Forum Home |  MWR University |  New to the Board? |  IRC Chatroom |  Who Runs This Site? |  ASAP Members |  Microsoft MVP Members |  Downloads |  Good & Bad P2P Programs |  Our Rules

MalWare Removal Forum

Malware Removal University - Teaching people how to support those with infected computers - Teaching them to never give up untill your computer is clean and secure.

Tutorials (etc.) : Boot to Safe Mode - Safely - What to do if your Computer's running slowly
It is currently Wed 22 May, 2013 7:04 am

View unanswered posts | View active topics


Board index » Malware Removal » Malware Removal

All times are UTC [ DST ]

Forum rules


Please read > >THIS ANNOUNCEMENT< < before posting your NEW topic about your problem.

Please do NOT reply to your topic until a staff member has responded as they are looking for topics that have ZERO replies.

Paste your logs into your post. DO NOT USE ATTACHMENTS! Logs posted as attachments will be ignored and the topic will be closed.

If no expert has replied after 3 days, and you still require assistance, please post in our 72 hour bump room > > CLICK HERE < < Please do NOT reply to your own topic in an attempt to "bump" it. Bumped topics will be closed, requiring you to start again from the beginning.

If you are being helped and you haven't replied to your helper within 3 days of their last post, your topic will be closed as inactive. If that happens, you will need to start a new topic when you have the time available to promptly complete all instructions.

If your topic has been closed due to inactivity, do NOT request that your topic be reopened - we do NOT reopen topics unless they have been closed in error - you will need to start a NEW topic with NEW DDS logs. Do NOT attempt to start a new topic with a post that is essentially a reply to your closed topic.



Post new topic This topic is locked, you cannot edit posts or make further replies.  Page 1 of 1
  [ 11 posts ] 
  Previous topic | First unread post | Next topic 
Author Message
Col
 Post subject: Browser Hijack
New postPosted: Fri 09 Mar, 2012 6:14 am 
Offline
Active Member

Joined: Fri 09 Mar, 2012 6:03 am
Posts: 6
Hi all,

It seems that Firefox 10.0.2 has been hijacked (I have not tried other browsers), and AVG (up to date definitions) returns no problems after a full scan. When I use Google, I am sometimes directed to sites other than the one indicated by the result. XP (SP3). Any help would be greatly appreciated.

Thanks,

Colin.

Code:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_26
Run by Colin at 20:58:51 on 2012-03-08
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1022.480 [GMT -8:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Free Firewall *Enabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11e_Plugin.exe -update plugin
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [FaxCenterServer] "c:\program files\dell pc fax\fm3032.exe" /s
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 5.0\apdproxy.exe"
mRun: [dlcxmon.exe] "c:\program files\dell photo aio printer 926\dlcxmon.exe"
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 926\memcard.exe"
mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: microsoft.com\www.update
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262129548546
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9FAF0881-C55E-4C25-B278-E2E141D41D91} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.0.6\ViProtocol.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1   www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\colin\application data\mozilla\firefox\profiles\4vi4bi4d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 295248]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-11-9 525840]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497280]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\10.0.6\ToolbarUpdater.exe [2012-1-19 909152]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-12-31 11520]
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2012-01-12 16:53:24   1859968   ----a-w-   c:\windows\system32\win32k.sys
2011-12-17 19:46:36   916992   ----a-w-   c:\windows\system32\wininet.dll
2011-12-17 19:46:36   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58   385024   ----a-w-   c:\windows\system32\html.iec
2011-12-16 03:40:36   3183330   ----a-w-   c:\documents and settings\all users\SPL190.tmp
.
=================== ROOTKIT  ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3160215A rev.3.AAD -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x85FA049F]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x85fa7740]; MOV EAX, [0x85fa78b4]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX;  }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x867D6AB8]
3 CLASSPNP[0xF78A3FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\00000058[0x86750F18]
5 ACPI[0xF781A620] -> nt!IofCallDriver[0x804E37D5] -> [0x86782940]
\Driver\atapi[0x8653E898] -> IRP_MJ_CREATE -> 0x85FA049F
error: Read  A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a;  }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x85FA02C6
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 21:01:50.59 ===============


Code:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/29/2009 3:00:30 PM
System Uptime: 3/8/2012 5:51:08 PM (4 hours ago)
.
Motherboard: Dell Computer Corporation |  | 07W080
Processor:               Intel(R) Pentium(R) 4 CPU 1.80GHz | Socket 478 | 1794/400mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 107.923 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM (UDF)
G: is FIXED (NTFS) - 465 GiB total, 424.996 GiB free.
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP614: 12/9/2011 2:56:42 PM - System Checkpoint
RP615: 12/10/2011 3:38:52 PM - System Checkpoint
RP616: 12/11/2011 4:48:21 PM - System Checkpoint
RP617: 12/12/2011 4:52:12 PM - System Checkpoint
RP618: 12/13/2011 6:36:57 PM - System Checkpoint
RP619: 12/15/2011 11:11:05 AM - System Checkpoint
RP620: 12/15/2011 3:15:24 PM - Software Distribution Service 3.0
RP621: 12/17/2011 2:09:51 PM - System Checkpoint
RP622: 12/18/2011 2:34:40 PM - System Checkpoint
RP623: 12/19/2011 5:47:19 PM - System Checkpoint
RP624: 12/22/2011 10:48:46 AM - System Checkpoint
RP625: 12/23/2011 1:32:59 PM - System Checkpoint
RP626: 12/26/2011 3:15:17 PM - System Checkpoint
RP627: 12/27/2011 6:27:06 PM - System Checkpoint
RP628: 12/28/2011 7:42:53 PM - System Checkpoint
RP629: 12/30/2011 2:17:12 PM - System Checkpoint
RP630: 1/1/2012 1:47:38 PM - System Checkpoint
RP631: 1/2/2012 5:20:24 PM - System Checkpoint
RP632: 1/3/2012 7:28:59 PM - System Checkpoint
RP633: 1/5/2012 4:41:33 PM - System Checkpoint
RP634: 1/6/2012 5:40:26 PM - System Checkpoint
RP635: 1/7/2012 5:47:00 PM - System Checkpoint
RP636: 1/8/2012 6:03:11 PM - System Checkpoint
RP637: 1/9/2012 8:45:46 PM - System Checkpoint
RP638: 1/11/2012 12:41:47 PM - System Checkpoint
RP639: 1/12/2012 2:07:13 PM - System Checkpoint
RP640: 1/13/2012 2:55:21 PM - System Checkpoint
RP641: 1/16/2012 5:34:13 PM - System Checkpoint
RP642: 1/17/2012 5:46:37 PM - System Checkpoint
RP643: 1/19/2012 3:02:13 PM - System Checkpoint
RP644: 1/19/2012 9:16:22 PM - Software Distribution Service 3.0
RP645: 1/21/2012 4:52:14 PM - System Checkpoint
RP646: 1/22/2012 6:45:39 PM - System Checkpoint
RP647: 1/23/2012 7:19:40 PM - System Checkpoint
RP648: 1/23/2012 9:11:18 PM - Software Distribution Service 3.0
RP649: 1/25/2012 4:44:39 PM - System Checkpoint
RP650: 1/26/2012 6:59:29 PM - System Checkpoint
RP651: 1/27/2012 7:08:07 PM - System Checkpoint
RP652: 1/29/2012 12:11:05 PM - System Checkpoint
RP653: 1/30/2012 12:14:34 PM - System Checkpoint
RP654: 1/31/2012 4:04:15 PM - System Checkpoint
RP655: 1/31/2012 8:15:24 PM - Software Distribution Service 3.0
RP656: 2/1/2012 3:25:01 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
RP657: 2/2/2012 3:26:11 PM - System Checkpoint
RP658: 2/3/2012 5:09:53 PM - System Checkpoint
RP659: 2/5/2012 1:51:04 PM - System Checkpoint
RP660: 2/6/2012 5:44:00 PM - System Checkpoint
RP661: 2/7/2012 6:44:04 PM - System Checkpoint
RP662: 2/9/2012 12:02:01 PM - System Checkpoint
RP663: 2/10/2012 3:17:58 PM - System Checkpoint
RP664: 2/11/2012 6:48:17 PM - System Checkpoint
RP665: 2/12/2012 6:57:21 PM - System Checkpoint
RP666: 2/15/2012 11:48:00 AM - System Checkpoint
RP667: 2/15/2012 11:07:50 PM - Software Distribution Service 3.0
RP668: 2/17/2012 5:13:28 PM - System Checkpoint
RP669: 2/19/2012 5:15:48 PM - System Checkpoint
RP670: 2/20/2012 5:57:34 PM - System Checkpoint
RP671: 2/22/2012 10:50:00 AM - System Checkpoint
RP672: 2/23/2012 7:51:25 PM - System Checkpoint
RP673: 2/24/2012 8:20:33 PM - System Checkpoint
RP674: 2/28/2012 8:51:06 AM - System Checkpoint
RP675: 3/1/2012 8:15:33 AM - System Checkpoint
RP676: 3/3/2012 11:58:46 AM - System Checkpoint
RP677: 3/5/2012 9:11:53 AM - System Checkpoint
RP678: 3/6/2012 12:02:47 PM - System Checkpoint
RP679: 3/7/2012 3:05:59 PM - System Checkpoint
RP680: 3/8/2012 4:33:43 PM - System Checkpoint
RP681: 3/8/2012 5:47:32 PM - Restore Operation
RP682: 3/8/2012 8:07:32 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Center 2.1
Adobe Photoshop Elements 5.0
Adobe Reader 9.5.0
Apple Application Support
Apple Software Update
AVG 2012
AVG PC Tuneup 2011
AVG Security Toolbar
BCM V.92 56K Modem
Broadcom 440x 10/100 Integrated Controller
Coupon Printer for Windows
Dell PC Fax
Dell Photo AIO Printer 926
emWave PC
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Intel(R) Extreme Graphics Driver
Java Auto Updater
Java(TM) 6 Update 26
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 10.0.2 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Opera 10.50
QuickTime
Revo Uninstaller 1.91
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923789)
Skype™ 5.5
SoundMAX
Spybot - Search & Destroy
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB971029)
VC 9.0 Runtime
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebEx
WebFldrs XP
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
ZoneAlarm Firewall
ZoneAlarm Free
ZoneAlarm Security
ZoneAlarm Toolbar
.
==== Event Viewer Messages From Past Week ========
.
3/8/2012 12:40:53 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
3/8/2012 12:40:53 PM, error: Service Control Manager [7000]  - The IMAPI CD-Burning COM Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
3/8/2012 12:34:43 PM, error: BROWSER [8007]  - The browser was unable to update the service status bits.  The data is the error.
3/7/2012 2:21:27 PM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
3/5/2012 8:53:21 AM, error: Service Control Manager [7034]  - The dlcx_device service terminated unexpectedly.  It has done this 1 time(s).
.
==== End Of File ===========================


Last edited by Col on Mon 12 Mar, 2012 9:33 pm, edited 2 times in total.

Top
 Profile E-mail  
 
pgmigg
 Post subject: Re: Browser Hijack
New postPosted: Sat 10 Mar, 2012 2:04 am 
Offline
MRU Honors Graduate
MRU Honors Graduate
User avatar

Joined: Tue 08 Jul, 2008 6:25 pm
Posts: 1680
Location: GMT-05:00
Hello Col,

Welcome to the forum! :)

My name is pgmigg and I'll be helping you with any malware problems.

Currently I am working under the guidance of the MRU teachers and everything I post to you, must first be approved by them.
This additional review process can add some extra time to my responses, but I will post back with instructions for you as soon as possible.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your log and will return, as soon as possible, with additional instructions. In the meantime...
Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.
_________________

Top
 Profile E-mail  
 
Col
 Post subject: Re: Browser Hijack
New postPosted: Sat 10 Mar, 2012 10:14 pm 
Offline
Active Member

Joined: Fri 09 Mar, 2012 6:03 am
Posts: 6
Hello pgmigg,

Thank you for your reply and welcoming me.

I understand your guidelines and look forward to receiving your help.

Again, thank you.

Col.

Top
 Profile E-mail  
 
pgmigg
 Post subject: Re: Browser Hijack
New postPosted: Mon 12 Mar, 2012 6:25 am 
Offline
MRU Honors Graduate
MRU Honors Graduate
User avatar

Joined: Tue 08 Jul, 2008 6:25 pm
Posts: 1680
Location: GMT-05:00
Hello Col,

Thank you for your patience... :)

TDSSKiller - Scan only
Please download the TDSSKiller.exe by Kaspersky and save it to your Desktop. <-Important!!!
  1. Right-click and select "Run As Administrator" TDSSKiller.exe to run the tool for known TDSS variants.
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com). If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
    1. If the scan completes with nothing found please
      • Click Report at the right upper corner to open it now.
      • Copy and paste the contents of that report in your next reply and click Close to exit.
    2. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
      • Ensure SKIP is selected... DO NOT attempt to FIX anything yet!
      • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
      • A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
      • Copy and paste the contents of that file in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of TDSSKiller report file.
  3. Do you see any changes in computer behavior?

Thanks,
pgmigg
_________________

Top
 Profile E-mail  
 
Col
 Post subject: Re: Browser Hijack
New postPosted: Mon 12 Mar, 2012 9:14 pm 
Offline
Active Member

Joined: Fri 09 Mar, 2012 6:03 am
Posts: 6
Hi pgmigg,

I ran the utility but hit the following snags:

* "Can't Initialize Log" - OK

* "Can't Load Driver" - OK

There was a positive result (a root kit of some kind) - I selected "skip", but there was no log. I reran the utility, but it now instantly returns "no threats found" (it clearly does not rerun - even after a reboot).

Thanks.

Top
 Profile E-mail  
 
Col
 Post subject: Re: Browser Hijack
New postPosted: Mon 12 Mar, 2012 9:27 pm 
Offline
Active Member

Joined: Fri 09 Mar, 2012 6:03 am
Posts: 6
Hi,

Renamed the file and ran it again. This time, I received no warnings. There is no "Report" to click!? In any case, I checked the C drive and both reports were there. Here's the second report:

Code:
13:20:29.0000 1464   TDSS rootkit removing tool 2.7.20.0 Mar  9 2012 17:10:43
13:20:31.0000 1464   ============================================================
13:20:31.0000 1464   Current date / time: 2012/03/12 13:20:31.0000
13:20:31.0000 1464   SystemInfo:
13:20:31.0000 1464   
13:20:31.0000 1464   OS Version: 5.1.2600 ServicePack: 3.0
13:20:31.0000 1464   Product type: Workstation
13:20:31.0000 1464   ComputerName: USER-Q9A3N37BO8
13:20:31.0000 1464   UserName: Colin
13:20:31.0000 1464   Windows directory: C:\WINDOWS
13:20:31.0000 1464   System windows directory: C:\WINDOWS
13:20:31.0000 1464   Processor architecture: Intel x86
13:20:31.0000 1464   Number of processors: 1
13:20:31.0000 1464   Page size: 0x1000
13:20:31.0000 1464   Boot type: Normal boot
13:20:31.0000 1464   ============================================================
13:20:34.0421 1464   Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:20:34.0453 1464   Drive \Device\Harddisk1\DR2 - Size: 0x7446E00000 (465.11 Gb), SectorSize: 0x200, Cylinders: 0xED2B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:20:40.0984 1464   \Device\Harddisk0\DR0:
13:20:41.0015 1464   MBR used
13:20:41.0015 1464   \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
13:20:41.0015 1464   \Device\Harddisk1\DR2:
13:20:41.0015 1464   MBR used
13:20:41.0015 1464   \Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A236800
13:20:41.0156 1464   Initialize success
13:20:41.0156 1464   ============================================================
13:20:46.0875 3048   ============================================================
13:20:46.0875 3048   Scan started
13:20:46.0875 3048   Mode: Manual;
13:20:46.0875 3048   ============================================================
13:20:47.0234 3048   Abiosdsk - ok
13:20:47.0359 3048   abp480n5 - ok
13:20:47.0593 3048   ACPI            (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:20:47.0593 3048   ACPI - ok
13:20:47.0828 3048   ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:20:47.0828 3048   ACPIEC - ok
13:20:48.0000 3048   adpu160m - ok
13:20:48.0203 3048   aeaudio         (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
13:20:48.0203 3048   aeaudio - ok
13:20:48.0421 3048   aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:20:48.0437 3048   aec - ok
13:20:48.0656 3048   AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:20:48.0671 3048   AFD - ok
13:20:48.0828 3048   Aha154x - ok
13:20:48.0953 3048   aic78u2 - ok
13:20:49.0078 3048   aic78xx - ok
13:20:49.0140 3048   AliIde - ok
13:20:49.0234 3048   amsint - ok
13:20:49.0359 3048   asc - ok
13:20:49.0437 3048   asc3350p - ok
13:20:49.0515 3048   asc3550 - ok
13:20:49.0734 3048   AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:20:49.0734 3048   AsyncMac - ok
13:20:49.0921 3048   atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:20:49.0921 3048   atapi - ok
13:20:50.0078 3048   Atdisk - ok
13:20:50.0234 3048   Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:20:50.0250 3048   Atmarpc - ok
13:20:50.0437 3048   audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:20:50.0437 3048   audstub - ok
13:20:50.0640 3048   AVGIDSDriver    (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
13:20:50.0656 3048   AVGIDSDriver - ok
13:20:50.0843 3048   AVGIDSEH        (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
13:20:50.0843 3048   AVGIDSEH - ok
13:20:51.0000 3048   AVGIDSFilter    (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
13:20:51.0000 3048   AVGIDSFilter - ok
13:20:51.0187 3048   AVGIDSShim      (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
13:20:51.0187 3048   AVGIDSShim - ok
13:20:51.0406 3048   Avgldx86        (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
13:20:51.0421 3048   Avgldx86 - ok
13:20:51.0593 3048   Avgmfx86        (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
13:20:51.0609 3048   Avgmfx86 - ok
13:20:51.0812 3048   Avgrkx86        (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
13:20:51.0828 3048   Avgrkx86 - ok
13:20:52.0015 3048   Avgtdix         (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
13:20:52.0015 3048   Avgtdix - ok
13:20:52.0218 3048   bcm4sbxp        (b60f57b4d9cdbc663cc03eb8af7ec34e) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
13:20:52.0218 3048   bcm4sbxp - ok
13:20:52.0437 3048   BCMModem        (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys
13:20:52.0468 3048   BCMModem - ok
13:20:52.0703 3048   Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:20:52.0703 3048   Beep - ok
13:20:52.0875 3048   BVRPMPR5        (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
13:20:52.0906 3048   BVRPMPR5 - ok
13:20:53.0078 3048   cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:20:53.0093 3048   cbidf2k - ok
13:20:53.0265 3048   CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:20:53.0265 3048   CCDECODE - ok
13:20:53.0406 3048   cd20xrnt - ok
13:20:53.0546 3048   Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:20:53.0546 3048   Cdaudio - ok
13:20:53.0718 3048   Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:20:53.0718 3048   Cdfs - ok
13:20:53.0906 3048   Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:20:53.0921 3048   Cdrom - ok
13:20:54.0046 3048   Changer - ok
13:20:54.0218 3048   CmdIde - ok
13:20:54.0375 3048   Cpqarray - ok
13:20:54.0546 3048   dac2w2k - ok
13:20:54.0734 3048   dac960nt - ok
13:20:54.0984 3048   Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:20:55.0000 3048   Disk - ok
13:20:55.0218 3048   dmboot          (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:20:55.0250 3048   dmboot - ok
13:20:55.0421 3048   dmio            (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:20:55.0437 3048   dmio - ok
13:20:55.0578 3048   dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:20:55.0578 3048   dmload - ok
13:20:55.0796 3048   DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:20:55.0796 3048   DMusic - ok
13:20:55.0968 3048   dpti2o - ok
13:20:56.0156 3048   drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:20:56.0156 3048   drmkaud - ok
13:20:56.0375 3048   Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:20:56.0375 3048   Fastfat - ok
13:20:56.0593 3048   Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:20:56.0593 3048   Fdc - ok
13:20:56.0765 3048   Fips            (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:20:56.0765 3048   Fips - ok
13:20:56.0937 3048   Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:20:56.0937 3048   Flpydisk - ok
13:20:57.0140 3048   FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:20:57.0187 3048   FltMgr - ok
13:20:57.0359 3048   Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:20:57.0359 3048   Fs_Rec - ok
13:20:57.0500 3048   Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:20:57.0500 3048   Ftdisk - ok
13:20:57.0671 3048   Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:20:57.0671 3048   Gpc - ok
13:20:57.0875 3048   HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:20:57.0890 3048   HidUsb - ok
13:20:58.0015 3048   hpn - ok
13:20:58.0140 3048   HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:20:58.0156 3048   HTTP - ok
13:20:58.0312 3048   i2omgmt - ok
13:20:58.0437 3048   i2omp - ok
13:20:58.0578 3048   i8042prt        (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:20:58.0593 3048   i8042prt - ok
13:20:58.0843 3048   ialm            (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
13:20:58.0875 3048   ialm - ok
13:20:59.0093 3048   Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:20:59.0093 3048   Imapi - ok
13:20:59.0250 3048   ini910u - ok
13:20:59.0437 3048   IntelIde        (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:20:59.0437 3048   IntelIde - ok
13:20:59.0609 3048   intelppm        (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:20:59.0609 3048   intelppm - ok
13:20:59.0812 3048   ip6fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:20:59.0812 3048   ip6fw - ok
13:20:59.0968 3048   IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:20:59.0984 3048   IpFilterDriver - ok
13:21:00.0171 3048   IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:21:00.0171 3048   IpInIp - ok
13:21:00.0343 3048   IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:21:00.0359 3048   IpNat - ok
13:21:00.0531 3048   IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:21:00.0531 3048   IPSec - ok
13:21:00.0687 3048   IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:21:00.0687 3048   IRENUM - ok
13:21:00.0859 3048   isapnp          (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:21:00.0859 3048   isapnp - ok
13:21:01.0015 3048   ISWKL           (08a811bfd207dfdec588881c18bacbaa) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
13:21:01.0031 3048   ISWKL - ok
13:21:01.0234 3048   Kbdclass        (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:21:01.0234 3048   Kbdclass - ok
13:21:01.0421 3048   kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:21:01.0437 3048   kmixer - ok
13:21:01.0593 3048   KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:21:01.0625 3048   KSecDD - ok
13:21:01.0796 3048   lbrtfdc - ok
13:21:02.0015 3048   mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:21:02.0015 3048   mnmdd - ok
13:21:02.0187 3048   Modem           (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:21:02.0203 3048   Modem - ok
13:21:02.0359 3048   MODEMCSA        (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
13:21:02.0375 3048   MODEMCSA - ok
13:21:02.0546 3048   Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:21:02.0562 3048   Mouclass - ok
13:21:02.0734 3048   mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:21:02.0734 3048   mouhid - ok
13:21:02.0906 3048   MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:21:02.0906 3048   MountMgr - ok
13:21:03.0046 3048   mraid35x - ok
13:21:03.0203 3048   MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:21:03.0203 3048   MRxDAV - ok
13:21:03.0390 3048   MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:21:03.0406 3048   MRxSmb - ok
13:21:03.0640 3048   Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:21:03.0640 3048   Msfs - ok
13:21:03.0843 3048   MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:21:03.0843 3048   MSKSSRV - ok
13:21:04.0000 3048   MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:21:04.0015 3048   MSPCLOCK - ok
13:21:04.0203 3048   MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:21:04.0203 3048   MSPQM - ok
13:21:04.0359 3048   mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:21:04.0359 3048   mssmbios - ok
13:21:04.0531 3048   MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
13:21:04.0546 3048   MSTEE - ok
13:21:04.0687 3048   Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:21:04.0718 3048   Mup - ok
13:21:04.0906 3048   NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:21:04.0921 3048   NABTSFEC - ok
13:21:05.0109 3048   NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:21:05.0109 3048   NDIS - ok
13:21:05.0281 3048   NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:21:05.0312 3048   NdisIP - ok
13:21:05.0484 3048   NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:21:05.0500 3048   NdisTapi - ok
13:21:05.0687 3048   Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:21:05.0687 3048   Ndisuio - ok
13:21:05.0921 3048   NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:21:05.0921 3048   NdisWan - ok
13:21:06.0109 3048   NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:21:06.0125 3048   NDProxy - ok
13:21:06.0281 3048   NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:21:06.0296 3048   NetBIOS - ok
13:21:06.0453 3048   NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:21:06.0468 3048   NetBT - ok
13:21:06.0718 3048   Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:21:06.0718 3048   Npfs - ok
13:21:06.0953 3048   Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:21:06.0984 3048   Ntfs - ok
13:21:07.0171 3048   Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:21:07.0203 3048   Null - ok
13:21:07.0359 3048   NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:21:07.0390 3048   NwlnkFlt - ok
13:21:07.0546 3048   NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:21:07.0546 3048   NwlnkFwd - ok
13:21:07.0765 3048   Parport         (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
13:21:07.0781 3048   Parport - ok
13:21:07.0953 3048   PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:21:07.0953 3048   PartMgr - ok
13:21:08.0125 3048   ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:21:08.0125 3048   ParVdm - ok
13:21:08.0328 3048   PCI             (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:21:08.0343 3048   PCI - ok
13:21:08.0437 3048   PCIDump - ok
13:21:08.0578 3048   PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:21:08.0593 3048   PCIIde - ok
13:21:08.0750 3048   Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:21:08.0750 3048   Pcmcia - ok
13:21:08.0921 3048   PDCOMP - ok
13:21:09.0093 3048   PDFRAME - ok
13:21:09.0250 3048   PDRELI - ok
13:21:09.0375 3048   PDRFRAME - ok
13:21:09.0453 3048   perc2 - ok
13:21:09.0546 3048   perc2hib - ok
13:21:09.0765 3048   PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:21:09.0765 3048   PptpMiniport - ok
13:21:10.0000 3048   Processor       (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
13:21:10.0000 3048   Processor - ok
13:21:10.0203 3048   PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:21:10.0203 3048   PSched - ok
13:21:10.0390 3048   Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:21:10.0390 3048   Ptilink - ok
13:21:10.0562 3048   PxHelp20        (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:21:10.0609 3048   PxHelp20 - ok
13:21:10.0765 3048   ql1080 - ok
13:21:10.0890 3048   Ql10wnt - ok
13:21:10.0984 3048   ql12160 - ok
13:21:11.0109 3048   ql1240 - ok
13:21:11.0171 3048   ql1280 - ok
13:21:11.0359 3048   RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:21:11.0359 3048   RasAcd - ok
13:21:11.0562 3048   Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:21:11.0562 3048   Rasl2tp - ok
13:21:11.0781 3048   RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:21:11.0796 3048   RasPppoe - ok
13:21:12.0015 3048   Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:21:12.0015 3048   Raspti - ok
13:21:12.0203 3048   Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:21:12.0218 3048   Rdbss - ok
13:21:12.0390 3048   RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:21:12.0390 3048   RDPCDD - ok
13:21:12.0578 3048   RDPWD           (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
13:21:12.0593 3048   RDPWD - ok
13:21:12.0765 3048   redbook         (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:21:12.0765 3048   redbook - ok
13:21:13.0046 3048   Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:21:13.0046 3048   Secdrv - ok
13:21:13.0250 3048   serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:21:13.0250 3048   serenum - ok
13:21:13.0421 3048   Serial          (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
13:21:13.0421 3048   Serial - ok
13:21:13.0640 3048   Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:21:13.0640 3048   Sfloppy - ok
13:21:13.0781 3048   Simbad - ok
13:21:13.0906 3048   SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:21:13.0937 3048   SLIP - ok
13:21:14.0140 3048   smwdm           (70b8dd8707dbf6142530c106365df67d) C:\WINDOWS\system32\drivers\smwdm.sys
13:21:14.0203 3048   smwdm - ok
13:21:14.0328 3048   Sparrow - ok
13:21:14.0468 3048   splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:21:14.0468 3048   splitter - ok
13:21:14.0671 3048   sr              (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:21:14.0671 3048   sr - ok
13:21:14.0859 3048   Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:21:14.0875 3048   Srv - ok
13:21:15.0062 3048   streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:21:15.0062 3048   streamip - ok
13:21:15.0250 3048   swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:21:15.0250 3048   swenum - ok
13:21:15.0437 3048   swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:21:15.0437 3048   swmidi - ok
13:21:15.0609 3048   symc810 - ok
13:21:15.0734 3048   symc8xx - ok
13:21:15.0812 3048   sym_hi - ok
13:21:15.0890 3048   sym_u3 - ok
13:21:16.0140 3048   sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:21:16.0140 3048   sysaudio - ok
13:21:16.0343 3048   Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:21:16.0406 3048   Tcpip - ok
13:21:16.0593 3048   TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:21:16.0609 3048   TDPIPE - ok
13:21:16.0765 3048   TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:21:16.0765 3048   TDTCP - ok
13:21:16.0937 3048   TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:21:16.0937 3048   TermDD - ok
13:21:17.0093 3048   TosIde - ok
13:21:17.0250 3048   Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:21:17.0250 3048   Udfs - ok
13:21:17.0390 3048   ultra - ok
13:21:17.0578 3048   Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:21:17.0593 3048   Update - ok
13:21:17.0796 3048   usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
13:21:17.0796 3048   usbaudio - ok
13:21:17.0968 3048   usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:21:17.0968 3048   usbccgp - ok
13:21:18.0156 3048   usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:21:18.0156 3048   usbehci - ok
13:21:18.0343 3048   usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:21:18.0343 3048   usbhub - ok
13:21:18.0531 3048   usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:21:18.0531 3048   usbprint - ok
13:21:18.0718 3048   usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:21:18.0718 3048   usbscan - ok
13:21:18.0906 3048   USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:21:18.0906 3048   USBSTOR - ok
13:21:19.0140 3048   usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:21:19.0140 3048   usbuhci - ok
13:21:19.0343 3048   usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
13:21:19.0359 3048   usbvideo - ok
13:21:19.0531 3048   VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:21:19.0531 3048   VgaSave - ok
13:21:19.0687 3048   ViaIde - ok
13:21:19.0843 3048   VolSnap         (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:21:19.0843 3048   VolSnap - ok
13:21:20.0031 3048   Vsdatant        (558cee3d9c470651f1843d51b42d761b) C:\WINDOWS\system32\vsdatant.sys
13:21:20.0109 3048   Vsdatant - ok
13:21:20.0328 3048   Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:21:20.0328 3048   Wanarp - ok
13:21:20.0515 3048   WDC_SAM         (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
13:21:20.0515 3048   WDC_SAM - ok
13:21:20.0687 3048   WDICA - ok
13:21:20.0859 3048   wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:21:20.0859 3048   wdmaud - ok
13:21:21.0156 3048   WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:21:21.0156 3048   WS2IFSL - ok
13:21:21.0343 3048   WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:21:21.0343 3048   WSTCODEC - ok
13:21:21.0515 3048   WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:21:21.0578 3048   WudfPf - ok
13:21:21.0734 3048   WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:21:21.0750 3048   WudfRd - ok
13:21:21.0843 3048   MBR (0x1B8)     (faee7e40dfb0440ad2cfc39befa1f4c2) \Device\Harddisk0\DR0
13:21:21.0875 3048   \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
13:21:21.0875 3048   \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
13:21:21.0890 3048   MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2
13:21:21.0906 3048   \Device\Harddisk1\DR2 - ok
13:21:21.0921 3048   Boot (0x1200)   (a9e4d2e6ee6549c24a61f95dc07d89a7) \Device\Harddisk0\DR0\Partition0
13:21:21.0921 3048   \Device\Harddisk0\DR0\Partition0 - ok
13:21:21.0937 3048   Boot (0x1200)   (12465cb012d0ff36e8a8e89b655ef92a) \Device\Harddisk1\DR2\Partition0
13:21:21.0937 3048   \Device\Harddisk1\DR2\Partition0 - ok
13:21:21.0937 3048   ============================================================
13:21:21.0937 3048   Scan finished
13:21:21.0953 3048   ============================================================
13:21:21.0984 2888   Detected object count: 1
13:21:21.0984 2888   Actual detected object count: 1
13:21:36.0437 2888   \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - skipped by user
13:21:36.0437 2888   \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Skip


Top
 Profile E-mail  
 
pgmigg
 Post subject: Re: Browser Hijack
New postPosted: Mon 12 Mar, 2012 9:49 pm 
Offline
MRU Honors Graduate
MRU Honors Graduate
User avatar

Joined: Tue 08 Jul, 2008 6:25 pm
Posts: 1680
Location: GMT-05:00
Hello Col,

Rootkit Warning

Your computer has multiple infections, including a Rootkit. A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.

You are strongly advised to do the following:

  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).

DO NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

Due to its rootkit functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and re-installation of the operating system (OS). However, if you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so.

To help you understand more, please take some time to read the following articles:

What are rootkits from Wikipedia
Why are rootkits dangerous
How do I respond to a possible identity theft and how do I prevent it
When should do a reformat and reinstallation of my OS
Where to backup your files
Restoring your backups

Should you have any questions please feel free to ask.

Please let us know what you have decided to do in your next post.

Thanks,
pgmigg

Top
 Profile E-mail  
 
Col
 Post subject: Re: Browser Hijack
New postPosted: Mon 12 Mar, 2012 9:55 pm 
Offline
Active Member

Joined: Fri 09 Mar, 2012 6:03 am
Posts: 6
Understood. I'll login shortly from another computer.

Thanks.

Top
 Profile E-mail  
 
Col
 Post subject: Re: Browser Hijack
New postPosted: Thu 15 Mar, 2012 12:33 am 
Offline
Active Member

Joined: Fri 09 Mar, 2012 6:03 am
Posts: 6
Hi,

I was wondering, before I reformat and reinstall Windows: what's the chance of determining how the root kit got onto the system?

Thanks,

Colin.

Top
 Profile E-mail  
 
pgmigg
 Post subject: Re: Browser Hijack
New postPosted: Thu 15 Mar, 2012 7:17 pm 
Offline
MRU Honors Graduate
MRU Honors Graduate
User avatar

Joined: Tue 08 Jul, 2008 6:25 pm
Posts: 1680
Location: GMT-05:00
Hello Col,

I appreciate your decision to reformat and reinstall. At least you can be sure that your computer is not compromised anymore... :D
Quote:
I was wondering, before I reformat and reinstall Windows: what's the chance of determining how the root kit got onto the system?
I don't think that there is adequate explanation to answer your question.

Finally, please click HERE
to find a short guide to staying safer online and avoid if possible another chance to receive a Rootkit as well as any other infection.

Please don't hesitate to ask any additional questions.

Stay Safe! ;)
pgmigg

Top
 Profile E-mail  
 
deltalima
 Post subject: Re: Browser Hijack
New postPosted: Mon 19 Mar, 2012 8:58 am 
Offline
Admin/Teacher
Admin/Teacher
User avatar

Joined: Sat 28 Feb, 2009 9:38 pm
Posts: 7372
Location: UK
As your problems appear to require a reformat, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.

Top
 Profile E-mail  
 
Display posts from previous:  Sort by  
Post new topic This topic is locked, you cannot edit posts or make further replies.  Page 1 of 1
  [ 11 posts ] 

Board index » Malware Removal » Malware Removal

All times are UTC [ DST ]

Who is online

Users browsing this forum: doby108, Gary R and 10 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.

Member site: Alliance of Security Analysis Professionals | UNITE Against Malware

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group