.224.206: bytes=32 time=7ms TTL=55



Ping statistics for 74.125.224.206:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 7ms, Maximum = 7ms, Average = 7ms

Server: lion.hsi.com
Address: 192.168.0.8

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=36ms TTL=55

Reply from 209.191.122.70: bytes=32 time=36ms TTL=55



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 36ms, Maximum = 36ms, Average = 36ms

Server: lion.hsi.com
Address: 192.168.0.8

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 23 ae 85 b2 41 ...... Broadcom NetLink ™ Gigabit Ethernet - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.13 192.168.0.71 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.71 192.168.0.71 20
192.168.0.71 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.71 192.168.0.71 20
224.0.0.0 240.0.0.0 192.168.0.71 192.168.0.71 20
255.255.255.255 255.255.255.255 192.168.0.71 192.168.0.71 1
Default Gateway: 192.168.0.13
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/12/2012 05:58:31 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2012/06/12 17:58:31.781]: [00000220]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.0.123]

Error: (06/12/2012 05:57:22 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2012/06/12 17:57:22.781]: [00000220]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.0.123]

Error: (06/12/2012 05:56:13 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2012/06/12 17:56:13.781]: [00000220]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.0.123]

Error: (06/12/2012 05:55:04 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2012/06/12 17:55:04.781]: [00000220]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.0.123]

Error: (06/12/2012 05:53:55 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2012/06/12 17:53:55.781]: [00000220]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.0.123]

Error: (06/12/2012 05:52:46 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2012/06/12 17:52:46.781]: [00000220]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.0.123]

Error: (06/12/2012 05:51:37 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2012/06/12 17:51:37.781]: [00000220]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.0.123]

Error: (06/12/2012 05:50:28 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2012/06/12 17:50:28.781]: [00000220]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.0.123]

Error: (06/12/2012 05:49:19 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2012/06/12 17:49:19.781]: [00000220]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.0.123]

Error: (06/12/2012 05:48:10 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2012/06/12 17:48:10.781]: [00000220]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.0.123]


System errors:
=============
Error: (06/12/2012 05:11:37 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
tdx

Error: (06/12/2012 05:11:37 PM) (Source: Service Control Manager) (User: )
Description: The Automatic Updates service failed to start due to the following error:
%%1290

Error: (06/12/2012 05:11:37 PM) (Source: Service Control Manager) (User: )
Description: The @%SystemRoot%\system32\iphlpsvc.dll,-200 service depends on the following nonexistent service: nsi

Error: (06/12/2012 05:09:20 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/12/2012 05:02:56 PM) (Source: DCOM) (User: AdminHSI)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (06/12/2012 04:54:54 PM) (Source: DCOM) (User: AdminHSI)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error: (06/12/2012 04:45:03 PM) (Source: DCOM) (User: AdminHSI)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (06/12/2012 04:25:44 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
Fips
intelppm
IPSec
mfehidk
mfetdi2k
mfetdik
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
SASDIFSV
SASKUTIL
Tcpip

Error: (06/12/2012 04:25:44 PM) (Source: Service Control Manager) (User: )
Description: The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error:
%%1068

Error: (06/12/2012 04:25:44 PM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31


Microsoft Office Sessions:
=========================
Error: (06/12/2012 05:58:31 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2012/06/12 17:58:31.781]: [00000220]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.0.123]

Error: (06/12/2012 05:57:22 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2012/06/12 17:57:22.781]: [00000220]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.0.123]

Error: (06/12/2012 05:56:13 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2012/06/12 17:56:13.781]: [00000220]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.0.123]

Error: (06/12/2012 05:55:04 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2012/06/12 17:55:04.781]: [00000220]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.0.123]

Error: (06/12/2012 05:53:55 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2012/06/12 17:53:55.781]: [00000220]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.0.123]

Error: (06/12/2012 05:52:46 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2012/06/12 17:52:46.781]: [00000220]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.0.123]

Error: (06/12/2012 05:51:37 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2012/06/12 17:51:37.781]: [00000220]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.0.123]

Error: (06/12/2012 05:50:28 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2012/06/12 17:50:28.781]: [00000220]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.0.123]

Error: (06/12/2012 05:49:19 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2012/06/12 17:49:19.781]: [00000220]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.0.123]

Error: (06/12/2012 05:48:10 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2012/06/12 17:48:10.781]: [00000220]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.0.123]


=========================== Installed Programs ============================

Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
ACT! 2000
Adobe Acrobat 6.0.1 Standard (Version: 006.000.001)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 11 ActiveX (Version: 11.3.300.257)
Adobe Flash Player 11 Plugin (Version: 11.2.202.235)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Babylon toolbar on IE
Broadcom Gigabit NetLink Controller (Version: 11.21.01)
Brother HL-5340D (Version: 1.00)
Brother MFL-Pro Suite DCP-7065DN (Version: 1.0.7.0)
CCH Small Firm Services 2011 (Remove Only)
CCleaner (remove only)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Critical Update for Windows Media Player 11 (KB959772)
Crystal Reports 2008 Runtime SP1 (Version: 12.1.0.882)
Dell Resource CD (Version: 1.00.0000)
getPlus® for Adobe (Version: 1.5.2.35)
Intel® Graphics Media Accelerator Driver
IPK II PC Assistant (Version: 2.1.0)
LG United Mobile Drivers (Version: 3.3.0.0)
LiveAdvisor (Symantec Corporation) (Version: 1.0.0.706)
LiveUpdate
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.4518.1014)
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0)
Microsoft Office XP Small Business (Version: 10.0.6626.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 12.0 (x86 en-US) (Version: 12.0)
Mozilla Maintenance Service (Version: 12.0)
Peachtree Accounting 2012 (Version: 19.00.00)
Peachtree Complete Accounting 2005 (Version: 12.00.00)
Peachtree Complete Accounting 2010
Peachtree Signature Ready Forms (Version: 6.14.24)
Pervasive PSQL v10 SP2 Workgroup (32-bit) (Version: 10.20.034)
Sage Integration Services (Version: 2.2.2240)
Sage Message Center (Version: 2.00.0000)
Shadow Copy Client (Version: 5.2.01)
SoundMAX (Version: 5.10.01.5850)
Stamps.com
SUPERAntiSpyware (Version: 5.0.1150)
Symantec WinFax PRO 10.0
UltraVNC108 (Version: 1.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Visual C++ 8.0 x86 Runtime Setup Package (Version: 1.0.0.0)
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime (Version: 9.0.30729)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Media Format 11 runtime
Windows PowerShell™ 1.0 (Version: 2)
Windows PowerShell™ 1.0 MUI pack (Version: 2)

========================= Memory info: ===================================

Percentage of memory in use: 20%
Total physical RAM: 2036.89 MB
Available physical RAM: 1625.52 MB
Total Pagefile: 3929.56 MB
Available Pagefile: 3097.36 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.48 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:149.01 GB) (Free:135.42 GB) NTFS
3 Drive e: (KINGSTON) (Removable) (Total:7.26 GB) (Free:7.14 GB) FAT32

========================= Users: ========================================

User accounts for \\PCACCOUNTING9

AdminHSI ASPNET Guest
HelpAssistant McAfeeMVSUser SUPPORT_388945a0


**** End of log ****
=========================================

TDSSKILLER LOGS

8:00:24.0156 2784 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
18:00:24.0578 2784 ============================================================
18:00:24.0578 2784 Current date / time: 2012/06/12 18:00:24.0578
18:00:24.0578 2784 SystemInfo:
18:00:24.0578 2784
18:00:24.0578 2784 OS Version: 5.1.2600 ServicePack: 3.0
18:00:24.0578 2784 Product type: Workstation
18:00:24.0578 2784 ComputerName: PCACCOUNTING9
18:00:24.0578 2784 UserName: AdminHSI
18:00:24.0578 2784 Windows directory: C:\WINDOWS
18:00:24.0578 2784 System windows directory: C:\WINDOWS
18:00:24.0578 2784 Processor architecture: Intel x86
18:00:24.0578 2784 Number of processors: 2
18:00:24.0578 2784 Page size: 0x1000
18:00:24.0578 2784 Boot type: Normal boot
18:00:24.0578 2784 ============================================================
18:00:25.0750 2784 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:00:25.0750 2784 Drive \Device\Harddisk1\DR6 - Size: 0x1D11B0000 (7.27 Gb), SectorSize: 0x200, Cylinders: 0x3B4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:00:25.0765 2784 ============================================================
18:00:25.0765 2784 \Device\Harddisk0\DR0:
18:00:25.0765 2784 MBR partitions:
18:00:25.0765 2784 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A050BD
18:00:25.0765 2784 \Device\Harddisk1\DR6:
18:00:25.0765 2784 MBR partitions:
18:00:25.0765 2784 \Device\Harddisk1\DR6\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0xE86E00
18:00:25.0765 2784 ============================================================
18:00:25.0765 2784 C: <-> \Device\Harddisk0\DR0\Partition0
18:00:25.0765 2784 ============================================================
18:00:25.0765 2784 Initialize success
18:00:25.0765 2784 ============================================================
18:00:27.0062 2168 ============================================================
18:00:27.0062 2168 Scan started
18:00:27.0062 2168 Mode: Manual;
18:00:27.0062 2168 ============================================================
18:00:27.0609 2168 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
18:00:27.0609 2168 !SASCORE - ok
18:00:27.0671 2168 Abiosdsk - ok
18:00:27.0687 2168 abp480n5 - ok
18:00:27.0703 2168 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:00:27.0703 2168 ACPI - ok
18:00:27.0734 2168 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:00:27.0734 2168 ACPIEC - ok
18:00:27.0765 2168 ADIHdAudAddService (803c7d4767132f2407431103055c9000) C:\WINDOWS\system32\drivers\ADIHdAud.sys
18:00:27.0765 2168 ADIHdAudAddService - ok
18:00:27.0812 2168 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:00:27.0812 2168 AdobeFlashPlayerUpdateSvc - ok
18:00:27.0812 2168 adpu160m - ok
18:00:27.0843 2168 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:00:27.0843 2168 aec - ok
18:00:27.0875 2168 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
18:00:27.0875 2168 AFD - ok
18:00:27.0875 2168 Aha154x - ok
18:00:27.0890 2168 aic78u2 - ok
18:00:27.0890 2168 aic78xx - ok
18:00:27.0906 2168 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
18:00:27.0906 2168 Alerter - ok
18:00:27.0921 2168 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
18:00:27.0921 2168 ALG - ok
18:00:27.0921 2168 AliIde - ok
18:00:27.0937 2168 amsint - ok
18:00:27.0953 2168 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
18:00:27.0968 2168 AppMgmt - ok
18:00:27.0968 2168 asc - ok
18:00:27.0968 2168 asc3350p - ok
18:00:27.0984 2168 asc3550 - ok
18:00:28.0046 2168 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:00:28.0125 2168 aspnet_state - ok
18:00:28.0140 2168 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:00:28.0140 2168 AsyncMac - ok
18:00:28.0156 2168 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:00:28.0156 2168 atapi - ok
18:00:28.0171 2168 Atdisk - ok
18:00:28.0171 2168 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:00:28.0171 2168 Atmarpc - ok
18:00:28.0203 2168 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
18:00:28.0203 2168 AudioSrv - ok
18:00:28.0218 2168 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:00:28.0234 2168 audstub - ok
18:00:28.0234 2168 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:00:28.0250 2168 Beep - ok
18:00:28.0281 2168 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
18:00:28.0312 2168 BITS - ok
18:00:28.0343 2168 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
18:00:28.0343 2168 BridgeMP - ok
18:00:28.0375 2168 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
18:00:28.0375 2168 Browser - ok
18:00:28.0390 2168 BrPar (2fe6d5be0629f706197b30c0aa05de30) C:\WINDOWS\System32\drivers\BrPar.sys
18:00:28.0468 2168 BrPar - ok
18:00:28.0531 2168 BrYNSvc (ea7e57f87d6fee5fd6c5f813c04e8cd2) C:\Program Files\Browny02\BrYNSvc.exe
18:00:28.0609 2168 BrYNSvc - ok
18:00:28.0671 2168 catchme - ok
18:00:28.0687 2168 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:00:28.0703 2168 cbidf2k - ok
18:00:28.0703 2168 cd20xrnt - ok
18:00:28.0718 2168 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:00:28.0718 2168 Cdaudio - ok
18:00:28.0750 2168 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:00:28.0750 2168 Cdfs - ok
18:00:28.0765 2168 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:00:28.0765 2168 Cdrom - ok
18:00:28.0765 2168 cerc6 - ok
18:00:28.0781 2168 Changer - ok
18:00:28.0796 2168 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
18:00:28.0796 2168 CiSvc - ok
18:00:28.0796 2168 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
18:00:28.0812 2168 ClipSrv - ok
18:00:28.0859 2168 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:00:28.0968 2168 clr_optimization_v2.0.50727_32 - ok
18:00:29.0015 2168 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:00:29.0109 2168 clr_optimization_v4.0.30319_32 - ok
18:00:29.0109 2168 CmdIde - ok
18:00:29.0109 2168 COMSysApp - ok
18:00:29.0125 2168 Cpqarray - ok
18:00:29.0156 2168 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
18:00:29.0156 2168 CryptSvc - ok
18:00:29.0156 2168 dac2w2k - ok
18:00:29.0156 2168 dac960nt - ok
18:00:29.0203 2168 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:00:29.0203 2168 DcomLaunch - ok
18:00:29.0234 2168 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
18:00:29.0234 2168 Dhcp - ok
18:00:29.0250 2168 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:00:29.0250 2168 Disk - ok
18:00:29.0265 2168 dmadmin - ok
18:00:29.0328 2168 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:00:29.0343 2168 dmboot - ok
18:00:29.0375 2168 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:00:29.0375 2168 dmio - ok
18:00:29.0390 2168 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:00:29.0390 2168 dmload - ok
18:00:29.0406 2168 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
18:00:29.0406 2168 dmserver - ok
18:00:29.0421 2168 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:00:29.0421 2168 DMusic - ok
18:00:29.0453 2168 Dnscache (474b4dc3983173e4b4c9740b0dac98a6) C:\WINDOWS\System32\dnsrslvr.dll
18:00:29.0453 2168 Dnscache - ok
18:00:29.0468 2168 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
18:00:29.0484 2168 Dot3svc - ok
18:00:29.0484 2168 dpti2o - ok
18:00:29.0484 2168 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:00:29.0500 2168 drmkaud - ok
18:00:29.0500 2168 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
18:00:29.0500 2168 EapHost - ok
18:00:29.0515 2168 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
18:00:29.0515 2168 ERSvc - ok
18:00:29.0546 2168 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:00:29.0546 2168 Eventlog - ok
18:00:29.0578 2168 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
18:00:29.0578 2168 EventSystem - ok
18:00:29.0593 2168 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:00:29.0609 2168 Fastfat - ok
18:00:29.0609 2168 FastUserSwitchingCompatibility (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
18:00:29.0640 2168 FastUserSwitchingCompatibility - ok
18:00:29.0671 2168 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
18:00:29.0671 2168 Fdc - ok
18:00:29.0687 2168 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:00:29.0687 2168 Fips - ok
18:00:29.0703 2168 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:00:29.0703 2168 Flpydisk - ok
18:00:29.0734 2168 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
18:00:29.0734 2168 FltMgr - ok
18:00:29.0796 2168 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:00:29.0812 2168 FontCache3.0.0.0 - ok
18:00:29.0828 2168 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:00:29.0828 2168 Fs_Rec - ok
18:00:29.0843 2168 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:00:29.0843 2168 Ftdisk - ok
18:00:29.0875 2168 getPlus® Helper (7bec703f31e1d441db16886c9aa4cba9) C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
18:00:30.0796 2168 getPlus® Helper - ok
18:00:30.0812 2168 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:00:30.0812 2168 Gpc - ok
18:00:30.0828 2168 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:00:30.0843 2168 HDAudBus - ok
18:00:30.0859 2168 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:00:30.0859 2168 helpsvc - ok
18:00:30.0859 2168 HidServ - ok
18:00:30.0890 2168 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:00:30.0890 2168 hidusb - ok
18:00:30.0906 2168 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
18:00:30.0906 2168 hkmsvc - ok
18:00:30.0906 2168 hpn - ok
18:00:30.0937 2168 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
18:00:30.0937 2168 HTTP - ok
18:00:30.0953 2168 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
18:00:30.0968 2168 HTTPFilter - ok
18:00:30.0968 2168 i2omgmt - ok
18:00:30.0968 2168 i2omp - ok
18:00:30.0984 2168 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
18:00:31.0000 2168 i8042prt - ok
18:00:31.0250 2168 ialm (b2768350bb50469aeb1afe694372b613) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
18:00:31.0406 2168 ialm - ok
18:00:31.0453 2168 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
18:00:31.0468 2168 IDriverT - ok
18:00:31.0578 2168 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:00:31.0656 2168 idsvc - ok
18:00:31.0718 2168 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:00:31.0718 2168 Imapi - ok
18:00:31.0734 2168 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
18:00:31.0734 2168 ImapiService - ok
18:00:31.0750 2168 ini910u - ok
18:00:31.0750 2168 IntelIde - ok
18:00:31.0765 2168 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:00:31.0765 2168 intelppm - ok
18:00:31.0781 2168 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:00:31.0781 2168 Ip6Fw - ok
18:00:31.0812 2168 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:00:31.0812 2168 IpFilterDriver - ok
18:00:31.0812 2168 iphlpsvc - ok
18:00:31.0828 2168 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:00:31.0828 2168 IpInIp - ok
18:00:31.0843 2168 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:00:31.0843 2168 IpNat - ok
18:00:31.0859 2168 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:00:31.0875 2168 IPSec - ok
18:00:31.0890 2168 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:00:31.0890 2168 IRENUM - ok
18:00:31.0906 2168 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:00:31.0906 2168 isapnp - ok
18:00:31.0937 2168 k57w2k (cb46c36f55cdfe4d20d9833e0f267c84) C:\WINDOWS\system32\DRIVERS\k57xp32.sys
18:00:32.0000 2168 k57w2k - ok
18:00:32.0015 2168 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:00:32.0031 2168 Kbdclass - ok
18:00:32.0046 2168 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:00:32.0046 2168 kbdhid - ok
18:00:32.0062 2168 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:00:32.0062 2168 kmixer - ok
18:00:32.0093 2168 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
18:00:32.0093 2168 KSecDD - ok
18:00:32.0109 2168 LanmanServer (f385f4b02c535bffe1d70cab80838123) C:\WINDOWS\System32\srvsvc.dll
18:00:32.0125 2168 LanmanServer - ok
18:00:32.0140 2168 lanmanworkstation (1b67b632786fef1c1bbaef46c2f3f2e6) C:\WINDOWS\System32\wkssvc.dll
18:00:32.0156 2168 lanmanworkstation - ok
18:00:32.0156 2168 lbrtfdc - ok
18:00:32.0187 2168 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
18:00:32.0187 2168 LmHosts - ok
18:00:32.0250 2168 McShield (a521cd131a5b0f8554213eece0870824) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
18:00:32.0328 2168 McShield - ok
18:00:32.0359 2168 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
18:00:32.0375 2168 MDM - ok
18:00:32.0421 2168 mfeapfk (36b47b1e9c537f8f2b4481084b8f7d22) C:\WINDOWS\system32\drivers\mfeapfk.sys
18:00:32.0500 2168 mfeapfk - ok
18:00:32.0515 2168 MfeAVFK (cde41293db871a75cd99eb0ce781356b) C:\WINDOWS\system32\drivers\mfeavfk.sys
18:00:32.0578 2168 MfeAVFK - ok
18:00:32.0578 2168 mfeavfk01 - ok
18:00:32.0593 2168 MfeBOPK (e22385f64bdf0ad81157479496e33c4a) C:\WINDOWS\system32\drivers\mfebopk.sys
18:00:32.0671 2168 MfeBOPK - ok
18:00:32.0703 2168 mfehidk (56d330981866a72f061dd16cc5004513) C:\WINDOWS\system32\drivers\mfehidk.sys
18:00:32.0703 2168 mfehidk - ok
18:00:32.0718 2168 mferkdet (89b564d63c53fc0c6782ab07eea63acf) C:\WINDOWS\system32\drivers\mferkdet.sys
18:00:32.0781 2168 mferkdet - ok
18:00:32.0875 2168 MfeRKDK (820d6aa3f7f0cfa8a1fa8f63d3f1df04) C:\WINDOWS\system32\drivers\MfeRKDK.sys
18:00:32.0968 2168 MfeRKDK - ok
18:00:33.0125 2168 mfetdi2k (922e64ca38e38106498fb3435a8e399d) C:\WINDOWS\system32\drivers\mfetdi2k.sys
18:00:33.0187 2168 mfetdi2k - ok
18:00:33.0218 2168 mfetdik (3812e49fa67a3f604895f0d0c2e1ef90) C:\WINDOWS\system32\drivers\mfetdik.sys
18:00:33.0296 2168 mfetdik - ok
18:00:33.0312 2168 mfevtp (92472abbb3771bfb70df7a484f53b97c) C:\WINDOWS\system32\mfevtps.exe
18:00:33.0312 2168 mfevtp - ok
18:00:33.0343 2168 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:00:33.0343 2168 mnmdd - ok
18:00:33.0359 2168 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
18:00:33.0359 2168 mnmsrvc - ok
18:00:33.0375 2168 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:00:33.0375 2168 Modem - ok
18:00:33.0390 2168 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:00:33.0390 2168 Mouclass - ok
18:00:33.0406 2168 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:00:33.0406 2168 mouhid - ok
18:00:33.0421 2168 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:00:33.0421 2168 MountMgr - ok
18:00:33.0453 2168 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:00:33.0546 2168 MozillaMaintenance - ok
18:00:33.0562 2168 mraid35x - ok
18:00:33.0578 2168 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:00:33.0578 2168 MRxDAV - ok
18:00:33.0625 2168 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:00:33.0625 2168 MRxSmb - ok
18:00:33.0640 2168 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
18:00:33.0656 2168 MSDTC - ok
18:00:33.0671 2168 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:00:33.0671 2168 Msfs - ok
18:00:33.0671 2168 MSIServer - ok
18:00:33.0703 2168 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:00:33.0703 2168 MSKSSRV - ok
18:00:33.0703 2168 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:00:33.0718 2168 MSPCLOCK - ok
18:00:33.0718 2168 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:00:33.0718 2168 MSPQM - ok
18:00:33.0750 2168 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:00:33.0750 2168 mssmbios - ok
18:00:33.0765 2168 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
18:00:33.0765 2168 Mup - ok
18:00:33.0781 2168 mv2 (a0f0b16316276017e682410b5612a707) C:\WINDOWS\system32\DRIVERS\mv2.sys
18:00:33.0890 2168 mv2 - ok
18:00:33.0937 2168 myAgtSvc (180d57ee3eef2c66510429b182d4d534) C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
18:00:33.0937 2168 myAgtSvc - ok
18:00:33.0968 2168 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
18:00:33.0968 2168 napagent - ok
18:00:33.0984 2168 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:00:33.0984 2168 NDIS - ok
18:00:34.0015 2168 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:00:34.0015 2168 NdisTapi - ok
18:00:34.0015 2168 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:00:34.0031 2168 Ndisuio - ok
18:00:34.0046 2168 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:00:34.0046 2168 NdisWan - ok
18:00:34.0062 2168 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
18:00:34.0062 2168 NDProxy - ok
18:00:34.0078 2168 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:00:34.0078 2168 NetBIOS - ok
18:00:34.0093 2168 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:00:34.0109 2168 NetBT - ok
18:00:34.0140 2168 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:00:34.0140 2168 NetDDE - ok
18:00:34.0140 2168 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:00:34.0140 2168 NetDDEdsdm - ok
18:00:34.0156 2168 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:00:34.0156 2168 Netlogon - ok
18:00:34.0171 2168 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
18:00:34.0187 2168 Netman - ok
18:00:34.0250 2168 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:00:34.0328 2168 NetTcpPortSharing - ok
18:00:34.0359 2168 Nla (832e4dd8964ab7acc880b2837cb1ed20) C:\WINDOWS\System32\mswsock.dll
18:00:34.0359 2168 Nla - ok
18:00:34.0375 2168 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:00:34.0375 2168 Npfs - ok
18:00:34.0406 2168 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:00:34.0406 2168 Ntfs - ok
18:00:34.0421 2168 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:00:34.0421 2168 NtLmSsp - ok
18:00:34.0453 2168 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
18:00:34.0468 2168 NtmsSvc - ok
18:00:34.0500 2168 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:00:34.0500 2168 Null - ok
18:00:34.0515 2168 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:00:34.0515 2168 NwlnkFlt - ok
18:00:34.0531 2168 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:00:34.0531 2168 NwlnkFwd - ok
18:00:34.0578 2168 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:00:34.0593 2168 ose - ok
18:00:34.0625 2168 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:00:34.0625 2168 Parport - ok
18:00:34.0640 2168 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:00:34.0640 2168 PartMgr - ok
18:00:34.0656 2168 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:00:34.0656 2168 ParVdm - ok
18:00:34.0671 2168 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:00:34.0671 2168 PCI - ok
18:00:34.0671 2168 PCIDump - ok
18:00:34.0687 2168 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:00:34.0687 2168 PCIIde - ok
18:00:34.0703 2168 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:00:34.0718 2168 Pcmcia - ok
18:00:34.0718 2168 PDCOMP - ok
18:00:34.0718 2168 PDFRAME - ok
18:00:34.0718 2168 PDRELI - ok
18:00:34.0734 2168 PDRFRAME - ok
18:00:34.0765 2168 Peachtree SmartPosting 2012 (d87c58dd652df387c4e9a0f9ce595d69) C:\Program Files\Sage\Peachtree\SmartPostingService2012.exe
18:00:34.0875 2168 Peachtree SmartPosting 2012 - ok
18:00:34.0875 2168 perc2 - ok
18:00:34.0875 2168 perc2hib - ok
18:00:34.0906 2168 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:00:34.0906 2168 PlugPlay - ok
18:00:34.0921 2168 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:00:34.0921 2168 PolicyAgent - ok
18:00:34.0937 2168 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:00:34.0937 2168 PptpMiniport - ok
18:00:34.0953 2168 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:00:34.0953 2168 ProtectedStorage - ok
18:00:34.0953 2168 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:00:34.0968 2168 PSched - ok
18:00:35.0015 2168 psqlWGE (a3332979541729c8d0321b03e20bc66f) C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
18:00:35.0015 2168 psqlWGE - ok
18:00:35.0031 2168 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:00:35.0031 2168 Ptilink - ok
18:00:35.0031 2168 ql1080 - ok
18:00:35.0046 2168 Ql10wnt - ok
18:00:35.0046 2168 ql12160 - ok
18:00:35.0046 2168 ql1240 - ok
18:00:35.0046 2168 ql1280 - ok
18:00:35.0062 2168 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:00:35.0078 2168 RasAcd - ok
18:00:35.0093 2168 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
18:00:35.0093 2168 RasAuto - ok
18:00:35.0109 2168 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:00:35.0109 2168 Rasl2tp - ok
18:00:35.0125 2168 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
18:00:35.0140 2168 RasMan - ok
18:00:35.0140 2168 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:00:35.0140 2168 RasPppoe - ok
18:00:35.0156 2168 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:00:35.0156 2168 Raspti - ok
18:00:35.0171 2168 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:00:35.0171 2168 Rdbss - ok
18:00:35.0187 2168 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:00:35.0203 2168 RDPCDD - ok
18:00:35.0218 2168 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:00:35.0234 2168 rdpdr - ok
18:00:35.0250 2168 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
18:00:35.0250 2168 RDPWD - ok
18:00:35.0281 2168 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
18:00:35.0296 2168 RDSessMgr - ok
18:00:35.0296 2168 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:00:35.0312 2168 redbook - ok
18:00:35.0328 2168 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
18:00:35.0328 2168 RemoteAccess - ok
18:00:35.0359 2168 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
18:00:35.0359 2168 RemoteRegistry - ok
18:00:35.0390 2168 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
18:00:35.0390 2168 RpcLocator - ok
18:00:35.0437 2168 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
18:00:35.0437 2168 RpcSs - ok
18:00:35.0453 2168 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
18:00:35.0468 2168 RSVP - ok
18:00:35.0515 2168 RumorServer (180d57ee3eef2c66510429b182d4d534) C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
18:00:35.0515 2168 RumorServer - ok
18:00:35.0546 2168 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:00:35.0562 2168 SamSs - ok
18:00:35.0593 2168 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
18:00:35.0593 2168 SASDIFSV - ok
18:00:35.0609 2168 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
18:00:35.0609 2168 SASKUTIL - ok
18:00:35.0640 2168 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
18:00:35.0640 2168 SCardSvr - ok
18:00:35.0671 2168 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
18:00:35.0687 2168 Schedule - ok
18:00:35.0734 2168 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:00:35.0734 2168 Secdrv - ok
18:00:35.0750 2168 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
18:00:35.0765 2168 seclogon - ok
18:00:35.0765 2168 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
18:00:35.0765 2168 SENS - ok
18:00:35.0796 2168 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:00:35.0796 2168 serenum - ok
18:00:35.0812 2168 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:00:35.0828 2168 Serial - ok
18:00:35.0875 2168 SFAUDIO (b6401608579b6431994425ba7653f774) C:\WINDOWS\system32\drivers\sfaudio.sys
18:00:35.0875 2168 SFAUDIO - ok
18:00:35.0890 2168 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:00:35.0890 2168 Sfloppy - ok
18:00:35.0921 2168 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
18:00:35.0921 2168 SharedAccess - ok
18:00:35.0937 2168 ShellHWDetection (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
18:00:35.0937 2168 ShellHWDetection - ok
18:00:35.0953 2168 Simbad - ok
18:00:35.0953 2168 Sparrow - ok
18:00:35.0968 2168 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:00:35.0968 2168 splitter - ok
18:00:35.0984 2168 Spooler (d8e14a61acc1d4a6cd0d38aebac7fa3b) C:\WINDOWS\system32\spoolsv.exe
18:00:35.0984 2168 Spooler - ok
18:00:36.0015 2168 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:00:36.0015 2168 sr - ok
18:00:36.0031 2168 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
18:00:36.0046 2168 srservice - ok
18:00:36.0078 2168 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys
18:00:36.0078 2168 Srv - ok
18:00:36.0109 2168 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
18:00:36.0109 2168 SSDPSRV - ok
18:00:36.0140 2168 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
18:00:36.0203 2168 StillCam - ok
18:00:36.0218 2168 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
18:00:36.0234 2168 stisvc - ok
18:00:36.0281 2168 SWAGENT (e7b71cf1bbfe78f68b8dbd9114783c7c) C:\Program Files\McAfee\Managed VirusScan\Agent\swAgent.exe
18:00:36.0390 2168 SWAGENT - ok
18:00:36.0421 2168 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:00:36.0421 2168 swenum - ok
18:00:36.0437 2168 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:00:36.0453 2168 swmidi - ok
18:00:36.0453 2168 SwPrv - ok
18:00:36.0453 2168 symc810 - ok
18:00:36.0453 2168 symc8xx - ok
18:00:36.0468 2168 sym_hi - ok
18:00:36.0468 2168 sym_u3 - ok
18:00:36.0500 2168 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:00:36.0515 2168 sysaudio - ok
18:00:36.0531 2168 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
18:00:36.0546 2168 SysmonLog - ok
18:00:36.0562 2168 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
18:00:36.0578 2168 TapiSrv - ok
18:00:36.0609 2168 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:00:36.0609 2168 Tcpip - ok
18:00:36.0625 2168 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:00:36.0625 2168 TDPIPE - ok
18:00:36.0640 2168 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:00:36.0640 2168 TDTCP - ok
18:00:36.0640 2168 tdx - ok
18:00:36.0656 2168 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:00:36.0671 2168 TermDD - ok
18:00:36.0687 2168 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
18:00:36.0687 2168 TermService - ok
18:00:36.0718 2168 Themes (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
18:00:36.0718 2168 Themes - ok
18:00:36.0734 2168 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
18:00:36.0734 2168 TlntSvr - ok
18:00:36.0750 2168 TosIde - ok
18:00:36.0765 2168 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
18:00:36.0765 2168 TrkWks - ok
18:00:36.0781 2168 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:00:36.0796 2168 Udfs - ok
18:00:36.0796 2168 ultra - ok
18:00:36.0828 2168 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:00:36.0843 2168 Update - ok
18:00:36.0859 2168 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
18:00:36.0875 2168 upnphost - ok
18:00:36.0875 2168 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
18:00:36.0875 2168 UPS - ok
18:00:36.0906 2168 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:00:36.0906 2168 usbccgp - ok
18:00:36.0921 2168 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:00:36.0937 2168 usbehci - ok
18:00:36.0953 2168 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:00:36.0953 2168 usbhub - ok
18:00:36.0984 2168 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:00:37.0000 2168 usbprint - ok
18:00:37.0015 2168 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:00:37.0015 2168 USBSTOR - ok
18:00:37.0046 2168 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:00:37.0046 2168 usbuhci - ok
18:00:37.0156 2168 uvnc_service (d4362345c824d890099844219cede56e) C:\Program Files\UltraVNC\winvnc.exe
18:00:37.0156 2168 uvnc_service - ok
18:00:37.0203 2168 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:00:37.0218 2168 VgaSave - ok
18:00:37.0218 2168 ViaIde - ok
18:00:37.0234 2168 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:00:37.0250 2168 VolSnap - ok
18:00:37.0265 2168 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
18:00:37.0281 2168 VSS - ok
18:00:37.0312 2168 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
18:00:37.0328 2168 W32Time - ok
18:00:37.0328 2168 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:00:37.0343 2168 Wanarp - ok
18:00:37.0343 2168 WDICA - ok
18:00:37.0359 2168 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:00:37.0375 2168 wdmaud - ok
18:00:37.0390 2168 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
18:00:37.0390 2168 WebClient - ok
18:00:37.0421 2168 wfxsvc (efacce8deb789de9a0ec8655ca3075da) C:\WINDOWS\system32\WFXSVC.EXE
18:00:37.0515 2168 wfxsvc - ok
18:00:37.0531 2168 WinDefend - ok
18:00:37.0531 2168 WinHttpAutoProxySvc - ok
18:00:37.0578 2168 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:00:37.0593 2168 winmgmt - ok
18:00:37.0625 2168 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
18:00:37.0625 2168 WmdmPmSN - ok
18:00:37.0671 2168 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
18:00:37.0671 2168 Wmi - ok
18:00:37.0687 2168 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:00:37.0687 2168 WmiApSrv - ok
18:00:37.0765 2168 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
18:00:37.0796 2168 WMPNetworkSvc - ok
18:00:37.0906 2168 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:00:38.0000 2168 WPFFontCache_v0400 - ok
18:00:38.0031 2168 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:00:38.0046 2168 WS2IFSL - ok
18:00:38.0062 2168 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
18:00:38.0062 2168 wscsvc - ok
18:00:38.0078 2168 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
18:00:38.0078 2168 wuauserv - ok
18:00:38.0109 2168 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:00:38.0109 2168 WudfPf - ok
18:00:38.0125 2168 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:00:38.0125 2168 WudfRd - ok
18:00:38.0140 2168 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
18:00:38.0156 2168 WudfSvc - ok
18:00:38.0187 2168 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
18:00:38.0187 2168 WZCSVC - ok
18:00:38.0203 2168 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
18:00:38.0218 2168 xmlprov - ok
18:00:38.0234 2168 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:00:38.0562 2168 \Device\Harddisk0\DR0 - ok
18:00:38.0562 2168 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR6
18:00:40.0968 2168 \Device\Harddisk1\DR6 - ok
18:00:40.0968 2168 Boot (0x1200) (a97a13dc58c55ff7cab23ac0dc1af57c) \Device\Harddisk0\DR0\Partition0
18:00:40.0968 2168 \Device\Harddisk0\DR0\Partition0 - ok
18:00:40.0984 2168 Boot (0x1200) (4f1b88e876e21dc001f250feb3bdc9ce) \Device\Harddisk1\DR6\Partition0
18:00:40.0984 2168 \Device\Harddisk1\DR6\Partition0 - ok
18:00:40.0984 2168 ============================================================
18:00:40.0984 2168 Scan finished
18:00:40.0984 2168 ============================================================
18:00:40.0984 2892 Detected object count: 0
18:00:40.0984 2892 Actual detected object count: 0

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,537 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:28 AM

Posted 12 June 2012 - 08:23 PM

OK, If still redirecting>>>
Change your DNS Servers:
  • Go to Posted Image > Run... and in the open box, type: cmd
  • Press OK or Hit Enter.
  • At the command prompt, type or copy/paste: ipconfig /flushdns
  • Hit Enter.
  • You will get a confirmation that the flush was successful.
  • Close the command box.


If still redirecting>>>
The problem is actually based in your router.
Open MBAM in normal mode and click Update tab, select Check for Updates
Next disconnect your system from the internet, and your router, then…
Open MBAM in normal mode and click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected,

Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you don’t know the router's default password, you can look it up HERE


However, if there are other infected machines using the same router, they will need to be cleared with the above steps before resetting the router. Otherwise, the malware will simply go back and change the router's DNS settings. You also need to reconfigure any security settings you had in place prior to the reset. Check out this site here for video tutorials on how to properly configure your router's encryption and security settings. You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Once you have ran Malwarebytes' Anti-Malware on the infected system, and reset the router to its default configuration you can reconnect to the internet, and router. Then return to this site to post your logs
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Vector23

Vector23
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 12 June 2012 - 08:43 PM

Thanks for all the help, however the PC's are still redirecting.

As the folloewing is true:

1) The issue occurs on only 2 PC's out of 200 in the office.

2) Firewall is fully locked down Sonicwall Corporate firewall. Not susceptible to the kind of malware attack that changes the DNS server information in the router because it does not in any way use the default password (which is how routers are attacked)

3) DNS is handled by internal Windows 2003 DNS servers which forward to OpenDNS server and have zero problem resolving links or browsing to the sites in question.

due to the above:

this is not an issues with DNS or with the "Router"

On my PC I can go to google, run the search string identically to how I run it on the affected PC

ex: this friday vs next friday and run a search.

click on any of the links and get the result I am looking for.

on the other PC, after flushing the DNS I click on the same search results and links and 1 time in 4 it goes where it is supposed to mostly it comes back to the google front page with no results and asks me if I want to delete google.com from the history or goes to yellowise.com

there is an infection of some type here.

I'll run the Malware Bytes Scan again and see if it finds anything and post the results.

~Josh <--MCITP/EA

Edited by Vector23, 12 June 2012 - 08:45 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,537 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:28 AM

Posted 12 June 2012 - 08:53 PM

OK, we can find this but we will need a DDS log analysis..

We need a deeper look. Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run (it may not on a 64 bit system) skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users