Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Browser Redirect

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Browser Redirect

Unread postby sternapple » July 11th, 2012, 8:10 pm

I am experiencing a browser redirect on my home computer. I use Google Chrome. I was looking for books on Amazon, and in between pages on that site I briefly passed "craftsblog.info". Later I switched to Facebook and was briefly sent over to Weibo en route.

I run Norton on my PC and it has detected nothing. I ran spyware doctor which said it found one "medium threat" item and removed it, but I experienced the Amazon redirect again after that.

I'm not sure what other information I might need to provide. below is the Hijack this log. Thank you in advance for your assistance and your time.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:59:43 PM, on 7/11/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Security Suite\Engine\3.8.3.6\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton Security Suite\Engine\3.8.3.6\ccSvcHst.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Documents and Settings\Jessica\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\3.8.3.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\3.8.3.6\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: (no name) - {78875F5C-A685-4405-8DC5-D48DC65452B0} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.3.6\coIEPlg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe -update activex
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6056150809
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/softwa ... Plugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{31C3E956-2F13-43B7-8FEF-1700FB890439}: NameServer = 192.168.1.2,68.57.69.146
O17 - HKLM\System\CS1\Services\Tcpip\..\{31C3E956-2F13-43B7-8FEF-1700FB890439}: NameServer = 192.168.1.2,68.57.69.146
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Security Suite\Engine\3.8.3.6\coIEPlg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: McAfee Application Installer Cleanup (0227131341530736) (0227131341530736mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\022713~1.EXE
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1cae7a7be98c79e) (gupdate1cae7a7be98c79e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\3.8.3.6\ccSvcHst.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

--
End of file - 12673 bytes
sternapple
Regular Member
 
Posts: 24
Joined: July 11th, 2012, 8:05 pm
Advertisement
Register to Remove

Re: Browser Redirect

Unread postby melboy » July 13th, 2012, 1:07 pm

Hi and welcome to the MR forums. :)

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  1. I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  2. The fixes are specific to your problem and should only be used for this issue on this machine.
  3. If you don't know or understand something, please don't hesitate to ask.
  4. Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
  5. Please DO NOT run any other tools or scans whilst I am helping you.
  6. It is important that you reply to this thread. Do not start a new topic.
  7. DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Absence of symptoms does not mean that everything is clear.


NOTE: Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.



No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.


===================================================


DDS

Please download DDS from one of the links below and save it to your desktop:

Link1
Link2

Image

  • Double click dds to run the tool. A command window will appear, this is normal.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.

Please copy & paste the contents of :
  • DDS.txt
  • Attach.txt
And post them in your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Browser Redirect

Unread postby melboy » July 15th, 2012, 4:53 pm

Hi sternapple

It has been two days since my last post.

  • Do you still need help?
  • Do you need more time?
  • Are you having problems following my instructions?
  • In accordance with Malware Removal policy, topics can be closed after 3 days without a response. If you do not reply within the next 24 hours, this topic will be closed.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Browser Redirect

Unread postby sternapple » July 16th, 2012, 3:23 pm

Hi, I thought I had caught it but apparently not, so yes I still need you. I will follow the instructions as above and follow up. Thank you.
sternapple
Regular Member
 
Posts: 24
Joined: July 11th, 2012, 8:05 pm

Re: Browser Redirect

Unread postby melboy » July 16th, 2012, 3:32 pm

Hi

Post the logs as soon as is possible.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Browser Redirect

Unread postby sternapple » July 16th, 2012, 3:36 pm

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by Jessica at 12:32:22 on 2012-07-16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.283 [GMT -7:00]
.
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Security Suite\Engine\3.8.3.6\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Norton Security Suite\Engine\3.8.3.6\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
c:\program files\tweetdeck\tweetdeck.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe
C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com/ig?hl=en
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\3.8.3.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\3.8.3.6\IPSBHO.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: {78875F5C-A685-4405-8DC5-D48DC65452B0} - No File
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\3.8.3.6\coIEPlg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
TB: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} -
TB: {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - No File
TB: {D73E76A3-F902-45BD-8FC8-95AE8E014671} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [<NO NAME>]
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [ISTray] "c:\program files\pc tools\pc tools security\pctsGui.exe" /hideGUI
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{ccbaa1f7-e5e1-48b2-9ed9-a79c6a37ce78}\Icon3E5562ED7.ico
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2iexp.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: google.com
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/ ... vc1dmo.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 6056150809
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/softwa ... Plugin.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{31C3E956-2F13-43B7-8FEF-1700FB890439} : NameServer = 192.168.1.2,68.57.69.146
TCP: Interfaces\{F3A5BAC4-2AC8-4C70-86F6-306C591EEC82} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton security suite\engine\3.8.3.6\CoIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-7-11 383368]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2012-7-11 342168]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2012-7-11 909728]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308030.006\SymEFA.sys [2011-11-5 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308030.006\BHDrvx86.sys [2011-11-5 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308030.006\cchpx86.sys [2011-11-5 467592]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20120713.001\IDSXpx86.sys [2012-7-15 369632]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2012-7-11 254912]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2012-7-11 203088]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools\pc tools security\bdt\BDTUpdateService.exe [2012-7-11 575448]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2012-1-6 95232]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\3.8.3.6\ccSvcHst.exe [2011-11-5 117648]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools\pc tools security\pctsAuxs.exe [2012-7-11 402336]
R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools\pc tools security\pctsSvc.exe [2012-7-11 1118648]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-6-19 3048136]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-6-10 106656]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20120715.009\NAVENG.SYS [2012-7-15 87928]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20120715.009\NAVEX15.SYS [2012-7-15 1589752]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2012-7-11 70768]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2012-7-11 70536]
S2 gupdate1cae7a7be98c79e;Google Update Service (gupdate1cae7a7be98c79e);c:\program files\google\update\GoogleUpdate.exe [2010-4-29 133104]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-14 250056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-29 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 SophosVirusRemovalTool;Sophos Virus Removal Tool;c:\program files\sophos\sophos virus removal tool\SVRTservice.exe [2012-6-19 151104]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
.
=============== Created Last 30 ================
.
2012-07-13 16:37:20 -------- d-----w- c:\documents and settings\jessica\local settings\application data\Threat Expert
2012-07-12 04:33:17 9226440 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-07-12 01:31:32 -------- d-----w- c:\documents and settings\all users\application data\Sophos
2012-07-12 01:31:28 73728 ----a-r- c:\documents and settings\jessica\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-07-12 01:31:28 73728 ----a-r- c:\documents and settings\jessica\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-07-12 01:31:28 73728 ----a-r- c:\documents and settings\jessica\application data\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\ARPPRODUCTICON.exe
2012-07-12 01:31:05 -------- d-----w- c:\program files\Sophos
2012-07-11 23:03:06 767960 ----a-w- c:\windows\BDTSupport.dll
2012-07-11 23:03:06 70768 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2012-07-11 23:03:04 2267096 ----a-w- c:\windows\PCTBDCore.dll
2012-07-11 23:03:04 1681368 ----a-w- c:\windows\PCTBDRes.dll
2012-07-11 23:03:04 149464 ----a-w- c:\windows\SGDetectionTool.dll
2012-07-11 23:01:35 254912 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-07-11 23:01:26 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
2012-07-11 23:01:14 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-07-11 23:00:51 -------- d-----w- c:\program files\PC Tools
2012-07-11 22:59:09 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-07-11 22:59:09 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-07-11 22:58:56 383368 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-07-11 22:58:56 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-07-11 22:58:53 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-07-11 22:58:53 -------- d-----w- c:\program files\common files\PC Tools
2012-07-11 22:58:21 -------- d-----w- c:\documents and settings\jessica\application data\TestApp
2012-07-11 22:58:21 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2012-07-07 14:20:27 -------- d-----w- c:\program files\Oracle
.
==================== Find3M ====================
.
2012-07-12 04:34:41 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 04:34:40 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 22:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 22:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-23 03:12:47 60304 ----a-w- c:\documents and settings\jessica\g2mdlhlpx.exe
2012-05-05 02:29:50 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-05 02:29:22 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-05 02:29:16 687504 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 12:35:21.73 ===============
sternapple
Regular Member
 
Posts: 24
Joined: July 11th, 2012, 8:05 pm

Re: Browser Redirect

Unread postby sternapple » July 16th, 2012, 3:37 pm

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/8/2007 12:46:43 PM
System Uptime: 7/13/2012 4:21:04 PM (68 hours ago)
.
Motherboard: Dell Inc. | | 0RY007
Processor: Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz | Socket 775 | 1795/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 41.188 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart C309a series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C309a series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
RP1489: 4/17/2012 9:52:00 AM - System Checkpoint
RP1490: 4/18/2012 12:17:57 PM - System Checkpoint
RP1491: 4/19/2012 2:24:17 PM - System Checkpoint
RP1492: 4/20/2012 3:06:49 PM - System Checkpoint
RP1493: 4/21/2012 4:57:16 PM - System Checkpoint
RP1494: 4/22/2012 5:29:51 PM - System Checkpoint
RP1495: 4/23/2012 6:33:23 PM - System Checkpoint
RP1496: 4/24/2012 12:23:10 PM - Norton 360 Registry Clean
RP1497: 4/25/2012 1:47:10 PM - System Checkpoint
RP1498: 4/26/2012 2:51:53 PM - System Checkpoint
RP1499: 4/27/2012 3:06:34 PM - System Checkpoint
RP1500: 4/28/2012 3:48:40 PM - System Checkpoint
RP1501: 4/29/2012 5:47:22 PM - System Checkpoint
RP1502: 4/30/2012 6:00:59 PM - System Checkpoint
RP1503: 5/1/2012 8:42:42 PM - System Checkpoint
RP1504: 5/2/2012 9:45:09 PM - System Checkpoint
RP1505: 5/3/2012 11:44:09 PM - System Checkpoint
RP1506: 5/5/2012 1:04:17 AM - System Checkpoint
RP1507: 5/7/2012 2:19:59 AM - System Checkpoint
RP1508: 5/8/2012 3:25:49 AM - System Checkpoint
RP1509: 5/9/2012 5:25:50 AM - System Checkpoint
RP1510: 5/10/2012 7:26:54 AM - System Checkpoint
RP1511: 5/11/2012 10:42:49 AM - System Checkpoint
RP1512: 5/12/2012 11:25:48 AM - System Checkpoint
RP1513: 5/13/2012 11:26:52 AM - System Checkpoint
RP1514: 5/13/2012 8:33:38 PM - Software Distribution Service 3.0
RP1515: 5/14/2012 8:51:12 PM - System Checkpoint
RP1516: 5/15/2012 10:43:22 PM - System Checkpoint
RP1517: 5/17/2012 1:04:33 AM - System Checkpoint
RP1518: 5/18/2012 1:11:32 AM - System Checkpoint
RP1519: 5/19/2012 2:59:33 AM - System Checkpoint
RP1520: 5/20/2012 4:58:28 AM - System Checkpoint
RP1521: 5/21/2012 6:57:15 AM - System Checkpoint
RP1522: 5/21/2012 7:06:59 AM - Installed HP Product Detection
RP1523: 5/21/2012 7:08:04 AM - Installed Hewlett-Packard ACLM.NET v1.1.0.0.
RP1524: 5/22/2012 1:09:04 PM - System Checkpoint
RP1525: 5/22/2012 8:06:52 PM - Installed Java(TM) 7 Update 4
RP1526: 5/22/2012 8:10:19 PM - Installed JavaFX 2.1.0
RP1527: 5/23/2012 8:57:16 PM - System Checkpoint
RP1528: 5/24/2012 10:57:17 PM - System Checkpoint
RP1529: 5/26/2012 12:02:41 AM - System Checkpoint
RP1530: 5/28/2012 6:26:48 AM - System Checkpoint
RP1531: 5/29/2012 7:18:01 AM - System Checkpoint
RP1532: 5/30/2012 1:27:32 PM - System Checkpoint
RP1533: 5/31/2012 3:08:35 PM - System Checkpoint
RP1534: 6/1/2012 5:46:25 PM - System Checkpoint
RP1535: 6/2/2012 7:09:55 PM - System Checkpoint
RP1536: 6/3/2012 8:16:17 PM - System Checkpoint
RP1537: 6/4/2012 8:52:27 PM - System Checkpoint
RP1538: 6/5/2012 9:12:37 PM - Norton 360 Registry Clean
RP1539: 6/6/2012 9:48:56 PM - System Checkpoint
RP1540: 6/7/2012 10:32:07 PM - System Checkpoint
RP1541: 6/9/2012 12:28:49 AM - System Checkpoint
RP1542: 6/10/2012 2:24:15 AM - System Checkpoint
RP1543: 6/11/2012 4:20:51 AM - System Checkpoint
RP1544: 6/12/2012 6:18:53 AM - System Checkpoint
RP1545: 6/13/2012 10:01:59 AM - System Checkpoint
RP1546: 6/14/2012 11:03:41 AM - System Checkpoint
RP1547: 6/15/2012 11:30:48 AM - System Checkpoint
RP1548: 6/16/2012 1:57:44 PM - System Checkpoint
RP1549: 6/17/2012 2:44:22 PM - System Checkpoint
RP1550: 6/18/2012 4:04:21 PM - System Checkpoint
RP1551: 6/19/2012 4:07:39 PM - System Checkpoint
RP1552: 6/20/2012 5:38:55 PM - System Checkpoint
RP1553: 6/21/2012 6:44:22 PM - System Checkpoint
RP1554: 6/22/2012 6:46:08 PM - System Checkpoint
RP1555: 6/23/2012 8:45:04 PM - System Checkpoint
RP1556: 6/24/2012 10:45:02 PM - System Checkpoint
RP1557: 6/26/2012 12:45:04 AM - System Checkpoint
RP1558: 6/27/2012 2:45:04 AM - System Checkpoint
RP1559: 6/28/2012 4:45:03 AM - System Checkpoint
RP1560: 6/29/2012 6:45:07 AM - System Checkpoint
RP1561: 6/30/2012 8:45:02 AM - System Checkpoint
RP1562: 7/1/2012 8:57:01 AM - System Checkpoint
RP1563: 7/5/2012 5:05:04 PM - System Checkpoint
RP1564: 7/6/2012 6:21:29 PM - System Checkpoint
RP1565: 7/7/2012 7:18:46 AM - Installed Java(TM) 7 Update 5
RP1566: 7/7/2012 7:20:05 AM - Removed JavaFX 2.1.0
RP1567: 7/7/2012 7:20:27 AM - Installed JavaFX 2.1.1
RP1568: 7/8/2012 10:27:12 AM - System Checkpoint
RP1569: 7/9/2012 10:59:27 AM - System Checkpoint
RP1570: 7/10/2012 11:20:06 AM - System Checkpoint
RP1571: 7/11/2012 12:48:55 PM - System Checkpoint
RP1572: 7/11/2012 5:39:45 PM - Removed DAR Application Program
RP1573: 7/11/2012 6:31:03 PM - Installed Sophos Virus Removal Tool.
RP1574: 7/12/2012 1:20:20 AM - Norton 360 Registry Clean
RP1575: 7/12/2012 2:43:40 AM - Norton 360 Registry Clean
RP1576: 7/13/2012 4:03:34 AM - System Checkpoint
RP1577: 7/14/2012 4:27:51 AM - System Checkpoint
RP1578: 7/15/2012 6:26:44 AM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Photoshop Elements 8.0
Adobe Photoshop.com Inspiration Browser
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.5
Amazon MP3 Downloader 1.0.10
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AviSynth 2.5
Bonjour
Browser Guard 4.0
BufferChm
C309a
Cisco Systems VPN Client 5.0.00.0340
Compatibility Pack for the 2007 Office system
Dell Resource CD
Destination Component
DeviceDiscovery
DocProc
Download Manager 2.3.9
Facebook Plug-In
Family Tree Maker 2010
Fax
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 5.2.0.952
GPBaseService2
Hewlett-Packard ACLM.NET v1.1.0.0
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Imaging Device Functions 12.0
HP Photosmart C309a All-In-One Driver Software 12.0 Rel .5
HP Photosmart Essential 3.5
HP Product Detection
HP Smart Web Printing
HP Solution Center 13.0
HP Update
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotosmartEssential
HPProductAssistant
ImageMixer for HDD Camcorder
Intel(R) PRO Network Connections 12.1.12.0
iTunes
Java Auto Updater
Java(TM) 6 Update 30
Java(TM) 7 Update 5
JavaFX 2.1.1
Living Cookbook 2011
McAfee Security Scan Plus
McAfee SiteAdvisor
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office Professional Edition 2003
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0
MobileMe Control Panel
MSVCSetup
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MySQL Connector/ODBC 3.51
Network
Norton Security Suite
OCR Software by I.R.I.S. 12.0
OpenAL
OpenOffice.org Installer 1.0
PC Tools Spyware Doctor 9.0
Plants vs. Zombies
PowerDVD
PS_AIO_05_C309_Software_Min
QuickTime
RCA Detective 2.0.0.95
RCA Memory Manager 2.0.0.107
Realtek High Definition Audio Driver
Roxio Update Manager
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Skype Click to Call
Skype™ 5.10
SmartWebPrinting
SolutionCenter
Sonic Activation Module
Sophos Virus Removal Tool
Status
SupportSoft Assisted Service
Toolbox
TrayApp
TweetDeck
Unity Web Player
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows XP Service Pack 3
WinRAR archiver
Xvid Codec 1.1.3
.
==== Event Viewer Messages From Past Week ========
.
7/11/2012 9:52:18 PM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
7/11/2012 6:55:47 PM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
7/11/2012 4:56:38 PM, error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).
7/11/2012 4:56:29 PM, error: Service Control Manager [7034] - The Adobe Active File Monitor V8 service terminated unexpectedly. It has done this 1 time(s).
7/11/2012 4:56:23 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/11/2012 4:56:18 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
7/11/2012 4:03:58 PM, error: PCTCore [280] -
.
==== End Of File ===========================
sternapple
Regular Member
 
Posts: 24
Joined: July 11th, 2012, 8:05 pm

Re: Browser Redirect

Unread postby sternapple » July 16th, 2012, 3:41 pm

I had previously found modification to my hosts doc which indicated there was a Browser-security.microsoft.com redirect. I removed that. It does not appear to be there now BUT I just had the same redirect when I was on Amazon - I was sent to a bookblogging.info site and then on to the amazon search results page.
sternapple
Regular Member
 
Posts: 24
Joined: July 11th, 2012, 8:05 pm

Re: Browser Redirect

Unread postby melboy » July 16th, 2012, 4:00 pm

Hi

Thanks.

aswMBR

Download aswMBR and save it to your Desktop.

  • Double click aswMBR.exe to run it.
  • Click Yes to the prompt to download Avast! virus definitions.
    (Please be patient whilst the virus definitions download)
  • With the AVscan set to Quick Scan, click the Scan button.
    (Please be patient whilst your computer is scanned.)
  • When the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK
  • Two files will be created, aswMBR.txt & a file named MBR.dat
  • Save MBR.dat to to a form of removable media. (CD, DVD, USB flash drive etc) - This is a backup of your MBR. Do not delete this file.
  • NOTE: Do not click to fix anything at this stage!
  • Click EXIT.
  • Copy & Paste the contents of aswMBR.txt into your next reply.



Malwarebytes' Anti-Malware (MBAM)

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you wish)
  • Select the Settings tab, then the Scanner Settings tab
  • For Action for Potentially Unwanted Programs (PUP), choose Show in results list and check for removal
  • Select to the Scanner tab, select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

    The log can also be found here:
    1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Browser Redirect

Unread postby sternapple » July 16th, 2012, 4:23 pm

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-16 13:03:41
-----------------------------
13:03:41.671 OS Version: Windows 5.1.2600 Service Pack 3
13:03:41.671 Number of processors: 2 586 0xF0D
13:03:41.671 ComputerName: CROW UserName:
13:03:45.593 Initialize success
13:04:58.015 AVAST engine defs: 12071601
13:05:15.062 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:05:15.062 Disk 0 Vendor: ST3250820AS 3.ADG Size: 238418MB BusType: 3
13:05:15.093 Disk 0 MBR read successfully
13:05:15.093 Disk 0 MBR scan
13:05:15.093 Disk 0 Windows XP default MBR code
13:05:15.109 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238409 MB offset 63
13:05:15.125 Disk 0 scanning sectors +488263545
13:05:15.265 Disk 0 scanning C:\WINDOWS\system32\drivers
13:05:49.953 Service scanning
13:06:32.578 Modules scanning
13:06:47.046 Disk 0 trace - called modules:
13:06:47.078 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll atapi.sys pciide.sys
13:06:47.078 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a7d5ab8]
13:06:47.078 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x8a790920]
13:06:47.093 5 PCTCore.sys[b9e3982d] -> nt!IofCallDriver -> \Device\00000082[0x8a85aac0]
13:06:47.093 7 ACPI.sys[b9f5f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a791d98]
13:06:49.578 AVAST engine scan C:\WINDOWS
13:07:27.453 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jessica\Desktop\MBR.dat"
13:07:27.453 The log file has been saved successfully to "C:\Documents and Settings\Jessica\Desktop\aswMBR.txt"
sternapple
Regular Member
 
Posts: 24
Joined: July 11th, 2012, 8:05 pm

Re: Browser Redirect

Unread postby melboy » July 16th, 2012, 4:50 pm

Thank you.

Please post the MBAM log.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Browser Redirect

Unread postby sternapple » July 16th, 2012, 5:18 pm

will do, waiting for the scan to finish.
sternapple
Regular Member
 
Posts: 24
Joined: July 11th, 2012, 8:05 pm

Re: Browser Redirect

Unread postby sternapple » July 16th, 2012, 6:35 pm

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.16.11

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jessica :: CROW [administrator]

7/16/2012 1:32:16 PM
mbam-log-2012-07-16 (13-32-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 371046
Time elapsed: 1 hour(s), 57 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\bots.gif (Trojan.Agent) -> Quarantined and deleted successfully.
C:\bots.jpg (Trojan.Agent) -> Quarantined and deleted successfully.

(end)
sternapple
Regular Member
 
Posts: 24
Joined: July 11th, 2012, 8:05 pm

Re: Browser Redirect

Unread postby melboy » July 16th, 2012, 6:38 pm

Hi

Thanks.

Can you repost the contents of aswMBR.txt - It should be on your desktop.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Browser Redirect

Unread postby sternapple » July 16th, 2012, 6:52 pm

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-16 13:03:41
-----------------------------
13:03:41.671 OS Version: Windows 5.1.2600 Service Pack 3
13:03:41.671 Number of processors: 2 586 0xF0D
13:03:41.671 ComputerName: CROW UserName:
13:03:45.593 Initialize success
13:04:58.015 AVAST engine defs: 12071601
13:05:15.062 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:05:15.062 Disk 0 Vendor: ST3250820AS 3.ADG Size: 238418MB BusType: 3
13:05:15.093 Disk 0 MBR read successfully
13:05:15.093 Disk 0 MBR scan
13:05:15.093 Disk 0 Windows XP default MBR code
13:05:15.109 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238409 MB offset 63
13:05:15.125 Disk 0 scanning sectors +488263545
13:05:15.265 Disk 0 scanning C:\WINDOWS\system32\drivers
13:05:49.953 Service scanning
13:06:32.578 Modules scanning
13:06:47.046 Disk 0 trace - called modules:
13:06:47.078 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll atapi.sys pciide.sys
13:06:47.078 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a7d5ab8]
13:06:47.078 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x8a790920]
13:06:47.093 5 PCTCore.sys[b9e3982d] -> nt!IofCallDriver -> \Device\00000082[0x8a85aac0]
13:06:47.093 7 ACPI.sys[b9f5f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a791d98]
13:06:49.578 AVAST engine scan C:\WINDOWS
13:07:27.453 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jessica\Desktop\MBR.dat"
13:07:27.453 The log file has been saved successfully to "C:\Documents and Settings\Jessica\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-16 13:03:41
-----------------------------
13:03:41.671 OS Version: Windows 5.1.2600 Service Pack 3
13:03:41.671 Number of processors: 2 586 0xF0D
13:03:41.671 ComputerName: CROW UserName:
13:03:45.593 Initialize success
13:04:58.015 AVAST engine defs: 12071601
13:05:15.062 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:05:15.062 Disk 0 Vendor: ST3250820AS 3.ADG Size: 238418MB BusType: 3
13:05:15.093 Disk 0 MBR read successfully
13:05:15.093 Disk 0 MBR scan
13:05:15.093 Disk 0 Windows XP default MBR code
13:05:15.109 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238409 MB offset 63
13:05:15.125 Disk 0 scanning sectors +488263545
13:05:15.265 Disk 0 scanning C:\WINDOWS\system32\drivers
13:05:49.953 Service scanning
13:06:32.578 Modules scanning
13:06:47.046 Disk 0 trace - called modules:
13:06:47.078 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll atapi.sys pciide.sys
13:06:47.078 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a7d5ab8]
13:06:47.078 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x8a790920]
13:06:47.093 5 PCTCore.sys[b9e3982d] -> nt!IofCallDriver -> \Device\00000082[0x8a85aac0]
13:06:47.093 7 ACPI.sys[b9f5f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a791d98]
13:06:49.578 AVAST engine scan C:\WINDOWS
13:07:27.453 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jessica\Desktop\MBR.dat"
13:07:27.453 The log file has been saved successfully to "C:\Documents and Settings\Jessica\Desktop\aswMBR.txt"
13:07:38.812 AVAST engine scan C:\WINDOWS\system32
13:15:03.156 AVAST engine scan C:\WINDOWS\system32\drivers
13:15:49.031 AVAST engine scan C:\Documents and Settings\Jessica
14:59:36.390 AVAST engine scan C:\Documents and Settings\All Users
15:23:57.078 Scan finished successfully
15:52:18.484 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jessica\Desktop\MBR.dat"
15:52:18.515 The log file has been saved successfully to "C:\Documents and Settings\Jessica\Desktop\aswMBR.txt"
sternapple
Regular Member
 
Posts: 24
Joined: July 11th, 2012, 8:05 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: pgmigg and 44 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware