Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware virus affecting search engines. being redirected

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware virus affecting search engines. being redirected

Unread postby mattem99 » May 12th, 2011, 5:34 pm

Hello -

As the title implies our main house computer has caught quite the little bug that I'm having trouble getting rid of. I'm not an expert on computers so I will tell you the steps I have taken and will include the Hijackthis log.

Google - bing - yahoo - all search engines are redirecting me or saying "Access to Proxy requires some authentication"

If i have a bookmark or know an exact address i can goto these sights without a problem.

Computer running windows 7.

I have a fully functional up to date VP running (MCafee)

I have run multiple programs doing quick and full system scans.

- AD-Aware
- MalwareBytes
- CCleaner
- As well as my own VP

I was just wondering if someone can take a look at the log with trained eyes and be able to see my potential problem.

Thanks in advanced!
-MattEM99

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Matt at 17:27:34.06 on Thu 05/12/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_25
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4087.2656 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Matt\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uWindow Title = Microsoft Internet Explorer
mStart Page = about:blank
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=C:\Windows\SysWOW64\userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110320222848.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion

\companioncore.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10o_Plugin.exe -update plugin
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Matt\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Matt\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Matt\AppData\Roaming\Dropbox\bin

\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TROJAN~1.LNK - C:\Program Files (x86)\Trojan Guarder\Trojan Guarder.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer

\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer

\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDow ... rtScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101104001750.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live

\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\aoufufqu.default\
FF - prefs.js: browser.startup.homepage - bing.com
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Matt\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-

ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-

ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-

ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-

ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-

ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-

ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-

ABCDEFFEDCBA}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: BugMeNot: {987311C6-B504-4aa2-90BF-60CC49808D42} - %profile%\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - C:\Program Files (x86)\DivX\DivX Plus Web Player

\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2010-9-27 69152]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-3-17 529128]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-3-17 55856]
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2010-3-24 25312]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2010-9-4 75032]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-9-4 283360]
R1 VWiFiFlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-3-17 92160]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-9-23 2146496]
R2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-9-4 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-9-4 355440]
R2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-9-4 355440]
R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-9-4 200056]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-9-4 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-9-4 149032]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984]
R2 WSWNDA3100;WSWNDA3100;C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2010-3-24 278528]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys [2009-11-6 838136]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2010-9-4 62800]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-3-17 317480]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2010-9-23 17152]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-3-17 190136]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2010-9-4 441328]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2011-3-28 155752]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18

130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-

18 138576]
S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp

\DX9\SessionLauncher.exe [?]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 dgderdrv;dgderdrv;C:\Windows\System32\drivers\dgderdrv.sys [2010-10-25 20552]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-24 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2010-11-10 341856]
S3 LVUVC64;Logitech Webcam 250(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2010-11-10 4162784]
S3 mfebopk;McAfee Inc. mfebopk;C:\Windows\System32\drivers\mfebopk.sys [2010-3-17 41032]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-9-4 94864]
S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\System32\drivers\mferkdk.sys [2010-3-17 40904]
S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\System32\drivers\mfesmfk.sys [2010-3-17 49480]
S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.sys [2010-12-27 16392]
S3 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-6-24 92008]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-15 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-05-11 22:27:33 -------- d-----w- C:\Users\Matt\AppData\Local\{0AE0A3E8-9DB4-42DE-87E9-1045CE8A436D}
2011-05-11 22:02:04 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-05-11 22:02:04 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-05-11 22:02:02 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-05-11 22:02:02 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-05-11 01:57:51 -------- d-----w- C:\Users\Matt\AppData\Local\{E4B25593-5FBF-4AE5-8FD9-0C62A0B15FBD}
2011-05-11 01:37:46 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-05-11 01:37:45 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-05-11 01:37:45 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-05-11 01:37:42 99328 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-05-11 01:37:42 52224 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-05-11 01:37:42 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-05-11 01:37:42 324608 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-05-11 01:37:41 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-05-11 01:37:41 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-05-11 01:37:41 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-05-11 01:26:21 388096 ----a-r- C:\Users\Matt\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-

12FCBA4883D7}\HiJackThis.exe
2011-05-11 01:26:20 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-05-11 00:23:10 -------- d-----w- C:\Users\Matt\AppData\Local\{58941AF2-95C4-4946-BC29-B6D14C67063C}
2011-05-10 23:49:51 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-05-10 23:49:51 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2011-05-10 23:34:20 -------- d-----w- C:\Users\Matt\AppData\Local\{40F3CFE0-37C5-4740-A06F-3AF95F459973}
2011-05-10 23:25:12 -------- d-----w- C:\Program Files (x86)\Trojan Guarder
2011-05-10 23:24:24 -------- d-----w- C:\Users\Matt\AppData\Roaming\Malwarebytes
2011-05-10 23:24:18 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-10 23:24:17 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-05-10 23:24:14 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-10 23:24:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-05-07 06:05:19 -------- d-----w- C:\Users\Matt\AppData\Local\{50633B33-BD1A-4880-B7DA-B25700079889}
2011-05-06 07:34:07 -------- d-----w- C:\Users\Matt\AppData\Local\{E20CAAE3-C119-4188-B0C9-B2D9D4354908}
2011-05-06 03:04:10 -------- d-----w- C:\Users\Matt\AppData\Local\{1307135B-4CEA-4C63-B784-C494B48C5A71}
2011-05-06 02:44:07 -------- d-----w- C:\Users\Matt\AppData\Local\{DD8858DD-9B4E-495B-A5F3-540393E9D42A}
2011-05-06 02:08:46 -------- d-----w- C:\Users\Matt\AppData\Local\{6D4C6878-B666-40A6-8C99-1E4E8B60F14D}
2011-05-05 11:01:25 -------- d-----w- C:\Users\Matt\AppData\Local\{4AEA7AF1-B175-40ED-AEE5-BF2544A2EE20}
2011-05-03 19:21:54 -------- d-----w- C:\Users\Matt\AppData\Local\{7418A542-6A76-42C9-B966-3390242BAA12}
2011-05-02 16:57:37 -------- d-----w- C:\Users\Matt\AppData\Local\{FCBF62FF-9B98-4892-A742-779EC74C2A47}
2011-04-30 12:24:15 -------- d-----w- C:\Users\Matt\AppData\Local\{206B9B80-89A1-4431-9216-319C49350531}
2011-04-27 12:07:34 -------- d-----w- C:\Users\Matt\AppData\Local\{50E49791-DC25-4AE4-B84F-9ECE571C196E}
2011-04-24 14:40:58 -------- d-----w- C:\Users\Matt\AppData\Local\{F972312D-BEF2-4359-8D61-9AD7495B6910}
2011-04-23 16:18:42 -------- d-----w- C:\Users\Matt\AppData\Local\{45B7F1B5-E3AB-40A4-B156-2D7CA3131FA0}
2011-04-19 20:17:46 -------- d-----w- C:\Users\Matt\AppData\Roaming\TS3Client
2011-04-19 20:17:35 -------- d-----w- C:\Program Files\TeamSpeak 3 Client
2011-04-18 12:31:06 -------- d-----w- C:\Users\Matt\AppData\Local\{F15D883B-F911-4D42-A2FB-7AC49CD0CBA2}
2011-04-17 19:23:51 -------- d-----w- C:\Users\Matt\AppData\Local\{0D3CE344-BD17-4AB4-A874-72BC6F012A3B}
2011-04-16 15:48:36 -------- d-----w- C:\Users\Matt\AppData\Local\{51BF331E-1E41-4796-B736-BAAF3911B0F4}
2011-04-15 15:55:57 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
2011-04-14 15:02:49 -------- d-----w- C:\Users\Matt\AppData\Local\{1F7511B4-3EA2-4C0E-98A6-D52DD0D7619C}
2011-04-13 15:33:38 -------- d-----w- C:\Users\Matt\AppData\Local\{F616500B-AD52-4AA1-99E0-0EFE38E8EA4E}
2011-04-13 14:11:05 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-04-13 14:11:05 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
.
==================== Find3M ====================
.
2011-04-14 09:07:59 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-03-13 20:28:31 1 ----a-w- C:\Windows\SysWow64\SI.bin
2011-03-12 12:03:46 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-03-12 11:31:58 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-03-11 06:23:13 187264 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-03-11 06:23:06 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-03-11 06:23:06 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-03-11 06:23:06 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-03-11 06:23:00 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-03-11 06:22:41 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-03-11 06:22:40 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-03-11 06:19:26 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 06:19:26 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:18:20 2566144 ----a-w- C:\Windows\System32\esent.dll
2011-03-11 06:15:54 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-03-11 05:40:24 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:40:24 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-11 05:39:35 1686016 ----a-w- C:\Windows\SysWow64\esent.dll
2011-03-11 05:37:34 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-03-08 06:14:30 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:38:13 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-04 06:17:25 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17:24 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:17:10 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-03 06:14:38 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-03-03 05:27:30 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-03-03 03:58:32 3133440 ----a-w- C:\Windows\System32\win32k.sys
2011-03-02 20:34:30 94208 ----a-w- C:\Windows\DIIUnin.exe
2011-03-02 20:34:30 2829 ----a-w- C:\Windows\DIIUnin.pif
2011-02-26 06:23:14 2870272 ----a-w- C:\Windows\explorer.exe
2011-02-26 05:33:07 2614784 ----a-w- C:\Windows\SysWow64\explorer.exe
2011-02-23 05:16:28 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-02-23 05:16:01 401920 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-02-23 05:15:50 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-02-23 05:15:27 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-02-23 05:15:14 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-02-23 05:15:13 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-02-23 05:15:06 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-02-19 06:37:44 1135104 ----a-w- C:\Windows\System32\FntCache.dll
2011-02-19 06:37:10 1540608 ----a-w- C:\Windows\System32\DWrite.dll
2011-02-19 06:36:49 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-02-19 06:36:13 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-02-19 05:32:48 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-02-19 05:32:35 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-02-19 05:32:08 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-02-19 04:13:39 367104 ----a-w- C:\Windows\System32\atmfd.dll
2011-02-19 03:37:02 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-02-18 21:36:58 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2011-02-18 21:36:58 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll
2011-02-18 06:33:50 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-02-18 05:33:29 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-02-12 06:14:41 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
.
============= FINISH: 17:28:21.07 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/24/2010 11:00:20 AM
System Uptime: 5/12/2011 9:30:23 AM (8 hours ago)
.
Motherboard: Dell Inc. | | 0X231R
Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz | CPU 1 | 2660/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 209.019 GiB free.
D: is CDROM (CDFS)
E: is Removable
F: is Removable
G: is Removable
H: is Removable
J: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP147: 5/3/2011 4:05:02 PM - Installed Java(TM) 6 Update 25
RP148: 5/5/2011 10:56:52 PM - Restore Operation
RP149: 5/6/2011 3:00:13 AM - Windows Update
RP150: 5/6/2011 8:27:17 AM - Installed Java(TM) 6 Update 25
RP151: 5/10/2011 9:25:44 PM - Installed HiJackThis
RP152: 5/10/2011 9:47:39 PM - Windows Update
RP153: 5/11/2011 6:02:09 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 9.1.2
Alien Swarm
Apple Application Support
Apple Software Update
Blender (remove only)
BTGuard 2.2
Cities XL 2011
Compatibility Pack for the 2007 Office system
Consumer In-Home Service Agreement
Counter-Strike: Source
Curse Client
D3DX10
Dead Space™ 2
Dell DataSafe Online
Dell Getting Started Guide
Diablo II
DirectXInstallService
DivX Setup
Dragon Age: Origins
Dropbox
Dual-Core Optimizer
EMC 10 Content
Fallout Mod Manager 0.13.21
Fallout: New Vegas
GameSpy Arcade
GIMP 2.6.11
GmoteServer
Google SketchUp 8
Half-Life 2: Deathmatch
Half-Life 2: Lost Coast
Heroes of Might and Magic V Collector Edition
HiJackThis
Hulu Desktop
Internet TV for Windows Media Center
Java Auto Updater
Java(TM) 6 Update 25
Junk Mail filter update
Just Cause 2
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 4.0
Mozilla Firefox (3.6.17)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Card Reader
Netflix in Windows Media Center
NETGEAR WNDA3100v2 wireless USB 2.0 adapter
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
Pando Media Booster
PowerDVD DX
Python 2.6.5
QuickTime
Realtek High Definition Audio Driver
Rome - Total War(TM)
Roxio Activation Module
Roxio BackOnTrack
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy CD and DVD Burning
Roxio Express Labeler 3
Roxio Update Manager
RssBandit
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SimCity 4 Deluxe
Skype Toolbars
Skype™ 5.0
Sonic CinePlayer Decoder Pack
Splashup Light
SPORE™
Spybot - Search & Destroy
Star Trek DAC
Star Wars: The Force Unleashed 2
Steam
System Requirements Lab
Team Fortress 2
The Sims™ 3
Tomb Raider: Anniversary 1.0
TomTom HOME 2.7.5.2014
TomTom HOME Visual Studio Merge Modules
ToZ - Pandemonium 2.1
TrackMania Nations Forever
Trojan Guarder 6.92
TuneUp Companion 1.9.0
Ubisoft Game Launcher
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Vuze
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Flash
Windows Media Center Add-in for Silverlight
Windows Media Player Firefox Plugin
World of Warcraft
Xtranormal State
Xtranormal State - Showpak-Playgoz-Preview
Xtranormal State - SoundPack-Starter Kit
Xtranormal State - Voicepack-English-UK-Daniel
Xtranormal State - Voicepack-English-UK-Serena
Xtranormal State - Voicepack-English-US-Samantha
Xtranormal State - Voicepack-English-US-Tom
.
==== Event Viewer Messages From Past Week ========
.
5/9/2011 9:41:26 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the

interface with IP address 192.168.1.114. The computer with the IP address 192.168.1.105 did not allow the

name to be claimed by this computer.
5/6/2011 8:19:10 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds)

while waiting for the Steam Client Service service to connect.
5/6/2011 8:19:10 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to

start due to the following error: The service did not respond to the start or control request in a timely

fashion.
5/5/2011 6:26:07 PM, Error: Service Control Manager [7001] - The Network List Service service depends on

the Network Location Awareness service which failed to start because of the following error: The

dependency service or group failed to start.
5/5/2011 6:23:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting

to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-

9788B51C9F06}
5/5/2011 6:23:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting

to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-

1604DA9B4F40}
5/5/2011 6:20:26 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends

on the Function Discovery Provider Host service which failed to start because of the following error: The

dependency service or group failed to start.
5/5/2011 6:20:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting

to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-

505054503030}
5/5/2011 6:20:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting

to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-

5C22C517CE39}
5/5/2011 6:20:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting

to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-

001185AD2B89}
5/5/2011 6:20:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting

to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-

00805FC1270E}
5/5/2011 6:20:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting

to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-

00C04FB926AF}
5/5/2011 6:20:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting

to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-

A407-50B198B896DC}
5/5/2011 6:18:26 PM, Error: Service Control Manager [7026] - The following boot-start or system-start

driver(s) failed to load: AFD DfsC discache mfehidk mfenlfk mfewfpk NetBIOS NetBT nsiproxy Psched rdbss

spldr Tcpip tdx VWiFiFlt Wanarpv6 WfpLwf
5/5/2011 6:18:26 PM, Error: Service Control Manager [7001] - The Workstation service depends on the

Network Store Interface Service service which failed to start because of the following error: The

dependency service or group failed to start.
5/5/2011 6:18:26 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service

depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A

device attached to the system is not functioning.
5/5/2011 6:18:26 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine

service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the

following error: A device attached to the system is not functioning.
5/5/2011 6:18:26 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends

on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:

The dependency service or group failed to start.
5/5/2011 6:18:26 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends

on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:

The dependency service or group failed to start.
5/5/2011 6:18:26 PM, Error: Service Control Manager [7001] - The Network Location Awareness service

depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A

device attached to the system is not functioning.
5/5/2011 6:18:26 PM, Error: Service Control Manager [7001] - The Network Connections service depends on

the Network Store Interface Service service which failed to start because of the following error: The

dependency service or group failed to start.
5/5/2011 6:18:26 PM, Error: Service Control Manager [7001] - The Media Center Extender Service service

depends on the Function Discovery Provider Host service which failed to start because of the following

error: The dependency service or group failed to start.
5/5/2011 6:18:26 PM, Error: Service Control Manager [7001] - The McShield service depends on the McAfee

Validation Trust Protection Service service which failed to start because of the following error: The

dependency service or group failed to start.
5/5/2011 6:18:26 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection

Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following

error: A device attached to the system is not functioning.
5/5/2011 6:18:26 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on

the McAfee Firewall Core Service service which failed to start because of the following error: The

dependency service or group failed to start.
5/5/2011 6:18:26 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service

depends on the Windows Firewall service which failed to start because of the following error: The

dependency service or group failed to start.
5/5/2011 6:18:26 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service

depends on the McAfee Validation Trust Protection Service service which failed to start because of the

following error: The dependency service or group failed to start.
5/5/2011 6:18:26 PM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends

on the McAfee Firewall Core Service service which failed to start because of the following error: The

dependency service or group failed to start.
5/5/2011 6:18:26 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network

Store Interface Service service which failed to start because of the following error: The dependency

service or group failed to start.
5/5/2011 6:18:26 PM, Error: Service Control Manager [7001] - The Bonjour Service service depends on the

TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to

the system is not functioning.
5/5/2011 6:18:26 PM, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on

the TCP/IP Protocol Driver service which failed to start because of the following error: A device

attached to the system is not functioning.
5/5/2011 6:18:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting

to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-

AB610816828B}
5/5/2011 6:18:24 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on

the Ancillary Function Driver for Winsock service which failed to start because of the following error: A

device attached to the system is not functioning.
5/5/2011 6:18:24 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service

depends on the NSI proxy service driver. service which failed to start because of the following error: A

device attached to the system is not functioning.
5/5/2011 6:18:24 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO

Legacy TDI Support Driver service which failed to start because of the following error: A device attached

to the system is not functioning.
5/5/2011 6:18:24 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the

Ancillary Function Driver for Winsock service which failed to start because of the following error: A

device attached to the system is not functioning.
5/5/2011 11:03:55 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated

with service-specific error %%-2147023143.
5/5/2011 11:02:29 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated

with service-specific error Access is denied..
5/12/2011 9:31:28 AM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled

itself on IP address 192.168.1.114, since the IP address is outside the 192.168.137.0/255.255.255.0 scope

from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,

change the scope to include the IP address, or change the IP address to fall within the scope.
5/12/2011 9:30:43 AM, Error: Service Control Manager [7000] - The SessionLauncher service failed to start

due to the following error: The system cannot find the file specified.
5/12/2011 5:27:24 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable

to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the

memory manager has encountered an internal error.
5/11/2011 6:10:23 PM, Error: Service Control Manager [7023] -
.
==== End Of File ===========================
mattem99
Active Member
 
Posts: 10
Joined: May 12th, 2011, 3:20 pm
Advertisement
Register to Remove

Re: Malware virus affecting search engines. being redirected

Unread postby Wingman » May 14th, 2011, 6:26 pm

Checking your logs, will return soon with instructions.
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14109
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Malware virus affecting search engines. being redirected

Unread postby Wingman » May 14th, 2011, 6:46 pm

Hello mattem99 ... Welcome to the forum.

My name is Wingman, and I'll be helping you with any malware problems.
The logs I request can take a while to research, so please be patient.

Before we begin...please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so or install any other software (or hardware) during the cleaning process.
  4. Only- post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  5. Print each set of instructions...if possible...your Internet connection will not be available during some fix processes.
  6. Only- reply to this thread, do not start another ... Please, continue responding, until I give you the "All Clean"
  7. Failure to respond for 3 days, will result in your topic being closed.
Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

The steps presented in these posts are for this person and machine ONLY. Do not apply these steps to your own system, without the guidance of a trained malware removal helper. Doing so, may possibly damage your system, preventing it from starting.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.
Malware removal:
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care, not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

For your safety and protection, I would advise backing up all your important documents, personal data files and photos to a CD or DVD drive as some infections may render your computer unbootable during or before the disinfection process. The safest practice is not to backup any files with the following file extensions: exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.


Step 1.
Create a System Restore Point - W7

  1. Go to Start > Control Panel... click the System icon in the Control Panel.
  2. In the left pane click on System Protection.
  3. When the Dialog comes up, click on theSystem protection tab.
  4. Check that the drive letter where Windows is located (usually C:) indicates System protection ON.
    (This indicates System restore is turned ON for the Windows drive).
  5. Click the Create button to create a new restore point. In the Name dialog, type a descriptive name... then click Create.
  6. You will get a message that the Restore Point was created successfully. Click Close.
  7. Click OK and close the System window in the Control Panel.
    < STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!


Step 2.
P2P Advisory!
IMPORTANT There are signs of one or more P2P (Peer to Peer) File Sharing Programs installed on your computer.

µTorrent
Vuze


As long as you have the P2P program(s) installed, per Forum Policy, I can offer you no further assitance.
If you choose NOT to remove the program(s)...indicate that in your next reply and this topic will be closed.
Otherwise, please perform the following steps:
Remove P2P Program(s)
  1. Click on Start > Control Panel and double click on Programs and Features.
  2. Locate the following program:
    µTorrent
    Ad-Aware <<--------------------------- Can be reinstalled after we're done
    Spybot - Search & Destroy <<---- Can be reinstalled after we're done
    Vuze
  3. Click on the Change/Remove button to uninstall it.
    Repeat steps 2 and 3 for each program listed.
  4. When the program(s) have been uninstalled... Close Control Panel.
By using any form of P2P networking to download files you can anticipate infestations of malware to occur. The P2P program
itself, may be safe but the files may not... use P2P at your own risk! Keep in mind that this practice may be the source of your current malware infestation.
Reference... siting risk factors, using P2P programs: How to Prevent the Online Invasion of Spyware and Adware

Continue only if you have removed the requested programs.

Step 3.
CKScanner
Please download CKScanner ... Save it to your desktop.
Make sure that CKScanner.exe is on the your desktop before running the application!
  1. Double-click on the CKScanner.exe icon... then click the Search For Files button.
    Vista-W7 users, you must right click the (CKScanner.exe) icon and choose "Run As Administrator", then click the "Search For Files" button.
  2. When the scan is finished (the cursor hourglass disappears) click the Save List To File button.
    A text file will be created on your desktop named "ckfiles.txt"
  3. Click OK at the file saved message box. Double-click on the ckfiles.txt icon on your desktop.
  4. Please copy/paste the contents of ckfiles.txt in your next reply.

Step 4.
TDSSKiller - Rootkit Removal Tool
If needed, a tutorial with screen shots, available here.

Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista - W7 users: Right-click and select "Run As Administrator".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected...
  5. Click Continue > Reboot now to finish the cleaning process. <-Important!!!
  6. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  7. Copy and paste the contents of that file in your next reply.

Step 5.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. All P2P programs removed?
  3. CKScanner - ckfiles.txt file contents
  4. TDSSKiler log file contents.
  5. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14109
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Malware virus affecting search engines. being redirected

Unread postby mattem99 » May 15th, 2011, 11:53 am

Wingman,

First off, thanks a million for taking the time to help me.

1. No problems executing the instructions.
2. all P2P removed
3. CKSanner

CKScanner - Additional Security Risks - These are not necessarily bad
c:\btguard\civ5 skidrow crack only.rar.torrent
c:\program files (x86)\gimp-2.0\share\gimp\2.0\patterns\cracked.pat
c:\program files (x86)\steam\steamapps\common\fallout new vegas\data\textures\pnx\hud\visor\crack1.dds
c:\program files (x86)\steam\steamapps\common\fallout new vegas\data\textures\pnx\hud\visor\crack2.dds
c:\program files (x86)\steam\steamapps\common\fallout new vegas\data\textures\pnx\hud\visor\crack3.dds
c:\program files (x86)\steam\steamapps\common\fallout new vegas\data\textures\pnx\hud\visor\crack4.dds
c:\program files (x86)\steam\steamapps\common\fallout new vegas\data\textures\pnx\hud\visor\crack5.dds
c:\program files (x86)\steam\steamapps\common\fallout new vegas\data\textures\pnx\hud\visor\crack6.dds
c:\users\matt\desktop\mods\textures\pnx\hud\visor\crack1.dds
c:\users\matt\desktop\mods\textures\pnx\hud\visor\crack2.dds
c:\users\matt\desktop\mods\textures\pnx\hud\visor\crack3.dds
c:\users\matt\desktop\mods\textures\pnx\hud\visor\crack4.dds
c:\users\matt\desktop\mods\textures\pnx\hud\visor\crack5.dds
c:\users\matt\desktop\mods\textures\pnx\hud\visor\crack6.dds
c:\users\matt\downloads\civ5 skidrow crack only.rar
c:\users\matt\downloads\ds2crackfix-flt_epidemz.net.rar
c:\users\matt\downloads\swtfu2.crack-rld.rar
c:\users\matt\music\itunes\itunes media\music\eminem, dr. dre & 50 cent\crack a bottle - single\01 crack a bottle 1.m4a
c:\users\matt\music\itunes\itunes media\music\eminem, dr. dre & 50 cent\crack a bottle - single\01 crack a bottle.m4a
c:\users\matt\music\itunes\itunes media\music\kanye west feat. the game\late registration\07 crack music 1.m4a
c:\users\matt\music\itunes\itunes media\music\kanye west feat. the game\late registration\07 crack music.m4a
c:\users\matt\music\itunes\itunes media\music\mudcrutch\playback_ through the cracks (disk 5)\5-01 on the street 1.m4a
c:\users\matt\music\itunes\itunes media\music\mudcrutch\playback_ through the cracks (disk 5)\5-01 on the street.m4a
c:\users\matt\music\itunes\itunes media\music\mudcrutch\playback_ through the cracks (disk 5)\5-02 depot street.m4a
c:\users\matt\music\itunes\itunes media\music\mudcrutch\playback_ through the cracks (disk 5)\5-03 cry to me.m4a
c:\users\matt\music\itunes\itunes media\music\mudcrutch\playback_ through the cracks (disk 5)\5-04 don't do me like that (mudcrutc.m4a
c:\users\matt\music\itunes\itunes media\music\mudcrutch\playback_ through the cracks (disk 5)\5-05 i can't fight it.m4a
c:\users\matt\music\itunes\itunes media\music\the notorious b.i.g_\life after death (disc 2)\2-05 ten crack commandments.m4a
c:\users\matt\music\itunes\itunes media\music\tom petty\playback_ through the cracks (disk 5)\5-06 since you said you loved me.m4a
c:\users\matt\music\itunes\itunes media\music\tom petty\playback_ through the cracks (disk 5)\5-07 louisiana rain.m4a
c:\users\matt\music\itunes\itunes media\music\tom petty & the heartbreakers\playback_ the other sides [disc 4]\4-04 cracking up.m4a
c:\users\matt\music\itunes\itunes media\music\tom petty & the heartbreakers\playback_ through the cracks (disk 5)\5-08 keeping me alive.m4a
c:\users\matt\music\itunes\itunes media\music\tom petty & the heartbreakers\playback_ through the cracks (disk 5)\5-09 turning point.m4a
c:\users\matt\music\itunes\itunes media\music\tom petty & the heartbreakers\playback_ through the cracks (disk 5)\5-10 stop draggin' my heart around ( 1.m4a
c:\users\matt\music\itunes\itunes media\music\tom petty & the heartbreakers\playback_ through the cracks (disk 5)\5-10 stop draggin' my heart around (.m4a
c:\users\matt\music\itunes\itunes media\music\tom petty & the heartbreakers\playback_ through the cracks (disk 5)\5-11 the apartment song (demo).m4a
c:\users\matt\music\itunes\itunes media\music\tom petty & the heartbreakers\playback_ through the cracks (disk 5)\5-12 big boss man 1.m4a
c:\users\matt\music\itunes\itunes media\music\tom petty & the heartbreakers\playback_ through the cracks (disk 5)\5-12 big boss man.m4a
c:\users\matt\music\itunes\itunes media\music\tom petty & the heartbreakers\playback_ through the cracks (disk 5)\5-13 the image of me.m4a
c:\users\matt\music\itunes\itunes media\music\tom petty & the heartbreakers\playback_ through the cracks (disk 5)\5-14 moon pie.m4a
c:\users\matt\music\itunes\itunes media\music\tom petty & the heartbreakers\playback_ through the cracks (disk 5)\5-15 the damage you've done (country.m4a
hosts 127.0.0.1 activate.adobe.com
hosts 127.0.0.1 practivate.adobe.com
hosts 127.0.0.1 ereg.adobe.com
hosts 127.0.0.1 activate.wip3.adobe.com
hosts 127.0.0.1 wip3.adobe.com
hosts 127.0.0.1 3dns-3.adobe.com
hosts 127.0.0.1 3dns-2.adobe.com
hosts 127.0.0.1 adobe-dns.adobe.com
hosts 127.0.0.1 adobe-dns-2.adobe.com
hosts 127.0.0.1 adobe-dns-3.adobe.com
hosts 127.0.0.1 ereg.wip3.adobe.com
hosts 127.0.0.1 activate-sea.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com
hosts 127.0.0.1 activate-sjc0.adobe.com
scanner sequence 3.ZZ.11
----- EOF -----

4. TDSSKiller
2011/05/15 11:39:46.0419 5592 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/15 11:39:46.0653 5592 ================================================================================
2011/05/15 11:39:46.0653 5592 SystemInfo:
2011/05/15 11:39:46.0653 5592
2011/05/15 11:39:46.0653 5592 OS Version: 6.1.7600 ServicePack: 0.0
2011/05/15 11:39:46.0653 5592 Product type: Workstation
2011/05/15 11:39:46.0653 5592 ComputerName: MATT-PC
2011/05/15 11:39:46.0653 5592 UserName: Matt
2011/05/15 11:39:46.0653 5592 Windows directory: C:\Windows
2011/05/15 11:39:46.0653 5592 System windows directory: C:\Windows
2011/05/15 11:39:46.0653 5592 Running under WOW64
2011/05/15 11:39:46.0653 5592 Processor architecture: Intel x64
2011/05/15 11:39:46.0653 5592 Number of processors: 4
2011/05/15 11:39:46.0653 5592 Page size: 0x1000
2011/05/15 11:39:46.0653 5592 Boot type: Normal boot
2011/05/15 11:39:46.0653 5592 ================================================================================
2011/05/15 11:39:46.0918 5592 Initialize success
2011/05/15 11:39:58.0743 8000 ================================================================================
2011/05/15 11:39:58.0743 8000 Scan started
2011/05/15 11:39:58.0743 8000 Mode: Manual;
2011/05/15 11:39:58.0743 8000 ================================================================================
2011/05/15 11:39:59.0554 8000 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/05/15 11:39:59.0570 8000 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/05/15 11:39:59.0601 8000 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/05/15 11:39:59.0663 8000 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
2011/05/15 11:39:59.0726 8000 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/05/15 11:39:59.0757 8000 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/05/15 11:39:59.0804 8000 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/05/15 11:39:59.0866 8000 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/05/15 11:39:59.0882 8000 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/05/15 11:39:59.0913 8000 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/05/15 11:39:59.0944 8000 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/05/15 11:39:59.0975 8000 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/15 11:40:00.0038 8000 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/05/15 11:40:00.0085 8000 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
2011/05/15 11:40:00.0147 8000 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/05/15 11:40:00.0209 8000 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
2011/05/15 11:40:00.0303 8000 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/05/15 11:40:00.0350 8000 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/05/15 11:40:00.0365 8000 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/05/15 11:40:00.0412 8000 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/15 11:40:00.0428 8000 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/05/15 11:40:00.0475 8000 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/05/15 11:40:00.0506 8000 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/05/15 11:40:00.0584 8000 BCMH43XX (e49110a58a32e9450356686a95dd7763) C:\Windows\system32\DRIVERS\bcmwlhigh664.sys
2011/05/15 11:40:00.0599 8000 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/05/15 11:40:00.0631 8000 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/05/15 11:40:00.0693 8000 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/15 11:40:00.0709 8000 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/05/15 11:40:00.0740 8000 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/05/15 11:40:00.0771 8000 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/05/15 11:40:00.0787 8000 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/15 11:40:00.0802 8000 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/15 11:40:00.0818 8000 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/05/15 11:40:00.0849 8000 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/15 11:40:00.0880 8000 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/15 11:40:00.0911 8000 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/15 11:40:00.0958 8000 cfwids (676535b3156fecf7133cf80b4d2f6cf7) C:\Windows\system32\drivers\cfwids.sys
2011/05/15 11:40:00.0989 8000 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/15 11:40:01.0021 8000 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/05/15 11:40:01.0067 8000 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/15 11:40:01.0099 8000 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/05/15 11:40:01.0114 8000 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/05/15 11:40:01.0145 8000 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/15 11:40:01.0177 8000 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/05/15 11:40:01.0208 8000 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/05/15 11:40:01.0270 8000 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/05/15 11:40:01.0598 8000 dgderdrv (def365f0f6e017888c4b869d3ba4b8e0) C:\Windows\system32\drivers\dgderdrv.sys
2011/05/15 11:40:01.0645 8000 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/05/15 11:40:01.0691 8000 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/05/15 11:40:01.0723 8000 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/05/15 11:40:01.0785 8000 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/15 11:40:01.0910 8000 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/05/15 11:40:02.0019 8000 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/05/15 11:40:02.0066 8000 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/05/15 11:40:02.0097 8000 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/05/15 11:40:02.0113 8000 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/05/15 11:40:02.0144 8000 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/15 11:40:02.0159 8000 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/05/15 11:40:02.0191 8000 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/05/15 11:40:02.0206 8000 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/15 11:40:02.0237 8000 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/05/15 11:40:02.0284 8000 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/05/15 11:40:02.0347 8000 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/05/15 11:40:02.0393 8000 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/15 11:40:02.0440 8000 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/15 11:40:02.0471 8000 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/05/15 11:40:02.0518 8000 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/15 11:40:02.0612 8000 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/15 11:40:02.0705 8000 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/15 11:40:02.0721 8000 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/05/15 11:40:02.0752 8000 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/15 11:40:02.0799 8000 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/15 11:40:02.0846 8000 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/15 11:40:02.0877 8000 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/05/15 11:40:02.0908 8000 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/05/15 11:40:02.0939 8000 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/15 11:40:02.0955 8000 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/15 11:40:02.0986 8000 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
2011/05/15 11:40:03.0080 8000 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
2011/05/15 11:40:03.0142 8000 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/05/15 11:40:03.0205 8000 IntcAzAudAddService (d42d651676883181400e22957a7e0b1e) C:\Windows\system32\drivers\RTKVHD64.sys
2011/05/15 11:40:03.0283 8000 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/05/15 11:40:03.0298 8000 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/15 11:40:03.0345 8000 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/15 11:40:03.0361 8000 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/05/15 11:40:03.0376 8000 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/05/15 11:40:03.0407 8000 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/05/15 11:40:03.0439 8000 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/05/15 11:40:03.0454 8000 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/15 11:40:03.0485 8000 k57nd60a (249ee2d26cb1530f3bede0ac8b9e3099) C:\Windows\system32\DRIVERS\k57nd60a.sys
2011/05/15 11:40:03.0610 8000 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/15 11:40:03.0626 8000 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/15 11:40:03.0657 8000 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/15 11:40:03.0688 8000 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/15 11:40:03.0735 8000 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/05/15 11:40:03.0953 8000 Lbd (3c46290f7a5d45ba6ef32c248e22aa69) C:\Windows\system32\DRIVERS\Lbd.sys
2011/05/15 11:40:04.0016 8000 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/15 11:40:04.0047 8000 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/05/15 11:40:04.0078 8000 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/05/15 11:40:04.0094 8000 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/05/15 11:40:04.0109 8000 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/05/15 11:40:04.0141 8000 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/05/15 11:40:04.0187 8000 LVRS64 (803085f59ec92b3827cc4d90fcbfd335) C:\Windows\system32\DRIVERS\lvrs64.sys
2011/05/15 11:40:04.0312 8000 LVUVC64 (a8d7c97016e6b76ef472a4c7ab357ee3) C:\Windows\system32\DRIVERS\lvuvc64.sys
2011/05/15 11:40:04.0453 8000 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
2011/05/15 11:40:04.0593 8000 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/05/15 11:40:04.0624 8000 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/05/15 11:40:04.0671 8000 mfeapfk (31338e489314ae2a29534fbaa7ad2f1b) C:\Windows\system32\drivers\mfeapfk.sys
2011/05/15 11:40:04.0718 8000 mfeavfk (5822e70233218bcf22a65fcea74d012d) C:\Windows\system32\drivers\mfeavfk.sys
2011/05/15 11:40:04.0827 8000 mfebopk (dd7b52227da36f2718306c98e474b51b) C:\Windows\system32\drivers\mfebopk.sys
2011/05/15 11:40:04.0999 8000 mfefirek (5a24e7c834576313d8c5eaf0825da844) C:\Windows\system32\drivers\mfefirek.sys
2011/05/15 11:40:05.0186 8000 mfehidk (a2607740bb18d631da01e01dcb81843b) C:\Windows\system32\drivers\mfehidk.sys
2011/05/15 11:40:05.0233 8000 mfenlfk (50c3a9d7465d385061c0601deefb5a8e) C:\Windows\system32\DRIVERS\mfenlfk.sys
2011/05/15 11:40:05.0295 8000 mferkdet (edf5ee799a0b3ed6dce8bb16a51f3d1f) C:\Windows\system32\drivers\mferkdet.sys
2011/05/15 11:40:05.0326 8000 mferkdk (624d717b11e5004f68442b5740f17f21) C:\Windows\system32\drivers\mferkdk.sys
2011/05/15 11:40:05.0373 8000 mfesmfk (0cd9de7b96735f33f078c4ea044e8b34) C:\Windows\system32\drivers\mfesmfk.sys
2011/05/15 11:40:05.0435 8000 mfewfpk (9182faf9addd5ea6308d155ceb502c6f) C:\Windows\system32\drivers\mfewfpk.sys
2011/05/15 11:40:05.0513 8000 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/05/15 11:40:05.0545 8000 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/15 11:40:05.0576 8000 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/15 11:40:05.0607 8000 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/15 11:40:05.0654 8000 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/05/15 11:40:05.0685 8000 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/05/15 11:40:05.0701 8000 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/15 11:40:05.0732 8000 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/15 11:40:05.0779 8000 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/15 11:40:05.0810 8000 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/15 11:40:05.0825 8000 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/15 11:40:05.0872 8000 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/05/15 11:40:05.0903 8000 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/05/15 11:40:05.0935 8000 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/05/15 11:40:05.0950 8000 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/15 11:40:05.0981 8000 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/05/15 11:40:06.0028 8000 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/15 11:40:06.0044 8000 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/15 11:40:06.0075 8000 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/05/15 11:40:06.0091 8000 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/05/15 11:40:06.0137 8000 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/15 11:40:06.0153 8000 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/05/15 11:40:06.0215 8000 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/05/15 11:40:06.0278 8000 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/05/15 11:40:06.0356 8000 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/15 11:40:06.0387 8000 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/05/15 11:40:06.0418 8000 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/15 11:40:06.0481 8000 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/15 11:40:06.0543 8000 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/15 11:40:06.0949 8000 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/15 11:40:06.0980 8000 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/05/15 11:40:07.0011 8000 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/15 11:40:07.0027 8000 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/15 11:40:07.0058 8000 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/05/15 11:40:07.0120 8000 NPF (3ceee0be85d24d911b9c02714817774c) C:\Windows\system32\DRIVERS\npf.sys
2011/05/15 11:40:07.0198 8000 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/05/15 11:40:07.0229 8000 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/15 11:40:07.0292 8000 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
2011/05/15 11:40:07.0354 8000 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/05/15 11:40:07.0448 8000 NVHDA (857fb74754ebff94ee3ad40788740916) C:\Windows\system32\drivers\nvhda64v.sys
2011/05/15 11:40:07.0916 8000 nvlddmkm (f12c5f17d48d9f5c70e4408b3ccb5443) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/15 11:40:08.0228 8000 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
2011/05/15 11:40:08.0290 8000 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
2011/05/15 11:40:08.0353 8000 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/05/15 11:40:08.0384 8000 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/15 11:40:08.0415 8000 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/05/15 11:40:08.0446 8000 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/05/15 11:40:08.0462 8000 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/05/15 11:40:08.0493 8000 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/05/15 11:40:08.0509 8000 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/15 11:40:08.0540 8000 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/05/15 11:40:08.0571 8000 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/05/15 11:40:08.0649 8000 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/15 11:40:08.0680 8000 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/05/15 11:40:08.0711 8000 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/15 11:40:08.0774 8000 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/05/15 11:40:08.0821 8000 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/05/15 11:40:08.0883 8000 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/05/15 11:40:08.0899 8000 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/15 11:40:08.0930 8000 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/15 11:40:08.0977 8000 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/15 11:40:09.0023 8000 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/15 11:40:09.0055 8000 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/15 11:40:09.0070 8000 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/15 11:40:09.0148 8000 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/15 11:40:09.0179 8000 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/05/15 11:40:09.0195 8000 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/15 11:40:09.0226 8000 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/15 11:40:09.0242 8000 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/15 11:40:09.0257 8000 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/05/15 11:40:09.0304 8000 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/05/15 11:40:09.0367 8000 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
2011/05/15 11:40:09.0413 8000 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
2011/05/15 11:40:09.0460 8000 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/15 11:40:09.0476 8000 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/05/15 11:40:09.0491 8000 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/15 11:40:09.0538 8000 SCMNdisP (6011cdf54bb6f4c69f38faccdad73d7e) C:\Windows\system32\DRIVERS\scmndisp.sys
2011/05/15 11:40:09.0569 8000 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/05/15 11:40:09.0601 8000 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/15 11:40:09.0616 8000 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/05/15 11:40:09.0647 8000 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/05/15 11:40:09.0694 8000 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/05/15 11:40:09.0741 8000 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/05/15 11:40:09.0757 8000 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/05/15 11:40:09.0803 8000 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/15 11:40:09.0835 8000 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/05/15 11:40:09.0866 8000 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/05/15 11:40:09.0881 8000 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/05/15 11:40:09.0928 8000 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/05/15 11:40:09.0975 8000 srv (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys
2011/05/15 11:40:10.0022 8000 srv2 (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/15 11:40:10.0053 8000 srvnet (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/15 11:40:10.0147 8000 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/05/15 11:40:10.0271 8000 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/15 11:40:10.0334 8000 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/05/15 11:40:10.0443 8000 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/15 11:40:10.0474 8000 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/15 11:40:10.0505 8000 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/05/15 11:40:10.0537 8000 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/05/15 11:40:10.0568 8000 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/15 11:40:10.0583 8000 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/15 11:40:10.0646 8000 TFsExDisk (ce4b6956e4e12492715a53076e58761f) C:\Windows\System32\Drivers\TFsExDisk.sys
2011/05/15 11:40:10.0724 8000 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/15 11:40:10.0755 8000 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/15 11:40:10.0786 8000 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/05/15 11:40:10.0802 8000 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/15 11:40:10.0849 8000 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/05/15 11:40:10.0880 8000 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/15 11:40:10.0895 8000 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/15 11:40:10.0942 8000 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
2011/05/15 11:40:11.0020 8000 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/05/15 11:40:11.0083 8000 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/15 11:40:11.0129 8000 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/05/15 11:40:11.0176 8000 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/15 11:40:11.0301 8000 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/15 11:40:11.0379 8000 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
2011/05/15 11:40:11.0457 8000 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/15 11:40:11.0519 8000 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
2011/05/15 11:40:11.0551 8000 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
2011/05/15 11:40:11.0613 8000 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/05/15 11:40:11.0644 8000 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/15 11:40:11.0660 8000 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/05/15 11:40:11.0691 8000 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/05/15 11:40:11.0707 8000 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/05/15 11:40:11.0738 8000 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/05/15 11:40:11.0753 8000 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/05/15 11:40:11.0785 8000 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/05/15 11:40:11.0816 8000 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/05/15 11:40:11.0847 8000 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/05/15 11:40:11.0925 8000 VWiFiFlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/05/15 11:40:12.0019 8000 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/05/15 11:40:12.0050 8000 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/05/15 11:40:12.0081 8000 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/15 11:40:12.0097 8000 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/15 11:40:12.0128 8000 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/05/15 11:40:12.0159 8000 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/15 11:40:12.0206 8000 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/15 11:40:12.0237 8000 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/05/15 11:40:12.0315 8000 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/05/15 11:40:12.0346 8000 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/15 11:40:12.0409 8000 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/15 11:40:12.0440 8000 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/05/15 11:40:12.0471 8000 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/15 11:40:12.0565 8000 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
2011/05/15 11:40:12.0674 8000 ================================================================================
2011/05/15 11:40:12.0674 8000 Scan finished
2011/05/15 11:40:12.0674 8000 ================================================================================

5. Computer/search engines seem to be working properlly atm. No redirects.

Wingman thanks alot for the help. I will repost within the next day if the problem surfaces again.

-Matt
mattem99
Active Member
 
Posts: 10
Joined: May 12th, 2011, 3:20 pm

Re: Malware virus affecting search engines. being redirected

Unread postby Wingman » May 15th, 2011, 1:10 pm

Hello matt,

There is evidence of some cracked software on your machine. This software must be removed before any futher help will be provided.

Step 1.
Create a System Restore Point - W7

  1. Go to Start > Control Panel... click the System icon in the Control Panel.
  2. In the left pane click on System Protection.
  3. When the Dialog comes up, click on theSystem protection tab.
  4. Check that the drive letter where Windows is located (usually C:) indicates System protection ON.
    (This indicates System restore is turned ON for the Windows drive).
  5. Click the Create button to create a new restore point. In the Name dialog, type a descriptive name... then click Create.
  6. You will get a message that the Restore Point was created successfully. Click Close.
  7. Click OK and close the System window in the Control Panel.
    < STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!


Step 2.
Uninstall Programs
  1. Click on Start...then... Click the Start Search box on the Start Menu.
  2. Copy and paste the value below, into the open text entry box:
    control appwiz.cpl
      Depending on your current view setting ...
    • Double click on Programs and Features.
    • Under Programs, click on Uninstall a program.
  3. Locate the following program(s):
    Civilization 5
    Dead Space™ 2
    Star Wars: The Force Unleashed 2
  4. Select the program and click on Uninstall to uninstall it.
  5. Repeat steps 3 - 4 for each program in the list. When finished... Close the Control Panel window.

Step 3.
Reset Host File
  1. Open Notepad.
  2. Copy and paste the contents of the box below, into Notepad.
    @Echo off

    pushd\windows\system32\drivers\etc
    attrib -h -s -r hosts
    copy /y "C:\windows\system32\drivers\etc\hosts" "C:\windows\system32\drivers\etc\hosts.bk1"
    echo # 127.0.0.1 localhost>HOSTS
    echo # ::1 localhost>>HOSTS
    attrib +r +h +s hosts
    popd
    del /f /q "c:\users\matt\downloads\civ5 skidrow crack only.rar"
    del /f /q "c:\users\matt\downloads\ds2crackfix-flt_epidemz.net.rar"
    del /f /q "c:\users\matt\downloads\swtfu2.crack-rld.rar"
    del %0
  3. Using the Command line, select File... then select Save As.
  4. Filename = RestHost.bat
  5. Save as Type = All Files <<=== important, won't work otherwise.
  6. Save the file to your Desktop.
  7. Right click on the RestHost.bat... select Run As Administrator to execute. The batch file will be deleted when finished.

Step 4.
DDS Scan - Re-run
    Disable any script blocking software you have running before running DDS.
  1. Please double click dds.com to run the tool. (File name will be different if alternate download used).
    Vista - W7 users: You must right click on the file above and select "Run As Administrator" to run the tool.
    A black window will open with some instructions/comments...
  2. When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
    Caution: The above logs will NOT be saved... you must save them to your desktop.
  3. Please post both the DDS.txt and Attach.txt files in your next reply.

Step 5.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. Programs removed?
  3. DDS.txt and Attach.txt files content.
  4. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14109
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Malware virus affecting search engines. being redirected

Unread postby mattem99 » May 16th, 2011, 1:22 pm

1.) No problems
2.) Programs Removed
3.)

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Matt at 13:18:01.46 on Mon 05/16/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_25
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4087.2591 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Matt\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uWindow Title = Microsoft Internet Explorer
mStart Page = about:blank
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=C:\Windows\SysWOW64\userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110513062305.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion

\companioncore.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Matt\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Matt\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Matt\AppData\Roaming\Dropbox\bin

\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer

\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer

\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDow ... rtScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110513062305.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live

\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\aoufufqu.default\
FF - prefs.js: browser.startup.homepage - bing.com
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Matt\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-

ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-

ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-

ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-

ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-

ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-

ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-

ABCDEFFEDCBA}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: BugMeNot: {987311C6-B504-4aa2-90BF-60CC49808D42} - %profile%\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - C:\Program Files (x86)\DivX\DivX Plus Web Player

\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2010-9-27 69152]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-3-17 530304]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-3-17 55856]
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2010-3-24 25312]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2010-9-4 75160]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-9-4 283744]
R1 VWiFiFlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-3-17 92160]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-9-4 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-9-4 355440]
R2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-9-4 355440]
R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-9-4 200056]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-9-4 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-9-4 149032]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984]
R2 WSWNDA3100;WSWNDA3100;C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2010-3-24 278528]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys [2009-11-6 838136]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2010-9-4 63056]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-3-17 317480]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-3-17 190520]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2010-9-4 441840]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2011-3-28 155752]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18

130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-

18 138576]
S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp

\DX9\SessionLauncher.exe [?]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 dgderdrv;dgderdrv;C:\Windows\System32\drivers\dgderdrv.sys [2010-10-25 20552]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-24 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2010-11-10 341856]
S3 LVUVC64;Logitech Webcam 250(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2010-11-10 4162784]
S3 mfebopk;McAfee Inc. mfebopk;C:\Windows\System32\drivers\mfebopk.sys [2010-3-17 41032]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-9-4 94992]
S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\System32\drivers\mferkdk.sys [2010-3-17 40904]
S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\System32\drivers\mfesmfk.sys [2010-3-17 49480]
S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.sys [2010-12-27 16392]
S3 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-6-24 92008]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-15 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-05-16 16:47:01 -------- d-----w- C:\PROGRA~3\Solidshield
2011-05-15 20:14:33 -------- d-----w- C:\Users\Matt\AppData\Local\{672C672C-1A4F-4BF8-897B-14374FB8A8E1}
2011-05-15 14:27:49 -------- d-----w- C:\Users\Matt\AppData\Local\{6F7AEE56-A139-4F93-899D-DFF3A9B28323}
2011-05-13 13:22:11 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-13 13:21:57 -------- d-----w- C:\Users\Matt\AppData\Local\{D60FBD2D-FA10-4C56-815D-9FF65101786B}
2011-05-11 22:27:33 -------- d-----w- C:\Users\Matt\AppData\Local\{0AE0A3E8-9DB4-42DE-87E9-1045CE8A436D}
2011-05-11 22:02:04 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-05-11 22:02:04 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-05-11 22:02:02 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-05-11 22:02:02 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-05-11 01:57:51 -------- d-----w- C:\Users\Matt\AppData\Local\{E4B25593-5FBF-4AE5-8FD9-0C62A0B15FBD}
2011-05-11 01:37:46 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-05-11 01:37:45 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-05-11 01:37:45 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-05-11 01:37:42 99328 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-05-11 01:37:42 52224 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-05-11 01:37:42 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-05-11 01:37:42 324608 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-05-11 01:37:41 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-05-11 01:37:41 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-05-11 01:37:41 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-05-11 01:26:21 388096 ----a-r- C:\Users\Matt\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-

12FCBA4883D7}\HiJackThis.exe
2011-05-11 01:26:20 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-05-11 00:23:10 -------- d-----w- C:\Users\Matt\AppData\Local\{58941AF2-95C4-4946-BC29-B6D14C67063C}
2011-05-10 23:49:51 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-05-10 23:49:51 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2011-05-10 23:34:20 -------- d-----w- C:\Users\Matt\AppData\Local\{40F3CFE0-37C5-4740-A06F-3AF95F459973}
2011-05-10 23:25:12 -------- d-----w- C:\Program Files (x86)\Trojan Guarder
2011-05-10 23:24:24 -------- d-----w- C:\Users\Matt\AppData\Roaming\Malwarebytes
2011-05-10 23:24:18 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-10 23:24:17 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-05-10 23:24:14 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-10 23:24:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-05-07 06:05:19 -------- d-----w- C:\Users\Matt\AppData\Local\{50633B33-BD1A-4880-B7DA-B25700079889}
2011-05-06 07:34:07 -------- d-----w- C:\Users\Matt\AppData\Local\{E20CAAE3-C119-4188-B0C9-B2D9D4354908}
2011-05-06 03:04:10 -------- d-----w- C:\Users\Matt\AppData\Local\{1307135B-4CEA-4C63-B784-C494B48C5A71}
2011-05-06 02:44:07 -------- d-----w- C:\Users\Matt\AppData\Local\{DD8858DD-9B4E-495B-A5F3-540393E9D42A}
2011-05-06 02:08:46 -------- d-----w- C:\Users\Matt\AppData\Local\{6D4C6878-B666-40A6-8C99-1E4E8B60F14D}
2011-05-05 11:01:25 -------- d-----w- C:\Users\Matt\AppData\Local\{4AEA7AF1-B175-40ED-AEE5-BF2544A2EE20}
2011-05-03 19:21:54 -------- d-----w- C:\Users\Matt\AppData\Local\{7418A542-6A76-42C9-B966-3390242BAA12}
2011-05-02 16:57:37 -------- d-----w- C:\Users\Matt\AppData\Local\{FCBF62FF-9B98-4892-A742-779EC74C2A47}
2011-04-30 12:24:15 -------- d-----w- C:\Users\Matt\AppData\Local\{206B9B80-89A1-4431-9216-319C49350531}
2011-04-27 12:07:34 -------- d-----w- C:\Users\Matt\AppData\Local\{50E49791-DC25-4AE4-B84F-9ECE571C196E}
2011-04-24 14:40:58 -------- d-----w- C:\Users\Matt\AppData\Local\{F972312D-BEF2-4359-8D61-9AD7495B6910}
2011-04-23 16:18:42 -------- d-----w- C:\Users\Matt\AppData\Local\{45B7F1B5-E3AB-40A4-B156-2D7CA3131FA0}
2011-04-19 20:17:46 -------- d-----w- C:\Users\Matt\AppData\Roaming\TS3Client
2011-04-19 20:17:35 -------- d-----w- C:\Program Files\TeamSpeak 3 Client
2011-04-18 12:31:06 -------- d-----w- C:\Users\Matt\AppData\Local\{F15D883B-F911-4D42-A2FB-7AC49CD0CBA2}
2011-04-17 19:23:51 -------- d-----w- C:\Users\Matt\AppData\Local\{0D3CE344-BD17-4AB4-A874-72BC6F012A3B}
.
==================== Find3M ====================
.
2011-04-14 18:01:38 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2011-04-14 18:01:38 94992 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2011-04-14 18:01:38 75160 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2011-04-14 18:01:38 63056 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2011-04-14 18:01:38 530304 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2011-04-14 18:01:38 441840 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2011-04-14 18:01:38 283744 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2011-04-14 18:01:38 190520 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2011-04-14 18:01:38 121376 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2011-04-14 09:07:59 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-03-13 20:28:31 1 ----a-w- C:\Windows\SysWow64\SI.bin
2011-03-12 12:03:46 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-03-12 11:31:58 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-03-11 06:23:13 187264 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-03-11 06:23:06 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-03-11 06:23:06 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-03-11 06:23:06 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-03-11 06:23:00 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-03-11 06:22:41 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-03-11 06:22:40 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-03-11 06:19:26 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 06:19:26 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:18:20 2566144 ----a-w- C:\Windows\System32\esent.dll
2011-03-11 06:15:54 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-03-11 05:40:24 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:40:24 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-11 05:39:35 1686016 ----a-w- C:\Windows\SysWow64\esent.dll
2011-03-11 05:37:34 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-03-08 06:14:30 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:38:13 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-04 06:17:25 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17:24 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:17:10 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-03 06:14:38 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-03-03 05:27:30 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-03-03 03:58:32 3133440 ----a-w- C:\Windows\System32\win32k.sys
2011-03-02 20:34:30 94208 ----a-w- C:\Windows\DIIUnin.exe
2011-03-02 20:34:30 2829 ----a-w- C:\Windows\DIIUnin.pif
2011-02-26 06:23:14 2870272 ----a-w- C:\Windows\explorer.exe
2011-02-26 05:33:07 2614784 ----a-w- C:\Windows\SysWow64\explorer.exe
2011-02-24 06:30:00 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-02-24 05:32:52 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-23 05:16:28 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-02-23 05:16:01 401920 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-02-23 05:15:50 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-02-23 05:15:27 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-02-23 05:15:14 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-02-23 05:15:13 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-02-23 05:15:06 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-02-19 06:37:44 1135104 ----a-w- C:\Windows\System32\FntCache.dll
2011-02-19 06:37:10 1540608 ----a-w- C:\Windows\System32\DWrite.dll
2011-02-19 06:36:49 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-02-19 06:36:13 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-02-19 05:32:48 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-02-19 05:32:35 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-02-19 05:32:08 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-02-19 04:13:39 367104 ----a-w- C:\Windows\System32\atmfd.dll
2011-02-19 03:37:02 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-02-18 21:36:58 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2011-02-18 21:36:58 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll
2011-02-18 06:33:50 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-02-18 05:33:29 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
.
============= FINISH: 13:18:23.47 ===============


iv.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/24/2010 11:00:20 AM
System Uptime: 5/15/2011 4:14:08 PM (21 hours ago)
.
Motherboard: Dell Inc. | | 0X231R
Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz | CPU 1 | 2660/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 245.383 GiB free.
D: is CDROM (CDFS)
E: is Removable
F: is Removable
G: is Removable
H: is Removable
J: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP148: 5/5/2011 10:56:52 PM - Restore Operation
RP149: 5/6/2011 3:00:13 AM - Windows Update
RP150: 5/6/2011 8:27:17 AM - Installed Java(TM) 6 Update 25
RP151: 5/10/2011 9:25:44 PM - Installed HiJackThis
RP152: 5/10/2011 9:47:39 PM - Windows Update
RP153: 5/11/2011 6:02:09 PM - Windows Update
RP154: 5/15/2011 11:34:03 AM - malware
RP155: 5/16/2011 12:45:06 PM - male
RP156: 5/16/2011 12:46:40 PM - Removed Dead Space™ 2
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 9.1.2
Alien Swarm
Apple Application Support
Apple Software Update
Blender (remove only)
BTGuard 2.2
Cities XL 2011
Compatibility Pack for the 2007 Office system
Consumer In-Home Service Agreement
Counter-Strike: Source
Curse Client
D3DX10
Dell DataSafe Online
Dell Getting Started Guide
Diablo II
DirectXInstallService
DivX Setup
Dragon Age: Origins
Dropbox
Dual-Core Optimizer
EMC 10 Content
Fallout Mod Manager 0.13.21
Fallout: New Vegas
GameSpy Arcade
GIMP 2.6.11
GmoteServer
Google SketchUp 8
Half-Life 2: Deathmatch
Half-Life 2: Lost Coast
Heroes of Might and Magic V Collector Edition
HiJackThis
Hulu Desktop
Internet TV for Windows Media Center
Java Auto Updater
Java(TM) 6 Update 25
Junk Mail filter update
Just Cause 2
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 4.0
Mozilla Firefox (3.6.17)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Card Reader
Netflix in Windows Media Center
NETGEAR WNDA3100v2 wireless USB 2.0 adapter
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
Pando Media Booster
PowerDVD DX
Python 2.6.5
QuickTime
Realtek High Definition Audio Driver
Rome - Total War(TM)
Roxio Activation Module
Roxio BackOnTrack
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy CD and DVD Burning
Roxio Express Labeler 3
Roxio Update Manager
RssBandit
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SimCity 4 Deluxe
Skype Toolbars
Skype™ 5.0
Sonic CinePlayer Decoder Pack
Splashup Light
SPORE™
Star Trek DAC
Steam
System Requirements Lab
Team Fortress 2
The Sims™ 3
Tomb Raider: Anniversary 1.0
TomTom HOME 2.7.5.2014
TomTom HOME Visual Studio Merge Modules
ToZ - Pandemonium 2.1
TrackMania Nations Forever
TuneUp Companion 1.9.0
Ubisoft Game Launcher
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Flash
Windows Media Center Add-in for Silverlight
Windows Media Player Firefox Plugin
World of Warcraft
Xtranormal State
Xtranormal State - Showpak-Playgoz-Preview
Xtranormal State - SoundPack-Starter Kit
Xtranormal State - Voicepack-English-UK-Daniel
Xtranormal State - Voicepack-English-UK-Serena
Xtranormal State - Voicepack-English-US-Samantha
Xtranormal State - Voicepack-English-US-Tom
.
==== Event Viewer Messages From Past Week ========
.
5/16/2011 2:26:52 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the

interface with IP address 192.168.1.114. The computer with the IP address 192.168.1.105 did not allow the

name to be claimed by this computer.
5/16/2011 12:42:48 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has

disabled itself on IP address 192.168.1.114, since the IP address is outside the

192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the

DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to

fall within the scope.
5/16/2011 1:18:22 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable

to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the

memory manager has encountered an internal error.
5/15/2011 4:12:01 PM, Error: Service Control Manager [7000] - The SessionLauncher service failed to start

due to the following error: The system cannot find the file specified.
5/11/2011 6:10:23 PM, Error: Service Control Manager [7023] -
.
==== End Of File ===========================


4.) still being redirected after going through search engines.

Thanks,
Matt
mattem99
Active Member
 
Posts: 10
Joined: May 12th, 2011, 3:20 pm

Re: Malware virus affecting search engines. being redirected

Unread postby Wingman » May 16th, 2011, 7:07 pm

Hello matt,

Let's keep working this issue...

Please do not make any changes to your system: do not add or remove any software, run any scans or "fix" programs and/or remove any files unless instructed to do so, by me. Please read these instructions carefully before executing and then perform the steps, in the order given. If you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Step 1.
Create a System Restore Point - W7

  1. Go to Start > Control Panel... click the System icon in the Control Panel.
  2. In the left pane click on System Protection.
  3. When the Dialog comes up, click on theSystem protection tab.
  4. Check that the drive letter where Windows is located (usually C:) indicates System protection ON.
    (This indicates System restore is turned ON for the Windows drive).
  5. Click the Create button to create a new restore point. In the Name dialog, type a descriptive name... then click Create.
  6. You will get a message that the Restore Point was created successfully. Click Close.
  7. Click OK and close the System window in the Control Panel.
    < STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 2.
aswMBR - Scan

Please download aswMBR.exe ... © Avast Software ( 511KB ). Save it to your desktop.
  1. Double click the aswMBR.exe to run it
  2. Click the "Scan" button to start the scan.
  3. On completion of the scan, "Scan finished successfully" press the "Save log" button.
  4. You'll be prompted to save a file named "aswMBR.txt"... Save it to your desktop.
  5. Please copy and paste the contents of aswMBR.txt in your next reply.
Note: A file will be created and placed on your desktop when you execute aswMBR, named MBR.dat... this is a copy of your MBR record, before we make changes, it can be used to recover MBR to previous condition, if problem exist after changes.

Step 3.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. aswMBR.txt file contents
  3. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14109
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Malware virus affecting search engines. being redirected

Unread postby mattem99 » May 16th, 2011, 7:32 pm

1.) No
2.)

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-16 19:16:13
-----------------------------
19:16:13.042 OS Version: Windows x64 6.1.7600
19:16:13.042 Number of processors: 4 586 0x1E05
19:16:13.042 ComputerName: MATT-PC UserName: Matt
19:16:17.161 Initialize success
19:16:32.369 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:16:32.370 Disk 0 Vendor: ST3500418AS CC45 Size: 476940MB BusType: 3
19:16:34.391 Disk 0 MBR read successfully
19:16:34.406 Disk 0 MBR scan
19:16:34.408 Disk 0 unknown MBR code
19:16:34.409 Service scanning
19:16:35.715 Disk 0 trace - called modules:
19:16:35.719 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
19:16:35.721 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bc0060]
19:16:35.723 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> [0xfffffa8004a7d520]
19:16:35.725 5 ACPI.sys[fffff88000f8a781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004a7f060]
19:16:35.727 Scan finished successfully
19:16:59.539 Disk 0 MBR has been saved successfully to "C:\Users\Matt\Desktop\MBR.dat"
19:16:59.542 The log file has been saved successfully to "C:\Users\Matt\Desktop\aswMBR.txt"

4.) still Funky. I use Mozilla and have my homepage set to google. Now it is set to bing. After going through these engines i get redirected about 75% of the time. The redirect occurs after the search results have popped up.

another interesting bit of information that may be of use to you is that again with mozilla I usually always use there default search bar that comes with the browser. The serach box is set to goggle and when I do a search from their specifically i end up a a blank white page that says --

302 Moved
The document has moved here.

Thanks again,
-Matt
mattem99
Active Member
 
Posts: 10
Joined: May 12th, 2011, 3:20 pm

Re: Malware virus affecting search engines. being redirected

Unread postby Wingman » May 16th, 2011, 8:01 pm

Hello matt,

Your MBR record appears to be OK... changes in this record can casue the kind of issues you're having.
Let's keep working this issue...
We'll check for a Goored infection and also reset some Firefox browser preferences.

Please do not make any changes to your system: do not add or remove any software, run any scans or "fix" programs and/or remove any files unless instructed to do so, by me. Please read these instructions carefully before executing and then perform the steps, in the order given. If you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Step 1.
Create a System Restore Point - W7

  1. Go to Start > Control Panel... click the System icon in the Control Panel.
  2. In the left pane click on System Protection.
  3. When the Dialog comes up, click on theSystem protection tab.
  4. Check that the drive letter where Windows is located (usually C:) indicates System protection ON.
    (This indicates System restore is turned ON for the Windows drive).
  5. Click the Create button to create a new restore point. In the Name dialog, type a descriptive name... then click Create.
  6. You will get a message that the Restore Point was created successfully. Click Close.
  7. Click OK and close the System window in the Control Panel.
    < STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!


Step 2.
GooredFix
Please download GooredFix...by jpshortstuff. Save it to your desktop.
Alternate download site.
  1. Ensure all Firefox windows are closed.
  2. Double-click GooredFix.exe to run it. If you don't get a UAC prompt for Admin rights then, Right-click GooredFix.exe, select Run As Administrator.
  3. When prompted to run the scan, click Yes.
    GooredFix will check for infections, and then a log file will open... named "GooredFix.txt".
  4. Please copy and paste the contents of the GooredFix.txt file in your next reply.

Step 3.
Reset Firefox
  1. Go to Start -> All Programs -> Mozilla Firefox ...use the "Mozilla Firefox (Safe Mode)", shortcut.
      If this shortcut is missing, use:
      "Start -> Run" and enter one of the following:
      Using Vista or Windows 7: use the Start Search box then enter one of the following in the text field:
      firefox -safe-mode .... OR
      "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
      You may need to alter the above path, if you installed Firefox to a different location.
      Press the OK...button.

    A Firefox Safe Mode window will open with Safe Mode options. (Refer to image below.)
    Image
  2. Select "Reset all user preferences to Firefox defaults"
  3. Press the "Make Changes and Restart"...button.
    Restarts Firefox...normally, using selected options, these changes ARE permanent. Any user customizations will need to be reapplied.
  4. After Firefox restarts click on "Check for Updates".


Step 4.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. GooredFix.txt
  3. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14109
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Malware virus affecting search engines. being redirected

Unread postby mattem99 » May 17th, 2011, 12:06 pm

1) No Problems with instructions
2)

GooredFix by jpshortstuff (03.07.10.1)
Log created at 00:56 on 17/05/2011 (Matt)
Firefox version 3.6.17 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [03:05 02/03/2011]
{AB2CE124-6272-4b12-94A9-7303C7397BD1} [23:58 04/11/2010]
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [15:35 02/04/2010]
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [20:39 26/05/2010]
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [23:33 31/08/2010]
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [11:02 26/10/2010]
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [18:28 27/12/2010]
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [20:27 02/03/2011]
{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [12:30 06/05/2011]

C:\Users\Matt\Application Data\Mozilla\Firefox\Profiles\aoufufqu.default\extensions\
pmog@gamelayers.com [03:08 02/03/2011]
{987311C6-B504-4aa2-90BF-60CC49808D42} [16:15 21/03/2011]
{AE93811A-5C9A-4d34-8462-F7B864FC4696} [03:08 02/03/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"="C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video" [03:15 17/03/2011]
"{6904342A-8307-11DF-A508-4AE2DFD72085}"="C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa" [03:15 17/03/2011]

-=E.O.F=-

3.) It is still acting up. Something I just noticed is when I try and open my Gmail from one of my shortcut buttons I receive this message


"This Connection is Untrusted





You have asked Firefox to connect
securely to www.google.com, but we can't confirm that your connection is secure.
Normally, when you try to connect securely,
sites will present trusted identification to prove that you are
going to the right place. However, this site's identity can't be verified.



What Should I Do?

If you usually connect to
this site without problems, this error could mean that someone is
trying to impersonate the site, and you shouldn't continue."



Thanks Wingman!
-Matt
mattem99
Active Member
 
Posts: 10
Joined: May 12th, 2011, 3:20 pm

Re: Malware virus affecting search engines. being redirected

Unread postby Wingman » May 18th, 2011, 8:07 am

Hello matt,

Thanks for hanging in there with me... malware removal can be tedious. If you use Internet Explorer, do you get redirected?

Please do not make any changes to your system: do not add or remove any software, run any scans or "fix" programs and/or remove any files unless instructed to do so, by me. Please read these instructions carefully before executing and then perform the steps, in the order given. If you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Step 1.
Create a System Restore Point - W7

  1. Go to Start > Control Panel... click the System icon in the Control Panel.
  2. In the left pane click on System Protection.
  3. When the Dialog comes up, click on theSystem protection tab.
  4. Check that the drive letter where Windows is located (usually C:) indicates System protection ON.
    (This indicates System restore is turned ON for the Windows drive).
  5. Click the Create button to create a new restore point. In the Name dialog, type a descriptive name... then click Create.
  6. You will get a message that the Restore Point was created successfully. Click Close.
  7. Click OK and close the System window in the Control Panel.
    < STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!


Step 2.
ComboFix
Image
Please download ComboFix.exe... © Copyrighted to sUBs. Save it to your desktop. <<--- IMPORTANT!! .
Alternate download site: here
If you previously downloaded ComboFix, please delete that version and download it again. This tool is frequently updated.

The first thing you need to do is print out How-To-Use-ComboFix. Read these instructions thoroughly.
You will not have Internet access when you execute ComboFix.
Please disable any Antivirus or Firewall you have active, as shown in this topic. Close all open application windows.

  1. Double click the ComboFix.exe icon on your desktop to begin execution. If you receive the "Open File - Security Warning"... press Run.
  2. Press Yes to the Disclaimer prompt.
    ComboFix screen appears... preparing to run. ComboFix will now begin creating a System Restore Point and then backup your registry.
  3. If not already installed... Press Yes to the "Install Recovery Console" prompt.
  4. Press Yes at the Recovery Console installation results prompt...
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash!
    When finished... Notepad will open ... ComboFix will produce a log file called "log.txt".
  5. Please copy/paste the contents of log.txt... in your next reply.
Do NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read Combofix's Disclaimer.

** Enable your Antivirus and Firewall, before connecting to the Internet again! **

Step 3.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. ComboFix log.txt file contents.
  3. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14109
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Malware virus affecting search engines. being redirected

Unread postby mattem99 » May 19th, 2011, 5:08 pm

Wingman,

Couple things. Problem does occur while using both mozilla and IE.
Also the problem is happening on a desktop as well as a laptop. Unplugging router and modem gets rid of the problem from anywhere between 10 minutes to an hour. That said,

1.) No Problems

2.)

ComboFix 11-05-18.04 - Matt 05/19/2011 16:51:40.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4087.2897 [GMT -4:00]
Running from: c:\users\Matt\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Trojan Guarder
c:\program files (x86)\Trojan Guarder\clpt.dll
c:\program files (x86)\Trojan Guarder\config.ini
c:\program files (x86)\Trojan Guarder\EGhostLog.txt
c:\program files (x86)\Trojan Guarder\WhiteList.txt
c:\windows\system32\jusched.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\system32
c:\windows\SysWow64\system32\cis-2.4.dll
c:\windows\SysWow64\system32\issacapi_bs-2.3.dll
c:\windows\SysWow64\system32\issacapi_pe-2.3.dll
c:\windows\SysWow64\system32\issacapi_se-2.3.dll
c:\windows\SysWow64\system32\MACXMLProto.dll
c:\windows\SysWow64\system32\MaDRM.dll
c:\windows\SysWow64\system32\MaJGUILib.dll
c:\windows\SysWow64\system32\MaJUtilLib.dll
c:\windows\SysWow64\system32\MAMACExtract.dll
c:\windows\SysWow64\system32\MASetupCaller.dll
c:\windows\SysWow64\system32\MASetupCleaner.exe
c:\windows\SysWow64\system32\MaXMLProto.dll
c:\windows\SysWow64\system32\MetaStore2.dll
c:\windows\SysWow64\system32\Microsoft.Synchronization.dll
c:\windows\SysWow64\system32\MK_Lyric.dll
c:\windows\SysWow64\system32\MSCLib.dll
c:\windows\SysWow64\system32\MSFLib.dll
c:\windows\SysWow64\system32\MSLUR71.dll
c:\windows\SysWow64\system32\msvcp60.dll
c:\windows\SysWow64\system32\MTTELECHIP.dll
c:\windows\SysWow64\system32\MTXSYNCICON.dll
c:\windows\SysWow64\system32\muzaf1.dll
c:\windows\SysWow64\system32\muzapp.dll
c:\windows\SysWow64\system32\muzapp.exe
c:\windows\SysWow64\system32\muzdecode.ax
c:\windows\SysWow64\system32\muzeffect.ax
c:\windows\SysWow64\system32\muzmp4sp.ax
c:\windows\SysWow64\system32\muzmpgsp.ax
c:\windows\SysWow64\system32\muzoggsp.ax
c:\windows\SysWow64\system32\muzwmts.dll
c:\windows\SysWow64\system32\psapi.dll
c:\windows\SysWow64\system32\Synchronization2.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-04-19 to 2011-05-19 )))))))))))))))))))))))))))))))
.
.
2011-05-19 20:41 . 2011-05-19 20:41 -------- d-----w- c:\users\Matt\AppData\Local\{DB2FB0A4-878A-4E3C-B65F-4A9F8B9B9356}
2011-05-18 21:56 . 2011-05-18 21:56 -------- d-----w- c:\users\Matt\AppData\Local\{4E5EF853-F745-4B1F-B29A-46375578E662}
2011-05-17 16:01 . 2011-05-17 16:01 -------- d-----w- c:\users\Matt\AppData\Local\{C19B1109-FE57-4AF3-A3C5-3768C50D90E0}
2011-05-17 04:59 . 2011-05-17 04:59 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-05-17 04:59 . 2011-05-17 04:59 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-05-17 04:59 . 2011-05-17 04:59 465880 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-05-17 04:59 . 2011-05-17 04:59 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-05-17 04:59 . 2011-05-17 04:59 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-05-17 04:59 . 2011-05-17 04:59 1892184 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-05-17 04:59 . 2011-05-17 04:59 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-05-17 04:59 . 2011-05-17 04:59 1974616 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-05-16 23:41 . 2011-05-16 23:41 -------- d-----w- c:\users\Matt\AppData\Local\{3657ECAF-8120-4A8D-B0F9-38F30BE1E1E1}
2011-05-16 16:47 . 2011-05-16 16:47 -------- d-----w- c:\programdata\Solidshield
2011-05-15 20:14 . 2011-05-15 20:14 -------- d-----w- c:\users\Matt\AppData\Local\{672C672C-1A4F-4BF8-897B-14374FB8A8E1}
2011-05-15 14:27 . 2011-05-15 14:27 -------- d-----w- c:\users\Matt\AppData\Local\{6F7AEE56-A139-4F93-899D-DFF3A9B28323}
2011-05-13 13:22 . 2011-05-13 13:22 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-13 13:21 . 2011-05-13 13:22 -------- d-----w- c:\users\Matt\AppData\Local\{D60FBD2D-FA10-4C56-815D-9FF65101786B}
2011-05-11 22:27 . 2011-05-11 22:27 -------- d-----w- c:\users\Matt\AppData\Local\{0AE0A3E8-9DB4-42DE-87E9-1045CE8A436D}
2011-05-11 22:02 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-11 22:02 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-11 22:02 . 2011-01-17 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-05-11 22:02 . 2011-01-17 05:38 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-05-11 01:57 . 2011-05-11 01:58 -------- d-----w- c:\users\Matt\AppData\Local\{E4B25593-5FBF-4AE5-8FD9-0C62A0B15FBD}
2011-05-11 01:37 . 2011-04-09 06:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 01:37 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-11 01:37 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-11 01:37 . 2011-03-29 03:32 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-11 01:37 . 2011-03-29 03:32 99328 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-11 01:37 . 2011-03-29 03:32 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-11 01:37 . 2011-03-29 03:32 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-11 01:37 . 2011-03-29 03:32 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-05-11 01:37 . 2011-03-29 03:32 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-11 01:37 . 2011-03-29 03:32 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-05-11 01:26 . 2011-05-11 01:26 388096 ----a-r- c:\users\Matt\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-11 01:26 . 2011-05-11 01:26 -------- d-----w- c:\program files (x86)\Trend Micro
2011-05-11 00:23 . 2011-05-11 00:23 -------- d-----w- c:\users\Matt\AppData\Local\{58941AF2-95C4-4946-BC29-B6D14C67063C}
2011-05-10 23:49 . 2011-05-15 15:36 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-05-10 23:49 . 2011-05-15 15:36 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-05-10 23:34 . 2011-05-10 23:34 -------- d-----w- c:\users\Matt\AppData\Local\{40F3CFE0-37C5-4740-A06F-3AF95F459973}
2011-05-10 23:24 . 2011-05-10 23:24 -------- d-----w- c:\users\Matt\AppData\Roaming\Malwarebytes
2011-05-10 23:24 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-10 23:24 . 2011-05-10 23:24 -------- d-----w- c:\programdata\Malwarebytes
2011-05-10 23:24 . 2011-05-10 23:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-10 23:24 . 2010-12-20 22:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-07 06:05 . 2011-05-07 06:05 -------- d-----w- c:\users\Matt\AppData\Local\{50633B33-BD1A-4880-B7DA-B25700079889}
2011-05-06 12:31 . 2011-05-06 12:31 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-05-06 07:34 . 2011-05-06 07:34 -------- d-----w- c:\users\Matt\AppData\Local\{E20CAAE3-C119-4188-B0C9-B2D9D4354908}
2011-05-06 03:04 . 2011-05-06 03:04 -------- d-----w- c:\users\Matt\AppData\Local\{1307135B-4CEA-4C63-B784-C494B48C5A71}
2011-05-06 02:44 . 2011-05-06 02:44 -------- d-----w- c:\users\Matt\AppData\Local\{DD8858DD-9B4E-495B-A5F3-540393E9D42A}
2011-05-06 02:08 . 2011-05-06 02:09 -------- d-----w- c:\users\Matt\AppData\Local\{6D4C6878-B666-40A6-8C99-1E4E8B60F14D}
2011-05-05 11:01 . 2011-05-05 11:01 -------- d-----w- c:\users\Matt\AppData\Local\{4AEA7AF1-B175-40ED-AEE5-BF2544A2EE20}
2011-05-03 19:21 . 2011-05-03 19:22 -------- d-----w- c:\users\Matt\AppData\Local\{7418A542-6A76-42C9-B966-3390242BAA12}
2011-05-02 16:57 . 2011-05-02 16:57 -------- d-----w- c:\users\Matt\AppData\Local\{FCBF62FF-9B98-4892-A742-779EC74C2A47}
2011-04-30 12:24 . 2011-04-30 12:24 -------- d-----w- c:\users\Matt\AppData\Local\{206B9B80-89A1-4431-9216-319C49350531}
2011-04-27 12:07 . 2011-04-27 12:07 -------- d-----w- c:\users\Matt\AppData\Local\{50E49791-DC25-4AE4-B84F-9ECE571C196E}
2011-04-27 02:54 . 2011-04-27 02:54 -------- d-----w- c:\program files (x86)\Google
2011-04-24 14:40 . 2011-04-24 14:41 -------- d-----w- c:\users\Matt\AppData\Local\{F972312D-BEF2-4359-8D61-9AD7495B6910}
2011-04-23 16:18 . 2011-04-23 16:18 -------- d-----w- c:\users\Matt\AppData\Local\{45B7F1B5-E3AB-40A4-B156-2D7CA3131FA0}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-22 04:34 . 2010-04-17 17:38 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-04-22 04:34 . 2010-04-17 17:38 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-04-22 04:34 . 2010-06-03 12:56 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-04-22 04:34 . 2010-04-11 18:03 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-14 18:01 . 2010-09-04 21:31 9984 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-04-14 18:01 . 2010-09-04 21:31 94992 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-04-14 18:01 . 2010-09-04 21:31 75160 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-04-14 18:01 . 2010-09-04 21:31 63056 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-04-14 18:01 . 2010-09-04 21:31 441840 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-04-14 18:01 . 2010-09-04 21:31 283744 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-04-14 18:01 . 2010-09-04 21:31 121376 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-04-14 18:01 . 2010-03-17 16:33 530304 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-04-14 18:01 . 2010-03-17 16:33 190520 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-04-14 09:07 . 2010-08-15 18:48 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-04-13 03:12 . 2010-04-11 18:04 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-04-13 03:12 . 2010-05-19 10:08 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-03-24 15:35 . 2010-04-11 18:04 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-03-23 15:35 . 2010-04-17 17:38 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-03-11 06:19 . 2011-04-13 14:10 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 06:19 . 2011-04-13 14:10 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:40 . 2011-04-13 14:10 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-11 05:40 . 2011-04-13 14:10 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-08 06:14 . 2011-04-13 14:10 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-08 05:38 . 2011-04-13 14:10 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-03-04 06:17 . 2011-05-06 03:08 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17 . 2011-05-06 03:08 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:17 . 2011-04-13 14:10 182272 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 06:14 . 2011-04-13 14:10 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 05:27 . 2011-04-13 14:10 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-03-03 03:58 . 2011-04-13 14:10 3133440 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 20:34 . 2011-03-02 20:34 94208 ----a-w- c:\windows\DIIUnin.exe
2011-03-02 20:34 . 2011-03-02 20:34 2829 ----a-w- c:\windows\DIIUnin.pif
2011-03-02 03:18 . 2011-03-02 03:18 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-7\Microsoft.MediaCenter.Sports.UI.dll
2011-02-25 19:35 . 2011-02-25 19:35 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-3\markup.dll
2011-02-24 06:30 . 2011-04-13 14:11 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-24 05:32 . 2011-04-13 14:11 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-23 05:16 . 2011-04-13 14:10 461312 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-23 05:16 . 2011-04-13 14:10 401920 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-23 05:15 . 2011-04-13 14:10 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-02-23 05:15 . 2011-04-13 14:10 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-23 05:15 . 2011-04-13 14:10 286720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-23 05:15 . 2011-04-13 14:10 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-23 05:15 . 2011-04-13 14:10 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-02-19 06:37 . 2011-03-09 11:32 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:37 . 2011-03-09 11:32 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:36 . 2011-03-09 11:32 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 06:36 . 2011-04-13 14:10 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-02-19 05:32 . 2011-03-09 11:32 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 05:32 . 2011-03-09 11:32 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-02-19 05:32 . 2011-04-13 14:10 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-02-19 04:13 . 2011-04-13 14:10 367104 ----a-w- c:\windows\system32\atmfd.dll
2011-02-19 03:37 . 2011-04-13 14:10 294912 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-02-18 21:36 . 2011-02-18 21:36 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-02-18 21:36 . 2011-02-18 21:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1486392]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
c:\users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
Dropbox.lnk - c:\users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-3-30 23360040]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNDA3100v2 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2010-3-24 3272704]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R2 WSWNDA3100;WSWNDA3100;c:\program files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2009-06-04 278528]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam 250(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-10-25 16392]
R3 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-06-24 92008]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-04-14 149032]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Matt\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF21375.cfxxe" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-23 7833120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://msn.com/
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\aoufufqu.default\
FF - prefs.js: browser.startup.homepage - google.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-826990722-3098181422-3638936423-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:eb,46,45,fd,cb,5a,0d,9b,d9,6a,41,23,26,9a,ed,01,de,54,74,62,ca,33,e0,
86,e7,fd,bd,63,0a,ed,f1,ff,cf,ae,35,a1,5c,83,7a,6b,44,f6,f1,ea,66,88,99,4d,\
"??"=hex:03,19,76,33,70,8c,2e,19,d1,71,a8,71,bc,15,cf,05
.
[HKEY_USERS\S-1-5-21-826990722-3098181422-3638936423-1000\Software\SecuROM\License information*]
"datasecu"=hex:6c,7e,75,ae,09,d7,42,77,80,3a,6a,37,c1,c1,6b,a7,d8,95,35,ab,91,
ad,11,92,e8,a9,4f,b9,0d,d5,6c,fe,c7,79,7a,08,b4,5a,a5,00,20,81,9e,e2,15,9c,\
"rkeysecu"=hex:42,ad,46,a5,f7,e0,f8,e2,81,c0,20,55,a8,04,67,90
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_2_161_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_2_161_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
.
**************************************************************************
.
Completion time: 2011-05-19 17:02:14 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-19 21:02

3.) Computer seems to be behaving properly but as I said the problem does come an go.

Thanks,
Matt
.
Pre-Run: 272,638,418,944 bytes free
Post-Run: 272,482,512,896 bytes free
.
- - End Of File - - CC7D53C65AB53DF34EAB4AA53C762D1C

3.)
mattem99
Active Member
 
Posts: 10
Joined: May 12th, 2011, 3:20 pm

Re: Malware virus affecting search engines. being redirected

Unread postby Wingman » May 19th, 2011, 10:05 pm

Hello matt,

Thanks for hanging in there with me...
If this computer is connected to a home network, it should be disconnected from the other computers, until we finish cleaning.

Please do not make any changes to your system: do not add or remove any software, run any scans or "fix" programs and/or remove any files unless instructed to do so, by me. Please read these instructions carefully before executing and then perform the steps, in the order given. If you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Step 1.
Create a System Restore Point - W7

  1. Go to Start > Control Panel... click the System icon in the Control Panel.
  2. In the left pane click on System Protection.
  3. When the Dialog comes up, click on theSystem protection tab.
  4. Check that the drive letter where Windows is located (usually C:) indicates System protection ON.
    (This indicates System restore is turned ON for the Windows drive).
  5. Click the Create button to create a new restore point. In the Name dialog, type a descriptive name... then click Create.
  6. You will get a message that the Restore Point was created successfully. Click Close.
  7. Click OK and close the System window in the Control Panel.
    < STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!


Step 2.
Reset IP-Flush DNS-Renew IP
We'll release your IP address settings, flush the DNS resolver cache, then renew you IP address settings.
It will be easier and less error prone, if we create a batch file to do this... please follow these steps:
  1. Copy all text in the quote box (below)...to Notepad.
    @echo off
    ipconfig /release
    ipconfig /flushdns
    ipconfig /renew
    del %0
  2. Save the Notepad file on your desktop...as DNSreset.bat... save type as "All Files"
  3. Double click on DNSreset.bat to run it.
    Vista-W7 users: Right click on DNSreset.bat, select "Run As Administrator" to run it.
    A black CMD window will flash, then disappear...this is normal. The batch file will be deleted when finished.
  4. The IP address settings should be released and renewed and the DNS cache flushed.

Step 3.
ESET NOD32 Online Scan
Vista - W7 users: You will need to to right-click on the IE or FF icons on the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.
Note: If using Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted... then double click on it to install.

Please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan.
Please go to ESET Online Scanner - © ESET All Rights Reserved... to run an online scan.
** Make sure you are using an account that has Administrative privileges **
    Press the "ESET Online Scanner" button.
  1. Check the box next to "YES, I accept the Terms of Use."
  2. Click "Start"... a window will open... it may appear nothing is happening... please be patient.
  3. Click Yes... at the run ActiveX prompt. Click Install... at the install ActiveX prompt.
    Once installed, the scanner will be initialized.
  4. Click "Start". Make sure that the options:
    • Remove found threats is UNCHECKED
    • Leave the "default" settings under Advanced as they are, if not set , please check:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
  5. Click "Start"... ESET scanner will begin to download the virus signatures database.
    When the signatures have been downloaded, the scan will start automatically.
  6. Wait for the scan to finish... it may take a while... please be patient. When the scan is finished...
  7. Use Notepad to open the log file located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  8. Copy and paste the contents of log.txt in your next reply.
Remember to enable your Anti-virus protection... before continuing!

Step 3.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. ESET online scan results.
  3. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14109
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Malware virus affecting search engines. being redirected

Unread postby mattem99 » May 23rd, 2011, 10:34 am

Wingman,

Sorry for the delay, busy weekend.

1.) No Problems
2.)

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=1c974b1748e58442a0e5303031708f34
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-05-23 02:26:52
# local_time=2011-05-23 10:26:52 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 159065 159065 0 0
# compatibility_mode=5121 16777213 100 75 0 35311965 0 0
# compatibility_mode=5893 16776574 66 85 57686378 57701295 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=192263
# found=1
# cleaned=0
# scan_time=2967
C:\Users\Matt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\60d9c47e-5df84322 a variant of Java/TrojanDownloader.OpenStream.NBV trojan (unable to clean) 00000000000000000000000000000000 I

3.) still having redirect issuses

Thanks again,
-Matt
mattem99
Active Member
 
Posts: 10
Joined: May 12th, 2011, 3:20 pm

Re: Malware virus affecting search engines. being redirected

Unread postby Wingman » May 23rd, 2011, 11:29 am

Hello matt,

Please do not make any changes to your system: do not add or remove any software, run any scans or "fix" programs and/or remove any files unless instructed to do so, by me. Please read these instructions carefully before executing and then perform the steps, in the order given. If you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Step 1.
Create a System Restore Point - W7

  1. Go to Start > Control Panel... click the System icon in the Control Panel.
  2. In the left pane click on System Protection.
  3. When the Dialog comes up, click on theSystem protection tab.
  4. Check that the drive letter where Windows is located (usually C:) indicates System protection ON.
    (This indicates System restore is turned ON for the Windows drive).
  5. Click the Create button to create a new restore point. In the Name dialog, type a descriptive name... then click Create.
  6. You will get a message that the Restore Point was created successfully. Click Close.
  7. Click OK and close the System window in the Control Panel.
    < STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!


Step 2.
TFC (Temp File Cleaner)
  1. Please download TFC.exe...by Old Timer. Save it to your desktop.
    Print these instructions. Save any unsaved work. TFC will close ALL open programs... including your browser!
  2. Right click on TFC.exe and select Run As Administrator to run it. If Windows UAC prompts, please allow it.
  3. Click the Start button to begin the cleanup.
    TFC will begin cleaning up the "temp" files... it may take only a few seconds or it could be several minutes, depending on the amount of temp files found.
  4. If prompted to reboot... click Yes.
! Important ! If TFC prompts you to reboot, please do so immediately, before proceeding to any other steps or other use of your computer.

Step 3.
Reset Internet Explorer Settings
Start IE by right-clicking on the icon or Start menu item (however you normally start your IE browser) ... select "Run As Administrator".
Warning:
When you reset Internet Explorer settings, all add-ons and customizations are deleted, and you basically start with a fresh version of Internet Explorer.

  1. Exit all programs, including Internet Explorer (if it is running).
  2. Click Start.
  3. Type the following command in the Open box, and then press ENTER:
    inetcpl.cpl
    The Internet Options dialog box appears.
  4. Click the Advanced tab.
  5. Under "Reset Internet Explorer settings", click Reset. Then click Reset again.
    When Internet Explorer finishes resetting the settings,
  6. Click Close in the "Reset Internet Explorer Settings" dialog box. Start Internet Explorer again.


Step 4.
Reset Firefox
I know we already reset user preferences but we'll be resetting a little more this time.
  1. Go to Start -> All Programs -> Mozilla Firefox ...use the "Mozilla Firefox (Safe Mode)", shortcut.
      If this shortcut is missing, use:
      "Start -> Run" and enter one of the following:
      Using Vista or Windows 7: use the Start Search box then enter one of the following in the text field:
      firefox -safe-mode .... OR
      "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
      You may need to alter the above path, if you installed Firefox to a different location.
      Press the OK...button.

    A Firefox Safe Mode window will open with Safe Mode options.
  2. Select "Restore default search engines"
  3. Press the "Make Changes and Restart"...button.
    Restarts Firefox...normally, using selected options, these changes ARE permanent. Any user customizations will need to be reapplied.
  4. After Firefox restarts click on "Check for Updates".

Step 5.
Re-run ESET NOD32 Online Scan - Note changes in instructions (CHECK "Removed found threats")

Vista - W7 users: You will need to to right-click on the IE or FF icons on the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.
Note: If using Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted... then double click on it to install.

Please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan.
Please go to ESET Online Scanner - © ESET All Rights Reserved... to run an online scan.
** Make sure you are using an account that has Administrative privileges **
    Press the "ESET Online Scanner" button.
  1. Check the box next to "YES, I accept the Terms of Use."
  2. Click "Start"... a window will open... it may appear nothing is happening... please be patient.
  3. Click Yes... at the run ActiveX prompt. Click Install... at the install ActiveX prompt.
    Once installed, the scanner will be initialized.
  4. Click "Start". Make sure that the options:
    • Remove found threats is CHECKED
    • Leave the "default" settings under Advanced as they are, if not set , please check:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
  5. Click "Start"... ESET scanner will begin to download the virus signatures database.
    When the signatures have been downloaded, the scan will start automatically.
  6. Wait for the scan to finish... it may take a while... please be patient. When the scan is finished...
  7. Use Notepad to open the log file located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  8. Copy and paste the contents of log.txt in your next reply.
Remember to enable your Anti-virus protection... before continuing!

Step 6.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. ESET online scan results.
  3. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14109
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 47 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware