Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Internet Redirects

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Internet Redirects

Unread postby GradStudent » May 30th, 2010, 12:31 am

Results of new look.txt:

Volume in drive C has no label.
Volume Serial Number is 9464-AE67

Directory of C:\Documents and Settings\Doug and Becky\Local Settings\Application Data\cenprgbgk

05/14/2010 02:47 AM <DIR> .
05/14/2010 02:47 AM <DIR> ..
0 File(s) 0 bytes

Total Files Listed:
0 File(s) 0 bytes
2 Dir(s) 50,886,373,376 bytes free
GradStudent
Regular Member
 
Posts: 28
Joined: May 24th, 2010, 11:53 pm
Advertisement
Register to Remove

Re: Internet Redirects

Unread postby GradStudent » May 30th, 2010, 12:40 am

The most recent MBAM report:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4136

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/24/2010 1:56:13 AM
mbam-log-2010-05-24 (01-56-13).txt

Scan type: Full scan (C:\|)
Objects scanned: 237982
Time elapsed: 2 hour(s), 39 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
GradStudent
Regular Member
 
Posts: 28
Joined: May 24th, 2010, 11:53 pm

Re: Internet Redirects

Unread postby GradStudent » May 30th, 2010, 12:46 am

SysProt log:

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
No Hidden Kernel Modules found

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwCreateKey
Address: F7AB097E
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateThread
Address: F7AB0974
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDeleteKey
Address: F7AB0983
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDeleteValueKey
Address: F7AB098D
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDeviceIoControlFile
Address: F7B2925D
Driver Base: F7B1F000
Driver End: F7B38000
Driver Name: IPVNMon.sys

Function Name: ZwLoadKey
Address: F7AB0992
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenProcess
Address: F7AB0960
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenThread
Address: F7AB0965
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwReplaceKey
Address: F7AB099C
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwRestoreKey
Address: F7AB0997
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetValueKey
Address: F7AB0988
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateProcess
Address: F7AB096F
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: DOUGSPC:2856
Remote Address: LAX04S01-IN-F137.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DOUGSPC:2853
Remote Address: LAX04S01-IN-F101.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DOUGSPC:2852
Remote Address: PW-IN-F139.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DOUGSPC:2851
Remote Address: LAX04S01-IN-F104.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DOUGSPC:2850
Remote Address: LAX04S01-IN-F104.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DOUGSPC:2849
Remote Address: STYLETOWN.RU:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: CLOSE_WAIT

Local Address: DOUGSPC:2848
Remote Address: LAX04S01-IN-F101.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: DOUGSPC:1314
Remote Address: UNKNOWN.IAD.SCNET.NET:HTTP
Type: TCP
Process: C:\WINDOWS\SYSTEM32\svchost.exe
State: ESTABLISHED

Local Address: DOUGSPC:1041
Remote Address: A65.197.244.80.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: C:\Program Files\Common Files\Java\Java Update\jucheck.exe
State: CLOSE_WAIT

Local Address: DOUGSPC:1033
Remote Address: LAX04S01-IN-F104.1E100.NET:HTTP
Type: TCP
Process: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
State: CLOSE_WAIT

Local Address: DOUGSPC:1031
Remote Address: 65.19.143.88:HTTP
Type: TCP
Process: C:\Program Files\Dell\Media Experience\PCMService.exe
State: CLOSE_WAIT

Local Address: DOUGSPC:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: DOUGSPC:27015
Remote Address: LOCALHOST:1029
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
State: ESTABLISHED

Local Address: DOUGSPC:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
State: LISTENING

Local Address: DOUGSPC:5354
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: LISTENING

Local Address: DOUGSPC:5152
Remote Address: LOCALHOST:2629
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: CLOSE_WAIT

Local Address: DOUGSPC:5152
Remote Address: LOCALHOST:2628
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: CLOSE_WAIT

Local Address: DOUGSPC:5152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: LISTENING

Local Address: DOUGSPC:2632
Remote Address: LOCALHOST:2631
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: DOUGSPC:2631
Remote Address: LOCALHOST:2632
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: DOUGSPC:2627
Remote Address: LOCALHOST:2626
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: DOUGSPC:2626
Remote Address: LOCALHOST:2627
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: DOUGSPC:1030
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\SYSTEM32\alg.exe
State: LISTENING

Local Address: DOUGSPC:1029
Remote Address: LOCALHOST:27015
Type: TCP
Process: C:\Program Files\iTunes\iTunesHelper.exe
State: ESTABLISHED

Local Address: DOUGSPC:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: DOUGSPC:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\SYSTEM32\svchost.exe
State: LISTENING

Local Address: DOUGSPC:64245
Remote Address: NA
Type: UDP
Process: C:\Documents and Settings\Doug and Becky\Application Data\mjusbsp\magicJack.exe
State: NA

Local Address: DOUGSPC:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: DOUGSPC:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\SYSTEM32\svchost.exe
State: NA

Local Address: DOUGSPC:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: DOUGSPC:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: DOUGSPC:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\SYSTEM32\svchost.exe
State: NA

Local Address: DOUGSPC:64245
Remote Address: NA
Type: UDP
Process: C:\Documents and Settings\Doug and Becky\Application Data\mjusbsp\magicJack.exe
State: NA

Local Address: DOUGSPC:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\SYSTEM32\svchost.exe
State: NA

Local Address: DOUGSPC:1232
Remote Address: NA
Type: UDP
Process: C:\Documents and Settings\Doug and Becky\Application Data\mjusbsp\magicJack.exe
State: NA

Local Address: DOUGSPC:1229
Remote Address: NA
Type: UDP
Process: C:\Documents and Settings\Doug and Becky\Application Data\mjusbsp\magicJack.exe
State: NA

Local Address: DOUGSPC:1228
Remote Address: NA
Type: UDP
Process: C:\Documents and Settings\Doug and Becky\Application Data\mjusbsp\magicJack.exe
State: NA

Local Address: DOUGSPC:1044
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\SYSTEM32\svchost.exe
State: NA

Local Address: DOUGSPC:1034
Remote Address: NA
Type: UDP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: NA

Local Address: DOUGSPC:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\SYSTEM32\svchost.exe
State: NA

Local Address: DOUGSPC:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\SYSTEM32\lsass.exe
State: NA

Local Address: DOUGSPC:1230
Remote Address: NA
Type: UDP
Process: C:\Documents and Settings\Doug and Becky\Application Data\mjusbsp\magicJack.exe
State: NA

Local Address: DOUGSPC:1025
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: DOUGSPC:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\SYSTEM32\lsass.exe
State: NA

Local Address: DOUGSPC:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

******************************************************************************************
******************************************************************************************
No hidden files/folders found
GradStudent
Regular Member
 
Posts: 28
Joined: May 24th, 2010, 11:53 pm

Re: Internet Redirects

Unread postby GradStudent » May 30th, 2010, 12:51 am

RE redirects:

Both Firefox and Internet Explorer web browsers are on our PC, but we normally only use Firefox, so we don't know if the same problem occurs in IE.
GradStudent
Regular Member
 
Posts: 28
Joined: May 24th, 2010, 11:53 pm

Re: Internet Redirects

Unread postby Jack&Jill » May 30th, 2010, 12:41 pm

Hello GradStudent :),

I need you to try Internet Explorer to see if any redirects are happening.

--------------------

Check some files with OTL
  • Double click on OTL.exe to run it.
  • Make sure all the None options is checked (ticked). There are eight of them.
  • Copy and paste the following text into the white box below Custom Scans/Fixes:
    Code: Select all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\drivers\*.sys /180
    
    DRIVERS32
  • Click on Run Scan at the top left hand corner.
  • When done, the OTL.txt file will open. Please post back the contents of this log.

--------------------

Please post back:
1. information about any redirects in IE
2. OTL log
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: Internet Redirects

Unread postby GradStudent » June 1st, 2010, 1:08 am

It turns out we are having the same problem with redirects with Internet Explorer as with Firefox.
GradStudent
Regular Member
 
Posts: 28
Joined: May 24th, 2010, 11:53 pm

Re: Internet Redirects

Unread postby GradStudent » June 1st, 2010, 1:12 am

Results of OTL.exe (I made sure all eight radio buttons were set to "None," but when the scan began, it changed the Standard Registry radio button back to "All"):

OTL logfile created on: 5/31/2010 10:08:32 PM - Run 2
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Doug and Becky\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.94 Gb Total Space | 47.29 Gb Free Space | 66.67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DOUGSPC
Current User Name: Doug and Becky
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave - C:\WINDOWS\System32\SERWVDRV.DLL (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\SERWVDRV.DLL (Microsoft Corporation)

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/01/18 17:57:01 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/05/18 05:08:49 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI
[2004/12/11 19:25:11 | 000,001,024 | ---- | M] () -- C:\callerid.fic
[2004/08/10 12:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/09/11 21:24:19 | 000,009,404 | ---- | M] () -- C:\CTSUFile.txt
[2006/05/23 19:09:38 | 000,002,335 | ---- | M] () -- C:\dadc0cb1-5c54-401e-9b74-10cbca3816e7.cab
[2004/11/29 04:58:36 | 000,004,543 | RH-- | M] () -- C:\DELL.SDR
[2010/05/31 21:42:31 | 1608,585,216 | -HS- | M] () -- C:\hiberfil.sys
[2004/08/10 12:14:36 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/10 12:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2004/11/29 05:30:13 | 000,000,749 | -H-- | M] () -- C:\IPH.PH
[2004/08/10 12:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/20 21:08:47 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[2010/05/31 21:42:29 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2004/11/29 05:30:24 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2006/05/19 19:40:42 | 000,000,172 | ---- | M] () -- C:\threatalerts.txt

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /180 >
[2009/12/07 23:33:15 | 000,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
[2010/02/24 06:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mrxsmb.sys
[2009/12/31 09:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\srv.sys
[2010/02/11 05:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\tcpip6.sys

< >
< End of report >
GradStudent
Regular Member
 
Posts: 28
Joined: May 24th, 2010, 11:53 pm

Re: Internet Redirects

Unread postby Jack&Jill » June 1st, 2010, 5:57 am

Hello GradStudent :),

Please download TDSSKiller© from Kaspersky and save it to your desktop. Click here.
  • Unzip TDSSKiller.exe from the zip file to the desktop.
  • Double click on TDSSKiller.exe to execute it.
  • You may be prompted to restart your computer during the disinfection process, please consent.
  • Once complete, a log will be produced at C:\. It will be named TDSSKiller.Version_Date_Time_log.txt, for example, C:\TDSSKiller.2.3.0.0_24.05.2010_15.31.43_log.txt.
  • Please post the contents of this log.

--------------------

Please post back:
1. the TDSSKiller log
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: Internet Redirects

Unread postby GradStudent » June 1st, 2010, 1:54 pm

TDSSKiller log:

10:43:19:578 0268 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
10:43:19:578 0268 ================================================================================
10:43:19:578 0268 SystemInfo:

10:43:19:578 0268 OS Version: 5.1.2600 ServicePack: 3.0
10:43:19:578 0268 Product type: Workstation
10:43:19:578 0268 ComputerName: DOUGSPC
10:43:19:593 0268 UserName: Doug and Becky
10:43:19:593 0268 Windows directory: C:\WINDOWS
10:43:19:593 0268 Processor architecture: Intel x86
10:43:19:593 0268 Number of processors: 1
10:43:19:593 0268 Page size: 0x1000
10:43:19:593 0268 Boot type: Normal boot
10:43:19:593 0268 ================================================================================
10:43:20:078 0268 Initialize success
10:43:20:078 0268
10:43:20:078 0268 Scanning Services ...
10:43:20:562 0268 Raw services enum returned 364 services
10:43:20:593 0268
10:43:20:593 0268 Scanning Drivers ...
10:43:22:640 0268 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
10:43:22:750 0268 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:43:22:875 0268 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:43:23:031 0268 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
10:43:23:140 0268 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:43:23:328 0268 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
10:43:23:515 0268 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
10:43:23:687 0268 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
10:43:23:906 0268 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
10:43:24:015 0268 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
10:43:24:125 0268 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
10:43:24:234 0268 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
10:43:24:359 0268 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
10:43:24:468 0268 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
10:43:24:593 0268 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
10:43:24:703 0268 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
10:43:25:125 0268 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
10:43:25:343 0268 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
10:43:25:468 0268 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
10:43:25:578 0268 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:43:25:734 0268 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:43:25:859 0268 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:43:25:968 0268 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:43:26:140 0268 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
10:43:26:359 0268 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
10:43:26:468 0268 avipbb (452e382340bb0c5e694ed9d3625356d0) C:\WINDOWS\system32\DRIVERS\avipbb.sys
10:43:26:640 0268 bcm4sbxp (068523d2cd260069b19ad68adea0d739) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
10:43:26:781 0268 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:43:26:906 0268 bvrp_pci (c915a416f265149471d74e0815c928b2) C:\WINDOWS\system32\drivers\bvrp_pci.sys
10:43:27:046 0268 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
10:43:27:125 0268 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:43:27:234 0268 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:43:27:375 0268 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
10:43:27:453 0268 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:43:27:625 0268 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:43:27:843 0268 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:43:28:031 0268 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
10:43:28:062 0268 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
10:43:28:203 0268 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
10:43:28:312 0268 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
10:43:28:421 0268 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:43:28:609 0268 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:43:28:828 0268 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:43:28:984 0268 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:43:29:140 0268 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:43:29:296 0268 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
10:43:29:453 0268 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
10:43:29:593 0268 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
10:43:29:687 0268 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:43:29:890 0268 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
10:43:30:000 0268 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
10:43:30:156 0268 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
10:43:30:250 0268 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
10:43:30:406 0268 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
10:43:30:562 0268 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:43:30:734 0268 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
10:43:30:906 0268 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:43:31:046 0268 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:43:31:203 0268 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:43:31:281 0268 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:43:31:406 0268 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:43:31:531 0268 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
10:43:31:687 0268 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:43:31:875 0268 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:43:32:046 0268 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
10:43:32:187 0268 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:43:32:312 0268 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
10:43:32:468 0268 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
10:43:32:578 0268 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:43:32:906 0268 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
10:43:33:109 0268 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:43:33:250 0268 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
10:43:33:406 0268 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
10:43:33:656 0268 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
10:43:33:890 0268 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
10:43:34:031 0268 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
10:43:34:140 0268 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:43:34:296 0268 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:43:34:421 0268 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:43:34:546 0268 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:43:34:734 0268 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:43:34:859 0268 IPSec (b3060156df30317b2177bfb2289d83db) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:43:34:875 0268 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ipsec.sys. Real md5: b3060156df30317b2177bfb2289d83db, Fake md5: 23c74d75e36e7158768dd63d92789a91
10:43:34:875 0268 File "C:\WINDOWS\system32\DRIVERS\ipsec.sys" infected by TDSS rootkit ... 10:43:37:093 0268 Backup copy found, using it..
10:43:37:125 0268 will be cured on next reboot
10:43:37:281 0268 IPVNMon (0b46016d4df29ff99edb33fadb643cbb) C:\WINDOWS\system32\drivers\IPVNMon.sys
10:43:37:437 0268 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:43:37:562 0268 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:43:37:765 0268 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:43:37:921 0268 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:43:38:140 0268 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
10:43:38:281 0268 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:43:38:453 0268 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:43:38:609 0268 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:43:38:750 0268 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:43:38:890 0268 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
10:43:39:046 0268 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
10:43:39:265 0268 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:43:39:406 0268 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:43:39:578 0268 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:43:39:687 0268 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
10:43:39:796 0268 MREMP50 (80b2ec735495823ae5771a5f603e73bd) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
10:43:39:859 0268 MRESP50 (37d7c22f7e26da90e2d2d260e5d27846) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
10:43:40:218 0268 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:43:40:343 0268 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:43:40:500 0268 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:43:40:593 0268 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:43:40:750 0268 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:43:40:875 0268 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:43:41:031 0268 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:43:41:156 0268 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
10:43:41:328 0268 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
10:43:41:421 0268 MxlW2k (a1520761f42dbb06db7929d6fa9753ea) C:\WINDOWS\system32\drivers\MxlW2k.sys
10:43:41:562 0268 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:43:41:734 0268 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:43:41:843 0268 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:43:41:968 0268 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:43:42:250 0268 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:43:42:859 0268 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:43:43:390 0268 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
10:43:43:625 0268 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:43:43:765 0268 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:43:43:937 0268 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:43:44:125 0268 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:43:44:234 0268 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:43:44:421 0268 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:43:44:656 0268 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:43:44:796 0268 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:43:44:937 0268 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
10:43:45:093 0268 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
10:43:45:218 0268 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:43:45:343 0268 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:43:45:484 0268 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:43:45:640 0268 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:43:45:734 0268 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:43:46:062 0268 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
10:43:46:171 0268 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
10:43:46:328 0268 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:43:46:468 0268 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:43:46:593 0268 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:43:46:734 0268 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:43:46:890 0268 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
10:43:47:000 0268 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
10:43:47:171 0268 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
10:43:47:281 0268 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
10:43:47:390 0268 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
10:43:47:468 0268 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:43:47:609 0268 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:43:47:734 0268 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:43:47:921 0268 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:43:48:109 0268 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:43:48:218 0268 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:43:48:328 0268 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:43:48:500 0268 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
10:43:48:625 0268 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:43:48:796 0268 RTL8187B (4e812ac89eec95aac9cacea29a0f8dc8) C:\WINDOWS\system32\DRIVERS\wg111v3.sys
10:43:48:953 0268 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:43:49:187 0268 senfilt (9a4c4a4b191200f12085d188be70e4e3) C:\WINDOWS\system32\drivers\senfilt.sys
10:43:49:359 0268 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:43:49:500 0268 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
10:43:49:640 0268 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:43:49:828 0268 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
10:43:49:937 0268 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:43:50:109 0268 smwdm (479533bacc58b1edf916855bcd139556) C:\WINDOWS\system32\drivers\smwdm.sys
10:43:50:234 0268 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
10:43:50:359 0268 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:43:50:515 0268 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:43:50:640 0268 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
10:43:50:765 0268 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
10:43:50:875 0268 ssmdrv (654dfea96bc82b4acda4f37e5e4a3bbf) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
10:43:51:015 0268 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
10:43:51:171 0268 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:43:51:281 0268 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:43:51:421 0268 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:43:51:531 0268 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
10:43:51:593 0268 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
10:43:51:609 0268 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
10:43:51:640 0268 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
10:43:51:703 0268 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:43:51:875 0268 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:43:52:046 0268 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:43:52:187 0268 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:43:52:359 0268 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:43:52:484 0268 tfsnboio (75b30b9ea32fe7d8bbc332d3b944ad46) C:\WINDOWS\system32\dla\tfsnboio.sys
10:43:52:609 0268 tfsncofs (b811a431b14694d88eb5befaa55b4501) C:\WINDOWS\system32\dla\tfsncofs.sys
10:43:52:734 0268 tfsndrct (f5e2cf2144f1fe51dadd6e9063d311eb) C:\WINDOWS\system32\dla\tfsndrct.sys
10:43:52:906 0268 tfsndres (e32b32045b6b914fd4caae8be6ca7e8a) C:\WINDOWS\system32\dla\tfsndres.sys
10:43:53:078 0268 tfsnifs (43034b10a94d1c6f13a1a0e848f51226) C:\WINDOWS\system32\dla\tfsnifs.sys
10:43:53:218 0268 tfsnopio (f5ee0faafde37326ea35acbfa5defd3d) C:\WINDOWS\system32\dla\tfsnopio.sys
10:43:53:343 0268 tfsnpool (597348eb65b3e19709e9a45ca2b30b61) C:\WINDOWS\system32\dla\tfsnpool.sys
10:43:53:468 0268 tfsnudf (767affd52432a0f7e7d39f6ff64401f4) C:\WINDOWS\system32\dla\tfsnudf.sys
10:43:53:593 0268 tfsnudfa (2806b2fd00263ccd90cc0638c6139eb0) C:\WINDOWS\system32\dla\tfsnudfa.sys
10:43:53:765 0268 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
10:43:53:875 0268 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:43:54:046 0268 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
10:43:54:171 0268 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:43:54:359 0268 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
10:43:54:468 0268 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:43:54:593 0268 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:43:54:734 0268 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:43:54:890 0268 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:43:55:078 0268 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:43:55:250 0268 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:43:55:375 0268 USB_RNDIS_XP (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
10:43:55:546 0268 VF0350Afx (e8532ccc886588219bceb3ea6f9f5339) C:\WINDOWS\system32\Drivers\V0350Afx.sys
10:43:55:703 0268 VF0350Vfx (86326062a90494bdd79ce383511d7d69) C:\WINDOWS\system32\DRIVERS\V0350VFx.sys
10:43:55:828 0268 VF0350Vid (f9a3663065a897cec4a48c9854b35cd3) C:\WINDOWS\system32\DRIVERS\V0350Vid.sys
10:43:56:000 0268 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:43:56:156 0268 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
10:43:56:312 0268 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
10:43:56:515 0268 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:43:56:640 0268 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:43:56:875 0268 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:43:57:062 0268 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:43:57:250 0268 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:43:57:453 0268 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:43:57:625 0268 {6080A529-897E-4629-A488-ABA0C29B635E} (61002db7b6efb5711685b9d79b8e8ce6) C:\WINDOWS\system32\drivers\ialmsbw.sys
10:43:57:796 0268 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (35ce2baa708ea038ab72359de87bab87) C:\WINDOWS\system32\drivers\ialmkchw.sys
10:43:57:859 0268 Reboot required for cure complete..
10:43:58:312 0268 Cure on reboot scheduled successfully
10:43:58:312 0268
10:43:58:312 0268 Completed
10:43:58:312 0268
10:43:58:312 0268 Results:
10:43:58:312 0268 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
10:43:58:312 0268 File objects infected / cured / cured on reboot: 1 / 0 / 1
10:43:58:312 0268
10:43:58:328 0268 KLMD(ARK) unloaded successfully
GradStudent
Regular Member
 
Posts: 28
Joined: May 24th, 2010, 11:53 pm

Re: Internet Redirects

Unread postby Jack&Jill » June 1st, 2010, 8:03 pm

Hello GradStudent :),

Please download ComboFix© by sUBs from one of the links below and save it to your desktop.

Link 1
Link 2

Do not mouse click on ComboFix while it is running. That may cause it to stall. ComboFix is a powerful tool and must not be used without supervision.

Install Recovery Console and run ComboFix
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily when running ComboFix. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here.
  • Double click on ComboFix.exe and follow the prompts.
  • As part of its process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. You will be asked to install it if it is not present in your computer. Click Yes to proceed.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    Note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue its malware removal procedures.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, click on Yes to continue scanning for malware.
  • When finished, a log will be produced as C:\ComboFix.txt. Please post this log in your next reply.
  • If you lose Internet connection after running ComboFix, right click on the network icon at the system tray and select Repair, or you can reboot the computer.
  • Enable back your security softwares as soon as you completed the ComboFix steps.

A detailed step by step tutorial to run ComboFix can be found here if you need help.

--------------------

Please post back:
1. the ComboFix log
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: Internet Redirects

Unread postby Jack&Jill » June 3rd, 2010, 9:10 pm

Hello GradStudent :),

It has been 2 days since my last post. Do you still need help? Any problems following my instructions? Need more time?

If I do not get any response within the next 24 hours, this topic will be closed.
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: Internet Redirects

Unread postby GradStudent » June 4th, 2010, 1:29 am

Our apologies for any delay. I am completing the most recent tasks sent to us and I will post the reports very shortly.
GradStudent
Regular Member
 
Posts: 28
Joined: May 24th, 2010, 11:53 pm

Re: Internet Redirects

Unread postby GradStudent » June 4th, 2010, 2:24 am

Combofix log.txt report:

ComboFix 10-06-03.01 - Doug and Becky 06/03/2010 22:39:37.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.849 [GMT -7:00]
Running from: c:\documents and settings\Doug and Becky\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\Startup\Setup.exe
c:\documents and settings\Doug and Becky\Recent\Thumbs.db
c:\windows\system32\drivers\fad.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FAD


((((((((((((((((((((((((( Files Created from 2010-05-04 to 2010-06-04 )))))))))))))))))))))))))))))))
.

2010-06-03 23:51 . 2010-06-03 23:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-06-01 13:20 . 2010-06-01 13:19 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-29 02:27 . 2010-05-29 02:27 -------- d-----w- C:\_OTL
2010-05-29 02:23 . 2010-05-29 02:23 -------- d-----w- c:\program files\ERUNT
2010-05-26 02:56 . 2010-05-26 02:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-05-25 03:48 . 2010-05-25 03:48 -------- d-----w- c:\program files\trendmicro
2010-05-18 16:11 . 2010-05-18 16:11 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-18 16:06 . 2010-05-18 16:06 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-05-18 13:06 . 2010-05-18 13:06 -------- d-----w- c:\documents and settings\Doug and Becky\Application Data\Malwarebytes
2010-05-18 13:06 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-18 13:06 . 2010-05-18 13:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-18 13:06 . 2010-05-18 13:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-18 13:06 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-14 09:45 . 2010-05-14 09:47 -------- d-----w- c:\documents and settings\Doug and Becky\Local Settings\Application Data\cenprgbgk
2010-05-14 04:46 . 2010-05-14 04:46 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-05-14 04:46 . 2010-05-14 04:47 -------- d-----w- c:\documents and settings\Doug and Becky\Local Settings\Application Data\Temp
2010-05-10 22:54 . 2010-05-10 22:54 -------- d-----w- c:\program files\JRE
2010-05-10 22:42 . 2010-05-10 22:42 -------- d-----w- c:\program files\readmes
2010-05-10 22:42 . 2010-05-10 22:42 -------- d-----w- c:\program files\redist
2010-05-10 22:42 . 2010-05-10 22:42 -------- d-----w- c:\program files\licenses

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-02 22:18 . 2009-08-29 01:12 1 ----a-w- c:\documents and settings\Doug and Becky\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-01 17:49 . 2009-08-29 19:26 -------- d-----w- c:\documents and settings\Doug and Becky\Application Data\mjusbsp
2010-06-01 17:45 . 2004-08-04 11:00 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2010-06-01 13:20 . 2008-07-24 13:01 -------- d-----w- c:\program files\Common Files\Java
2010-05-25 03:48 . 2010-05-25 03:48 388096 ----a-r- c:\documents and settings\Doug and Becky\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-25 02:39 . 2010-05-25 02:39 348160 ----a-w- c:\documents and settings\Doug and Becky\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2f363095-n\msvcr71.dll
2010-05-25 02:39 . 2010-05-25 02:39 503808 ----a-w- c:\documents and settings\Doug and Becky\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2f363095-n\msvcp71.dll
2010-05-25 02:39 . 2010-05-25 02:39 499712 ----a-w- c:\documents and settings\Doug and Becky\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2f363095-n\jmc.dll
2010-05-25 02:39 . 2010-05-25 02:39 61440 ----a-w- c:\documents and settings\Doug and Becky\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-65fbe609-n\decora-sse.dll
2010-05-25 02:39 . 2010-05-25 02:39 12800 ----a-w- c:\documents and settings\Doug and Becky\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-65fbe609-n\decora-d3d.dll
2010-05-18 16:09 . 2004-12-02 20:57 103256 ----a-w- c:\documents and settings\Doug and Becky\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-14 04:47 . 2007-03-24 21:28 -------- d-----w- c:\program files\Google
2010-05-13 21:10 . 2009-10-13 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-12 18:21 . 2009-10-02 21:10 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-12 04:01 . 2009-08-29 01:45 -------- d-----w- c:\documents and settings\Doug and Becky\Application Data\Skype
2010-05-10 22:54 . 2009-08-29 01:07 -------- d-----w- c:\program files\OpenOffice.org 3
2010-05-10 22:42 . 2008-07-24 13:05 -------- d-----w- c:\program files\Java
2010-05-01 04:07 . 2010-05-01 04:05 -------- d-----w- c:\program files\iTunes
2010-05-01 04:05 . 2010-05-01 04:05 -------- d-----w- c:\program files\iPod
2010-05-01 04:05 . 2010-03-01 01:17 -------- d-----w- c:\program files\Common Files\Apple
2010-05-01 03:56 . 2010-05-01 03:56 -------- d-----w- c:\program files\Bonjour
2010-05-01 03:54 . 2010-05-01 03:54 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-23 04:19 . 2009-10-13 01:45 -------- d-----w- c:\program files\Microsoft Works
2010-04-23 04:18 . 2010-04-23 04:18 -------- d-----w- c:\program files\MSBuild
2010-04-17 05:05 . 2010-03-01 01:34 -------- d-----w- c:\documents and settings\Doug and Becky\Application Data\Apple Computer
2010-04-08 20:20 . 2010-04-08 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 20:20 . 2010-04-08 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-10 06:15 . 2004-08-04 11:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-02 13:09 . 2010-02-02 13:09 135558563 ----a-w- c:\program files\openofficeorg1.cab
2010-02-02 13:09 . 2010-02-02 13:09 10177536 ----a-w- c:\program files\openofficeorg32.msi
2010-02-01 23:27 . 2010-02-01 23:27 290 ----a-w- c:\program files\setup.ini
2009-10-13 00:55 . 2009-10-13 00:37 526428264 ----a-w- c:\program files\X12-30307.exe
2007-09-20 20:07 . 2007-09-20 20:04 124607748 ----a-w- c:\program files\OOo_2.3.0_Win32Intel_install_wJRE_en-US.exe
2007-06-17 21:28 . 2007-06-17 21:28 1626624 -c--a-w- c:\program files\RhapsodyPlayerEngine_gt.msi
2005-06-19 02:12 . 2005-06-19 02:12 1968105 -c--a-w- c:\program files\tabview.zip
2007-09-04 20:53 . 2007-09-04 20:53 848 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"Creative Live! Cam Manager"="c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-06-07 155648]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"cdloader"="c:\documents and settings\Doug and Becky\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-29 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~2\mimboot.exe" [2006-01-19 11776]
"IPInSightMonitor 01"="c:\program files\Visual Networks\Visual IP InSight\SprintESol\IPMon32.exe" [2003-06-12 122880]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-24 57344]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-11-16 127035]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"V0350Mon.exe"="c:\windows\V0350Mon.exe" [2007-08-23 28672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\Doug and Becky\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Doug and Becky\\Application Data\\mjusbsp\\magicJack.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/12/2009 3:57 PM 108289]
R3 VF0350Afx;VF0350 Audio FX;c:\windows\SYSTEM32\DRIVERS\V0350Afx.sys [9/11/2009 9:28 PM 142656]
R3 VF0350Vfx;VF0350 Video FX;c:\windows\SYSTEM32\DRIVERS\V0350Vfx.sys [9/11/2009 9:28 PM 7424]
R3 VF0350Vid;Live! Cam Video IM (VF0350);c:\windows\SYSTEM32\DRIVERS\V0350Vid.sys [9/11/2009 9:28 PM 170368]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/13/2010 9:46 PM 136176]
S2 mrtRate;mrtRate; [x]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\SYSTEM32\DRIVERS\wg111v3.sys [4/23/2007 11:11 AM 224896]

--- Other Services/Drivers In Memory ---

*Deregistered* - IPVNMon
.
Contents of the 'Scheduled Tasks' folder

2010-06-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 04:46]

2010-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 04:46]

2004-12-02 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\OOBEBALN.EXE [2004-08-04 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {40272BF7-4FF5-4D6F-9BAD-3C1D3CB32982} - hxxp://www.live365.com/players/p365vip.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pbells.broadjump.com/wizlet/att ... Client.cab
FF - ProfilePath - c:\documents and settings\Doug and Becky\Application Data\Mozilla\Firefox\Profiles\u2vuh1g1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\Doug and Becky\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-03 22:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2156)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\progra~1\MUSICM~1\MUSICM~2\MMDiag.exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-06-03 23:02:31 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-04 06:02

Pre-Run: 50,444,316,672 bytes free
Post-Run: 50,447,634,432 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - F186DA6C31755E65F68696E420AB3DDB
GradStudent
Regular Member
 
Posts: 28
Joined: May 24th, 2010, 11:53 pm

Re: Internet Redirects

Unread postby Jack&Jill » June 4th, 2010, 10:06 am

Hello GradStudent :),

Do an online scan with ESET Online Scanner.
Please be patient as scanning will take quite some time. If you have problem running the scan, you might want to disable any real time protection that you have.
  • Click here to go to ESET Online Scanner page.
  • Click on ESET Online Scanner. A new window will open.
    For FireFox user, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
  • After reading through the Terms of Use, check YES, I accept the Terms of Use and click Start to begin scan.
  • You will be prompted to install an ActiveX Control from ESET. Please install.
  • At the Computer scan settings section, uncheck (untick) Remove found threats and then check Scan archives.
  • Now, click on Advanced settings and make sure all these are checked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click on Scan to proceed.
  • Click Finish and close the window.
  • Navigate to C:\Program Files\ESET\ESET Online Scanner using Windows Explorer and look for log.txt.
  • Post the contents of log.txt in your reply.

--------------------

Please post back:
1. ESET online scan result
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: Internet Redirects

Unread postby GradStudent » June 4th, 2010, 7:34 pm

ESET online scan result (it said, "no errors found"):

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=2b445107db8e7a4783ba0eba95b993c6
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-06-04 11:29:24
# local_time=2010-06-04 04:29:24 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775141 100 100 0 50451078 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=82360
# found=0
# cleaned=0
# scan_time=13656
GradStudent
Regular Member
 
Posts: 28
Joined: May 24th, 2010, 11:53 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 387 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware