Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google redirects

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Google redirects

Unread postby princessgeek » April 14th, 2011, 11:59 pm

Kids are on spring break and download goodness knows what. *sigh* I'm getting lots of redirects and often it is ads but I've seen allgive.com pop up a few times. Anyway, please help! :D Here's the DDS and Attach files.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Brenden Young at 19:31:18.56 on Thu 04/14/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1034 [GMT -7:00]
.
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\D-Link\DWA-552 revA\wirelesscm.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Brenden Young\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Brenden Young\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Brenden Young\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Safari\Safari.exe
C:\Documents and Settings\Brenden Young\My Documents\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/home?AF=17708
uSearch Page =
uSearch Bar =
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = hxxp://www.alienware.com/Mothership?Com ... 3931363841
uInternet Settings,ProxyOverride = <local>;*.local
mSearchAssistant =
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {348FE907-249E-4C65-A838-F34A193FE1D1} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [RemoteCenter] c:\program files\creative\mediasource\remotecontrol\RCMan.EXE
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\brenden young\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [CTDVDDET] c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDET.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
mRun: [SBDrvDet] c:\program files\creative\sb drive det\SBDrvDet.exe /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [<NO NAME>]
mRun: [StatusClient] c:\program files\hewlett-packard\toolbox2.0\apache tomcat 4.0\webapps\toolbox\statusclient\StatusClient.exe /auto
mRun: [TomcatStartup] c:\program files\hewlett-packard\toolbox2.0\hpbpsttp.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [ClamWin] "c:\program files\clamwin\bin\ClamTray.exe" --logon
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\brende~1\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\d-link\dwa-552 reva\wirelesscm.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/ ... vc1dmo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windows ... 9077742718
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/s ... wflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: WB - c:\program files\alienguise\fastload.dll
AppInit_DLLs: wbsys.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\brende~1\applic~1\mozilla\firefox\profiles\4w0jd0d8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\documents and settings\brenden young\application data\mozilla\firefox\profiles\4w0jd0d8.default\extensions\ffxtlbr@babylon.com\components\FFHst.dll
FF - plugin: c:\documents and settings\brenden young\local settings\application data\google\chrome\user data\default\extensions\dkfjadjghjpjodfhffafagnkbgbpiphf\1.0.3.150_0\npsoe.dll
FF - plugin: c:\documents and settings\brenden young\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com
.
============= SERVICES / DRIVERS ===============
.
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2004-4-28 77312]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl052ceb61;MpKsl052ceb61;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{59f611ba-0a34-4ae7-8b77-2994fc21f8d1}\MpKsl052ceb61.sys [2011-4-13 28752]
R1 MpKsl38c95b11;MpKsl38c95b11;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{59f611ba-0a34-4ae7-8b77-2994fc21f8d1}\MpKsl38c95b11.sys [2011-4-14 28752]
R1 MpKsl5473a0ad;MpKsl5473a0ad;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{59f611ba-0a34-4ae7-8b77-2994fc21f8d1}\MpKsl5473a0ad.sys [2011-4-14 28752]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2010-12-16 130376]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2010-12-16 140608]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2010-12-16 141768]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2010-12-16 97352]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2010-12-16 111944]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2010-12-16 113096]
R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [2010-11-4 20480]
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver;c:\windows\system32\drivers\getnd5b.sys [2003-9-2 44032]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2010-11-4 57440]
S2 CloudAvUpdater;CloudAvUpdater;c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5.tmp\setup.exe [2011-4-14 739136]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-9 136176]
S2 WLSVC;WLSVC;c:\program files\d-link\dwa-552 reva\WLSVC.exe [2010-11-4 167936]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\d-link\dwa-552 reva\jswpsapi.exe [2010-11-4 356433]
S3 XDva356;XDva356;\??\c:\windows\system32\xdva356.sys --> c:\windows\system32\XDva356.sys [?]
.
=============== Created Last 30 ================
.
2011-04-15 00:09:57 72 ----a-w- c:\windows\RAVTC.TMP
2011-04-15 00:09:54 739136 ----a-w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\pan5.tmp\setup.exe
2011-04-15 00:09:53 -------- d-----w- c:\windows\system32\grouppolicy\machine\scripts\shutdown\Pan5.tmp
2011-04-15 00:09:34 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{59f611ba-0a34-4ae7-8b77-2994fc21f8d1}\MpKsl38c95b11.sys
2011-04-14 13:14:45 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{59f611ba-0a34-4ae7-8b77-2994fc21f8d1}\MpKsl5473a0ad.sys
2011-04-14 04:03:40 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{59f611ba-0a34-4ae7-8b77-2994fc21f8d1}\MpKsl052ceb61.sys
2011-04-12 14:49:50 -------- d-----w- c:\windows\system32\GroupPolicy
2011-04-11 14:49:41 -------- d-----w- c:\docume~1\brende~1\applic~1\Panda Security
2011-04-11 14:48:41 -------- d-----w- c:\program files\Panda Security
2011-04-11 14:48:41 -------- d-----w- c:\docume~1\alluse~1\applic~1\Panda Security
2011-04-11 14:47:07 428352 ----a-w- c:\program files\mozilla firefox\StubInstaller.exe
2011-04-09 04:18:41 -------- d-----w- c:\docume~1\brende~1\applic~1\Malwarebytes
2011-04-09 04:18:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-09 04:18:34 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-09 04:18:30 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-09 04:18:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-09 03:54:13 6792528 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{59f611ba-0a34-4ae7-8b77-2994fc21f8d1}\mpengine.dll
2011-04-09 03:54:13 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-09 03:49:51 -------- d-----w- c:\program files\Microsoft Security Client
2011-04-09 01:15:50 -------- d-----w- c:\docume~1\brende~1\applic~1\.clamwin
2011-04-09 01:15:40 -------- d-----w- c:\program files\ClamWin
2011-04-09 01:15:40 -------- d-----w- c:\documents and settings\all users\.clamwin
2011-04-09 01:07:38 -------- d-----w- c:\docume~1\brende~1\applic~1\BabylonToolbar
2011-04-08 21:55:55 -------- d-----w- c:\program files\GEMP Loader
2011-04-08 21:49:28 53248 ------w- c:\windows\system32\RemFarStone.exe
2011-04-06 20:34:23 -------- d-----w- c:\program files\SweetIM
2011-04-05 23:48:52 -------- d-----w- c:\program files\Cave Story Deluxe
2011-04-04 20:00:16 -------- d-----w- c:\program files\common files\Symantec Shared
2011-04-04 20:00:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton
2011-04-04 20:00:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2011-04-04 17:01:22 -------- d-----w- c:\windows\ie8updates
2011-04-04 17:00:30 -------- dc-h--w- c:\windows\ie8
2011-04-04 16:52:58 55296 ------w- c:\windows\system32\SETA46.tmp
2011-04-04 16:52:57 1991680 ------w- c:\windows\system32\SETA4B.tmp
2011-04-04 16:52:56 916480 ------w- c:\windows\system32\SETA40.tmp
2011-04-04 16:52:56 602112 ------w- c:\windows\system32\SETA47.tmp
2011-04-04 16:52:56 5961216 ------w- c:\windows\system32\SETA45.tmp
2011-04-04 16:52:56 1210880 ------w- c:\windows\system32\SETA41.tmp
2011-04-04 16:52:31 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-04-04 16:52:30 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-04-04 16:52:29 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-04-04 16:52:29 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-04-04 16:51:50 -------- d-----w- c:\docume~1\brende~1\locals~1\applic~1\OpenCandy
2011-04-04 16:51:48 -------- d-----w- c:\docume~1\brende~1\applic~1\OpenCandy
2011-04-02 16:59:18 -------- d-----w- c:\documents and settings\brenden young\dwhelper
2011-04-01 16:02:24 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2011-04-01 16:02:01 -------- d-----w- c:\docume~1\brende~1\applic~1\DAEMON Tools Lite
2011-04-01 16:02:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2011-04-01 15:43:45 -------- d-----w- c:\program files\PowerISO
2011-04-01 15:28:09 2829 ----a-w- c:\windows\DIIUnin.pif
2011-04-01 15:28:08 94208 ----a-w- c:\windows\DIIUnin.exe
2011-04-01 15:21:52 -------- d-----w- C:\Diablo II
2011-03-18 17:04:24 -------- d-----w- c:\program files\Folding@home
2011-03-18 17:04:24 -------- d-----w- c:\docume~1\brende~1\applic~1\Folding@home-x86
2011-03-18 05:29:05 -------- d-----w- c:\program files\Pocket Tanks Deluxe
2011-03-18 05:19:13 -------- d-----w- c:\program files\Pocket Tanks
2011-03-18 02:02:05 -------- d-----w- c:\documents and settings\brenden young\.thumbnails
2011-03-18 02:01:02 -------- d-----w- c:\documents and settings\brenden young\.gimp-2.6
2011-03-18 02:00:38 -------- d-----w- c:\program files\GIMP-2.0
2011-03-18 01:55:52 -------- d-----w- c:\docume~1\brende~1\applic~1\Avery
2011-03-18 01:49:14 -------- d-----w- c:\program files\Avery Dennison
.
==================== Find3M ====================
.
2011-04-01 16:28:53 21840 ----atw- c:\windows\system32\SIntfNT.dll
2011-04-01 16:28:53 17212 ----atw- c:\windows\system32\SIntf32.dll
2011-04-01 16:28:53 12067 ----atw- c:\windows\system32\SIntf16.dll
2011-03-13 06:48:28 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-02-03 17:24:57 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-02-03 17:22:51 1 ----a-w- c:\windows\system32\SI.bin
2011-02-03 04:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-03 02:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 13:31:16 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-02-02 13:31:16 348160 ----a-w- c:\windows\system32\msvcr71.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: VIA_SATA rev.____ -> Harddisk0\DR0 -> \Device\Scsi\viasraid1
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A533439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a5397d0]; MOV EAX, [0x8a53984c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x8A640AB8]
3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x8A4E2F18]
\Driver\viasraid[0x8A615030] -> IRP_MJ_CREATE -> 0x8A533439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Scsi\viasraid1Port2Path0Target0Lun0 -> \??\SCSI#Disk&Ven_VIA_SATA&Prod__RAID_0&Rev_#4&241f14ef&0&000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 19:32:58.75 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/31/2004 11:38:39 PM
System Uptime: 4/14/2011 5:08:56 PM (2 hours ago)
.
Motherboard: http://www.abit.com.tw/ | | AV8 (VIA K8T800P-8237)
Processor: AMD Hammer Family processor - Model Unknown | Socket 939 | 2204/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 596 GiB total, 513.296 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()
K: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_1106&DEV_3059&SUBSYS_1415147B&REV_60\3&13C0B0C5&0&8D
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_1106&DEV_3059&SUBSYS_1415147B&REV_60\3&13C0B0C5&0&8D
Service:
.
==== System Restore Points ===================
.
RP103: 1/15/2011 7:19:21 AM - System Checkpoint
RP104: 1/16/2011 7:21:49 AM - System Checkpoint
RP105: 1/17/2011 12:26:21 PM - System Checkpoint
RP106: 1/18/2011 12:48:52 PM - System Checkpoint
RP107: 1/19/2011 4:27:49 PM - System Checkpoint
RP108: 1/20/2011 8:15:58 AM - Installed DirectX
RP109: 1/21/2011 8:45:29 AM - System Checkpoint
RP110: 1/22/2011 10:33:45 AM - System Checkpoint
RP111: 1/23/2011 11:12:04 AM - System Checkpoint
RP112: 1/24/2011 11:44:23 AM - System Checkpoint
RP113: 1/25/2011 5:08:45 PM - System Checkpoint
RP114: 1/26/2011 7:25:20 PM - System Checkpoint
RP115: 1/28/2011 8:31:34 AM - System Checkpoint
RP116: 1/29/2011 2:08:30 PM - System Checkpoint
RP117: 1/30/2011 2:43:28 PM - System Checkpoint
RP118: 1/31/2011 9:40:21 PM - System Checkpoint
RP119: 2/1/2011 10:06:04 PM - System Checkpoint
RP120: 2/2/2011 10:06:43 PM - System Checkpoint
RP121: 2/3/2011 9:23:12 AM - Installed Heroes of Might and Magic V
RP122: 2/4/2011 10:04:37 AM - System Checkpoint
RP123: 2/5/2011 1:44:27 PM - System Checkpoint
RP124: 2/6/2011 2:00:10 PM - System Checkpoint
RP125: 2/7/2011 2:58:10 PM - System Checkpoint
RP126: 2/8/2011 3:56:00 PM - System Checkpoint
RP127: 2/9/2011 4:49:03 PM - System Checkpoint
RP128: 2/10/2011 8:47:54 PM - System Checkpoint
RP129: 2/10/2011 10:02:09 PM - Installed calibre
RP130: 2/11/2011 10:36:03 PM - System Checkpoint
RP131: 2/12/2011 11:36:03 PM - System Checkpoint
RP132: 2/14/2011 8:36:18 AM - System Checkpoint
RP133: 2/15/2011 1:30:18 PM - System Checkpoint
RP134: 2/16/2011 2:05:03 PM - System Checkpoint
RP135: 2/16/2011 4:51:09 PM - Installed Redshark 3.90
RP136: 2/17/2011 9:51:16 PM - System Checkpoint
RP137: 2/18/2011 11:15:55 AM - Installed Windows XP Wdf01007.
RP138: 2/19/2011 3:02:57 PM - System Checkpoint
RP139: 2/20/2011 5:52:17 PM - System Checkpoint
RP140: 2/21/2011 6:16:23 PM - System Checkpoint
RP141: 2/22/2011 10:51:44 PM - System Checkpoint
RP142: 2/23/2011 11:28:23 PM - System Checkpoint
RP143: 2/25/2011 2:33:02 AM - System Checkpoint
RP144: 2/26/2011 3:16:23 AM - System Checkpoint
RP145: 2/27/2011 4:16:23 AM - System Checkpoint
RP146: 2/28/2011 5:16:23 AM - System Checkpoint
RP147: 3/1/2011 8:05:35 AM - System Checkpoint
RP148: 3/2/2011 8:47:51 AM - System Checkpoint
RP149: 3/3/2011 9:47:51 AM - System Checkpoint
RP150: 3/4/2011 10:47:51 AM - System Checkpoint
RP151: 3/5/2011 10:55:03 AM - System Checkpoint
RP152: 3/6/2011 12:51:07 PM - System Checkpoint
RP153: 3/7/2011 1:47:34 PM - System Checkpoint
RP154: 3/8/2011 2:47:34 PM - System Checkpoint
RP155: 3/9/2011 3:20:19 PM - System Checkpoint
RP156: 3/10/2011 4:20:18 PM - System Checkpoint
RP157: 3/11/2011 5:45:19 PM - System Checkpoint
RP158: 3/12/2011 7:09:29 PM - System Checkpoint
RP159: 3/13/2011 8:54:33 PM - System Checkpoint
RP160: 3/14/2011 10:38:48 PM - System Checkpoint
RP161: 3/15/2011 11:30:41 PM - System Checkpoint
RP162: 3/17/2011 12:30:41 AM - System Checkpoint
RP163: 3/17/2011 6:48:58 PM - Installed DesignPro 5
RP164: 3/18/2011 10:04:24 AM - Installed Folding@home-x86
RP165: 3/19/2011 1:12:52 PM - System Checkpoint
RP166: 3/20/2011 1:47:36 PM - System Checkpoint
RP167: 3/22/2011 8:01:07 AM - System Checkpoint
RP168: 3/23/2011 8:19:01 PM - System Checkpoint
RP169: 3/24/2011 9:45:54 PM - System Checkpoint
RP170: 3/25/2011 10:29:56 PM - System Checkpoint
RP171: 3/26/2011 11:57:45 PM - System Checkpoint
RP172: 3/28/2011 8:06:38 AM - System Checkpoint
RP173: 3/30/2011 8:13:25 AM - System Checkpoint
RP174: 3/31/2011 9:51:37 PM - System Checkpoint
RP175: 4/2/2011 10:36:23 AM - System Checkpoint
RP176: 4/3/2011 1:51:14 PM - System Checkpoint
RP177: 4/4/2011 9:53:24 AM - Software Distribution Service 3.0
RP178: 4/4/2011 10:00:43 AM - Installed Windows Internet Explorer 8.
RP179: 4/4/2011 10:01:14 AM - Software Distribution Service 3.0
RP180: 4/5/2011 1:33:44 PM - System Checkpoint
RP181: 4/6/2011 4:58:02 PM - System Checkpoint
RP182: 4/7/2011 8:08:04 PM - System Checkpoint
RP183: 4/8/2011 6:13:03 PM - Removed SweetIM Toolbar for Internet Explorer 4.0
RP184: 4/8/2011 6:13:39 PM - Removed SweetIM for Messenger 3.3
RP185: 4/9/2011 7:52:43 PM - System Checkpoint
RP186: 4/11/2011 6:38:48 AM - System Checkpoint
RP187: 4/12/2011 8:10:56 AM - System Checkpoint
RP188: 4/13/2011 9:42:02 PM - System Checkpoint
RP189: 4/14/2011 5:18:36 PM - Installed Java(TM) 6 Update 24
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.20
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Athlon 64 Processor Driver
Audacity 1.2.6
Bejeweled 2
Bejeweled 3
Bonjour
Bookworm Adventures Vol. 2
Bullzip PDF Printer 4.0.0.463
calibre
Canon Easy-PhotoPrint EX
Canon MP Navigator EX 4.0
Canon MP495 series MP Drivers
Canon MP495 series User Registration
Canon My Printer
Canon Solution Menu EX
Cave Story Deluxe
CDBurnerXP
Champions Online
Character Builder
ClamWin Free Antivirus 0.97
CloneCD
Creative MediaSource
Creative System Information
DesignPro 5
Diablo II
Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.13.00.802
DWA-552
Folding@home-x86
Free RAR Extract Frog
GIMP 2.6.11
Google Chrome
Google Earth Plug-in
Google Update Helper
GPL Ghostscript Lite 8.70
Harmony Assistant
Hero Lab V3.6g
Heroes of Might and Magic V Collector Edition
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
hp LaserJet 1010 Series
InCD
Insaniquarium Deluxe 1.0
ips XP 1.11.2600
iTunes
Java Auto Updater
Java(TM) 6 Update 24
LAME v3.98.3 for Audacity
Magic The Gathering Tactics
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.0.7)
Neo Steam : The Shattered Continent
Nero Digital
Nero OEM
NeroVision Express Content
NoteWorthy Composer 2
NVIDIA Drivers
OverDrive Media Console
Panda Cloud Antivirus
Pando Media Booster
PDFtoMusic Pro
PFConfig 1.0.296
Pocket Tanks Deluxe v1.3 By Argogo
Pocket Tanks v1.3
PowerDVD
PowerISO
QuickTime
Redshark 3.90
Safari
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Simple Port Forwarding
Sound Blaster Audigy 2 ZS
Station Launcher
Theme Manager
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
VLC media player 0.9.8a
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinRAR 4.00 beta 7 (32-bit)
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
4/14/2011 6:25:16 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.1106.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
4/13/2011 7:39:19 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
4/13/2011 5:59:45 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001E582BF0CA. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
.
==== End Of File ===========================
princessgeek
Active Member
 
Posts: 4
Joined: April 14th, 2011, 10:20 pm
Advertisement
Register to Remove

Re: Google redirects

Unread postby deltalima » April 15th, 2011, 7:43 am

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google redirects

Unread postby deltalima » April 15th, 2011, 7:49 am

Hi princessgeek,

Welcome to the forum.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Remove P2P Programs

  • I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    µTorrent


  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the programs listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

TDSSKiller

  • Please Download TDSSKiller.zip and save it on your desktop.
  • Extract (unzip) its contents to your Desktop.
  • Double-click the TDSSKiller Folder on your desktop.
  • Right-click on TDSSKiller.exe and click Copy then Paste it directly on to your Desktop.
  • Important!: Run this fix once and once only.
  • Double click the TDSSKiller icon on you're desktop then click Start scan.
  • A box will appear saying System scan completed.
  • If any Malicious objects are found click Cure > Continue > Reboot now.
  • A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010.
  • To find the log click Start > Computer > C:.
  • Please post the contents of that log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google redirects

Unread postby princessgeek » April 15th, 2011, 9:29 pm

Here it is, thanks!

2011/04/15 18:20:44.0234 2720 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/15 18:20:44.0609 2720 ================================================================================
2011/04/15 18:20:44.0609 2720 SystemInfo:
2011/04/15 18:20:44.0609 2720
2011/04/15 18:20:44.0609 2720 OS Version: 5.1.2600 ServicePack: 3.0
2011/04/15 18:20:44.0609 2720 Product type: Workstation
2011/04/15 18:20:44.0609 2720 ComputerName: BIGRED
2011/04/15 18:20:44.0609 2720 UserName: Brenden Young
2011/04/15 18:20:44.0609 2720 Windows directory: C:\WINDOWS
2011/04/15 18:20:44.0609 2720 System windows directory: C:\WINDOWS
2011/04/15 18:20:44.0609 2720 Processor architecture: Intel x86
2011/04/15 18:20:44.0609 2720 Number of processors: 1
2011/04/15 18:20:44.0609 2720 Page size: 0x1000
2011/04/15 18:20:44.0609 2720 Boot type: Normal boot
2011/04/15 18:20:44.0609 2720 ================================================================================
2011/04/15 18:20:45.0265 2720 Initialize success
2011/04/15 18:20:48.0765 3072 ================================================================================
2011/04/15 18:20:48.0765 3072 Scan started
2011/04/15 18:20:48.0765 3072 Mode: Manual;
2011/04/15 18:20:48.0765 3072 ================================================================================
2011/04/15 18:20:49.0328 3072 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/15 18:20:49.0468 3072 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/15 18:20:49.0609 3072 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/15 18:20:49.0796 3072 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/04/15 18:20:50.0203 3072 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/04/15 18:20:50.0406 3072 AR5416 (2f9a4beb4163590b78e26cdedc789ed4) C:\WINDOWS\system32\DRIVERS\athw.sys
2011/04/15 18:20:50.0515 3072 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/04/15 18:20:50.0843 3072 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/15 18:20:50.0906 3072 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/15 18:20:51.0031 3072 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/15 18:20:51.0156 3072 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/15 18:20:51.0234 3072 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/15 18:20:51.0453 3072 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/15 18:20:51.0578 3072 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/15 18:20:51.0625 3072 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/15 18:20:51.0671 3072 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/15 18:20:52.0078 3072 ctac32k (e7610aba1f551eb77b6bb2274d194f93) C:\WINDOWS\system32\drivers\ctac32k.sys
2011/04/15 18:20:52.0171 3072 ctaud2k (e9ee8b502acfbd0955d081d7a1ccce24) C:\WINDOWS\system32\drivers\ctaud2k.sys
2011/04/15 18:20:52.0281 3072 ctdvda2k (437f2b31ba8b6b264d38b4fe6682faec) C:\WINDOWS\system32\drivers\ctdvda2k.sys
2011/04/15 18:20:52.0359 3072 ctprxy2k (90fd30ea61c68df474a0b398f03e6d9b) C:\WINDOWS\system32\drivers\ctprxy2k.sys
2011/04/15 18:20:52.0421 3072 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\drivers\ctsfm2k.sys
2011/04/15 18:20:52.0625 3072 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/15 18:20:52.0718 3072 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/15 18:20:52.0828 3072 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/15 18:20:52.0921 3072 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/15 18:20:53.0031 3072 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/15 18:20:53.0156 3072 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
2011/04/15 18:20:53.0234 3072 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
2011/04/15 18:20:53.0312 3072 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
2011/04/15 18:20:53.0406 3072 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/15 18:20:53.0500 3072 ElbyCDFL (ce37e3d51912e59c80c6d84337c0b4cd) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
2011/04/15 18:20:53.0562 3072 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
2011/04/15 18:20:53.0640 3072 emupia (8b2303cf5fdc7e97a975bd1069cd99d6) C:\WINDOWS\system32\drivers\emupia2k.sys
2011/04/15 18:20:53.0750 3072 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/15 18:20:53.0843 3072 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/15 18:20:53.0906 3072 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/15 18:20:53.0984 3072 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/04/15 18:20:54.0171 3072 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/04/15 18:20:54.0250 3072 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/15 18:20:54.0312 3072 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/15 18:20:54.0390 3072 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/04/15 18:20:54.0515 3072 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/04/15 18:20:54.0593 3072 GETNDIS (7e18ecafac6a0f359b0d25e3dd19b786) C:\WINDOWS\system32\DRIVERS\getnd5b.sys
2011/04/15 18:20:54.0750 3072 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/15 18:20:54.0890 3072 ha10kx2k (e64325ba1ede4a2551a0be186c61d4d7) C:\WINDOWS\system32\drivers\ha10kx2k.sys
2011/04/15 18:20:55.0000 3072 hap16v2k (a28be5017b423a783dd0d0a4cd3b48f5) C:\WINDOWS\system32\drivers\hap16v2k.sys
2011/04/15 18:20:55.0125 3072 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/15 18:20:55.0328 3072 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/15 18:20:55.0578 3072 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/15 18:20:55.0687 3072 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/15 18:20:55.0781 3072 InCDfs (17aa2583bd7408e3a162cf68206143de) C:\WINDOWS\system32\drivers\InCDfs.sys
2011/04/15 18:20:55.0843 3072 InCDPass (53e05bdd206698dbcb46f413996b224c) C:\WINDOWS\system32\DRIVERS\InCDPass.sys
2011/04/15 18:20:55.0937 3072 InCDrec (f92e322dc5b6f1b009763791026bb2e2) C:\WINDOWS\system32\drivers\InCDrec.sys
2011/04/15 18:20:56.0000 3072 incdrm (3a47df588a3e3701d85b3c3c021fa8c1) C:\WINDOWS\system32\drivers\incdrm.sys
2011/04/15 18:20:56.0265 3072 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/04/15 18:20:56.0343 3072 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/15 18:20:56.0453 3072 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/15 18:20:56.0546 3072 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/15 18:20:56.0609 3072 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/15 18:20:56.0671 3072 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/15 18:20:56.0734 3072 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/15 18:20:56.0875 3072 JSWSCIMD (ad67795900aa8c05cc4570f5349e0639) C:\WINDOWS\system32\DRIVERS\jswscimd.sys
2011/04/15 18:20:56.0937 3072 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/15 18:20:56.0984 3072 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/04/15 18:20:57.0062 3072 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/15 18:20:57.0109 3072 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/15 18:20:57.0312 3072 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
2011/04/15 18:20:57.0421 3072 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/15 18:20:57.0531 3072 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/15 18:20:57.0578 3072 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/15 18:20:57.0671 3072 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/15 18:20:57.0781 3072 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/15 18:20:57.0859 3072 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/04/15 18:20:57.0984 3072 MpKsl4158c514 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{369CB23C-32F1-417B-996D-E1C627FE1827}\MpKsl4158c514.sys
2011/04/15 18:20:58.0078 3072 MpKsl650946d0 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{369CB23C-32F1-417B-996D-E1C627FE1827}\MpKsl650946d0.sys
2011/04/15 18:20:58.0218 3072 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/15 18:20:58.0312 3072 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/15 18:20:58.0421 3072 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/15 18:20:58.0500 3072 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/15 18:20:58.0609 3072 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/15 18:20:58.0703 3072 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/15 18:20:58.0812 3072 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/15 18:20:58.0875 3072 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/15 18:20:58.0968 3072 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/15 18:20:59.0046 3072 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/15 18:20:59.0140 3072 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/15 18:20:59.0203 3072 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/15 18:20:59.0265 3072 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/15 18:20:59.0359 3072 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/15 18:20:59.0437 3072 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/15 18:20:59.0609 3072 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/04/15 18:20:59.0750 3072 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/15 18:20:59.0875 3072 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/15 18:21:00.0031 3072 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/15 18:21:00.0359 3072 nv (ce34061a298bfb4ebd1a0bb8592dc977) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/04/15 18:21:00.0656 3072 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/15 18:21:00.0781 3072 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/15 18:21:00.0859 3072 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/04/15 18:21:01.0000 3072 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\drivers\ctoss2k.sys
2011/04/15 18:21:01.0109 3072 P17 (df886ffed69aead0cf608b89b18c3f6f) C:\WINDOWS\system32\drivers\P17.sys
2011/04/15 18:21:01.0187 3072 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/15 18:21:01.0250 3072 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/15 18:21:01.0296 3072 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/15 18:21:01.0406 3072 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/15 18:21:01.0609 3072 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/15 18:21:02.0140 3072 PfModNT (d9ed17ac15720096a9f92ff4ea587b09) C:\WINDOWS\system32\drivers\PfModNT.sys
2011/04/15 18:21:02.0281 3072 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/15 18:21:02.0359 3072 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/04/15 18:21:02.0453 3072 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/15 18:21:02.0593 3072 PSINAflt (fdc5fbcc24fff63b0dc8057f77224bdc) C:\WINDOWS\system32\DRIVERS\PSINAflt.sys
2011/04/15 18:21:02.0656 3072 PSINFile (21340bae4746bb87685eb7b0340e37f4) C:\WINDOWS\system32\DRIVERS\PSINFile.sys
2011/04/15 18:21:02.0796 3072 PSINKNC (043bb8afcb1fad95046f4cc9374fddf3) C:\WINDOWS\system32\DRIVERS\psinknc.sys
2011/04/15 18:21:02.0890 3072 PSINProc (a821bb25b89ced1999eaf40feb9e3fec) C:\WINDOWS\system32\DRIVERS\PSINProc.sys
2011/04/15 18:21:02.0937 3072 PSINProt (fdb3745e5458ef8e1a39edd65c0d4dec) C:\WINDOWS\system32\DRIVERS\PSINProt.sys
2011/04/15 18:21:03.0000 3072 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/15 18:21:03.0390 3072 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/15 18:21:03.0484 3072 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/15 18:21:03.0578 3072 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/15 18:21:03.0656 3072 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/15 18:21:03.0765 3072 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/15 18:21:03.0859 3072 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/15 18:21:03.0968 3072 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/15 18:21:04.0046 3072 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/15 18:21:04.0250 3072 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
2011/04/15 18:21:04.0437 3072 SCDEmu (23aa53256ce05b975398b78a33474265) C:\WINDOWS\system32\drivers\SCDEmu.sys
2011/04/15 18:21:04.0750 3072 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/15 18:21:04.0890 3072 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/15 18:21:04.0984 3072 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/15 18:21:05.0109 3072 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/15 18:21:05.0453 3072 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/15 18:21:05.0562 3072 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/15 18:21:05.0765 3072 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/15 18:21:05.0906 3072 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
2011/04/15 18:21:06.0062 3072 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/15 18:21:06.0234 3072 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/15 18:21:07.0265 3072 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/15 18:21:07.0671 3072 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/15 18:21:07.0843 3072 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/15 18:21:07.0953 3072 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/15 18:21:08.0046 3072 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/15 18:21:08.0265 3072 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/15 18:21:08.0500 3072 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/15 18:21:08.0687 3072 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/04/15 18:21:08.0828 3072 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/15 18:21:08.0921 3072 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/15 18:21:09.0000 3072 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/15 18:21:09.0078 3072 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/15 18:21:09.0156 3072 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/15 18:21:09.0203 3072 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/15 18:21:09.0296 3072 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/15 18:21:09.0390 3072 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/15 18:21:09.0468 3072 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
2011/04/15 18:21:09.0546 3072 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/04/15 18:21:09.0656 3072 viasraid (ebe101c01d80a42868f57b327be1b564) C:\WINDOWS\system32\DRIVERS\viasraid.sys
2011/04/15 18:21:09.0750 3072 vncdrv (67e6daca80eb4e1cba2ca02a09e76f32) C:\WINDOWS\system32\DRIVERS\vncdrv.sys
2011/04/15 18:21:09.0843 3072 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/15 18:21:09.0921 3072 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/15 18:21:10.0015 3072 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/04/15 18:21:10.0171 3072 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/15 18:21:10.0375 3072 WLNdis50 (bb2c5a7a555b387b85481b8bde5370d7) C:\WINDOWS\system32\DRIVERS\wlndis50.sys
2011/04/15 18:21:10.0765 3072 xusb21 (a640c90b007762939507c28a021be3b3) C:\WINDOWS\system32\DRIVERS\xusb21.sys
2011/04/15 18:21:10.0906 3072 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/15 18:21:10.0906 3072 ================================================================================
2011/04/15 18:21:10.0906 3072 Scan finished
2011/04/15 18:21:10.0906 3072 ================================================================================
2011/04/15 18:21:10.0984 2648 Detected object count: 1
2011/04/15 18:21:22.0234 2648 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/15 18:21:22.0234 2648 \HardDisk0 - ok
2011/04/15 18:21:22.0234 2648 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/04/15 18:21:26.0156 3268 Deinitialize success
princessgeek
Active Member
 
Posts: 4
Joined: April 14th, 2011, 10:20 pm

Re: Google redirects

Unread postby deltalima » April 16th, 2011, 2:58 am

Hi princessgeek,

Please run a quick scan with Malwarebytes and post the log in your next reply.

Please let me know how the computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google redirects

Unread postby princessgeek » April 18th, 2011, 1:02 pm

It was running great, no redirects and then my husband decided he wanted to "fix" something (even though I had asked him not to mess with it) and now I can't even boot the machine. So sorry to have wasted your time. Going to re-install windows and stuff. Assuming I can even do that. Thanks anyway!
princessgeek
Active Member
 
Posts: 4
Joined: April 14th, 2011, 10:20 pm

Re: Google redirects

Unread postby deltalima » April 18th, 2011, 1:36 pm

Hi princessgeek,

Sorry to hear about the machine not booting, I hope you manage to re-install Windows.

I will have this thread archived now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google redirects

Unread postby Cypher » April 18th, 2011, 1:43 pm

As this issue will be resolved with a reformat, this topic is now closed.

If you have been helped and wish to donate to help with the costs of this volunteer site,
please read
Donations For Malware Removal
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 69 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware