Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

All browsers redirecting, Firefox, Chrome, I.E.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

All browsers redirecting, Firefox, Chrome, I.E.

Unread postby djmatteo » April 7th, 2011, 2:52 pm

Recently our computer has been infected with something that redirects to various sights such as radonwheweb or lumaoutdoorentertainment and some other sights that I failed to take note of. After running a few various scanners and finding no results I have found my way here. Hopefully you can make heads or tails of this problem.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Sue at 13:38:06.50 on Thu 04/07/2011
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.516 [GMT -5:00]
.
AV: AVG Anti-Virus *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\ScanSoft\TextBridgePro11.0\opware32.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\IP Scanner\Receiver\MGS.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\IP Scanner\scantoprint\s2p.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TeamViewer\Version6\tv_w32.exe
C:\Program Files\hp\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\hp\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\hp\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Sue\My Documents\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "c:\documents and settings\sue\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [OpAgent] "OpAgent.exe" /agent
uRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
mRun: [StatusClient 2.6] c:\program files\hewlett-packard\toolbox\statusclient\StatusClient.exe /auto
mRun: [TomcatStartup 2.5] c:\program files\hewlett-packard\toolbox\hpbpsttp.exe
mRun: [OrderReminder] c:\program files\hewlett-packard\orderreminder\orderreminder\OrderReminder.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Omnipage] c:\program files\scansoft\textbridgepro11.0\opware32.exe
mRun: [ScanSoft OmniPage 16-reminder] "c:\program files\scansoft\omnipage16\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\omnipage 16\ereg\Ereg.ini"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [Bing Bar] "c:\program files\msn toolbar\platform\5.0.1449.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\imager~1.lnk - c:\program files\ip scanner\receiver\MGS.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windows ... 4591699515
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Extermin ... iVirus.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\sue\applic~1\mozilla\firefox\profiles\v60vlcfm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IP2TDF&PC=IP2TDF&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c6560de ... g=en-US&q=
FF - plugin: c:\documents and settings\sue\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [2008-4-28 120832]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-8-13 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-8-13 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-8-13 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-8-13 243024]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-8-13 308136]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2010-12-3 2222376]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-2-26 1684736]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-26 517448]
S4 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2009-6-10 309744]
S4 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-6-10 1124848]
S4 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2009-6-10 166384]
.
=============== Created Last 30 ================
.
2011-04-07 14:15:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\PCPitstop
2011-04-07 14:14:23 -------- d-----w- c:\program files\PCPitstop
2011-04-07 13:42:21 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-04-07 13:42:21 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-04-07 13:42:21 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-04-07 13:42:21 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-04-07 13:42:21 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-04-07 13:42:21 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-04-07 13:42:21 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-04-07 13:42:21 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-06 15:41:36 -------- d-----w- c:\windows\pss
2011-03-30 18:20:26 -------- d-----w- c:\docume~1\sue\applic~1\Malwarebytes
2011-03-30 18:20:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-30 18:20:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-03-30 18:20:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-30 18:20:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-28 21:17:13 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-03-28 21:17:13 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-22 16:32:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\Brother
2011-03-22 16:32:44 -------- d-----w- c:\program files\Brownie
2011-03-15 13:42:46 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
.
==================== Find3M ====================
.
2011-03-22 21:40:19 138 ---ha-w- c:\docume~1\sue\applic~1\lakerda1967.sys
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3160318AS rev.CC45 -> Harddisk0\DR0 -> \Device\Ide\IdePort3 P3T0L0-10
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A131439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a1377d0]; MOV EAX, [0x8a13784c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A1AF030]
3 CLASSPNP[0xB80C8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000093[0x8A1529E8]
5 ACPI[0xB7F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A1B3D98]
\Driver\atapi[0x8A177920] -> IRP_MJ_CREATE -> 0x8A131439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\Ide\IdeDeviceP3T0L0-10 -> \??\IDE#DiskST3160318AS_____________________________CC45____#5&1cc24b4d&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A13127F
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 13:39:28.70 ===============


NLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/13/2010 11:06:24 AM
System Uptime: 4/7/2011 12:46:00 PM (1 hours ago)
.
Motherboard: MSI | | K9N6PGM2-V2 (MS-7309)
Processor: AMD Athlon(tm) II X2 240 Processor | CPU1 | 2812/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 109 GiB total, 72.54 GiB free.
D: is FIXED (NTFS) - 40 GiB total, 35.458 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet 6000 E609n
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 6000 E609n
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP312: 1/7/2011 1:22:26 AM - System Checkpoint
RP313: 1/8/2011 2:22:26 AM - System Checkpoint
RP314: 1/9/2011 4:10:26 AM - System Checkpoint
RP315: 1/10/2011 4:46:19 AM - System Checkpoint
RP316: 1/6/2011 10:04:40 AM - System Checkpoint
RP317: 1/10/2011 12:46:55 PM - System Checkpoint
RP318: 1/11/2011 3:00:13 AM - Software Distribution Service 3.0
RP319: 1/12/2011 3:00:13 AM - Software Distribution Service 3.0
RP320: 1/13/2011 3:00:54 AM - System Checkpoint
RP321: 1/14/2011 4:24:53 AM - System Checkpoint
RP322: 1/15/2011 5:36:53 AM - System Checkpoint
RP323: 1/16/2011 6:24:53 AM - System Checkpoint
RP324: 1/17/2011 7:12:53 AM - System Checkpoint
RP325: 1/18/2011 10:04:20 AM - System Checkpoint
RP326: 1/19/2011 11:04:56 AM - System Checkpoint
RP327: 1/20/2011 3:52:29 PM - System Checkpoint
RP328: 1/21/2011 4:02:20 PM - System Checkpoint
RP329: 1/22/2011 4:12:50 PM - System Checkpoint
RP330: 1/23/2011 8:57:12 PM - System Checkpoint
RP331: 1/24/2011 9:00:50 PM - System Checkpoint
RP332: 1/25/2011 10:00:49 PM - System Checkpoint
RP333: 1/26/2011 11:12:47 PM - System Checkpoint
RP334: 1/28/2011 12:00:43 AM - System Checkpoint
RP335: 1/29/2011 12:48:41 AM - System Checkpoint
RP336: 1/30/2011 1:24:40 AM - System Checkpoint
RP337: 1/31/2011 2:00:40 AM - System Checkpoint
RP338: 2/1/2011 3:36:41 AM - System Checkpoint
RP339: 2/2/2011 4:22:05 AM - System Checkpoint
RP340: 2/3/2011 6:12:41 AM - System Checkpoint
RP341: 2/4/2011 7:12:29 AM - System Checkpoint
RP342: 2/5/2011 8:00:29 AM - System Checkpoint
RP343: 2/6/2011 10:00:29 AM - System Checkpoint
RP344: 2/7/2011 10:01:34 AM - System Checkpoint
RP345: 2/8/2011 12:22:23 PM - System Checkpoint
RP346: 2/9/2011 4:20:12 PM - System Checkpoint
RP347: 2/10/2011 3:00:14 AM - Software Distribution Service 3.0
RP348: 2/11/2011 3:16:45 AM - System Checkpoint
RP349: 2/12/2011 3:48:19 AM - System Checkpoint
RP350: 2/13/2011 4:12:19 AM - System Checkpoint
RP351: 2/14/2011 4:48:19 AM - System Checkpoint
RP352: 2/15/2011 5:56:07 AM - System Checkpoint
RP353: 2/16/2011 7:36:19 AM - System Checkpoint
RP354: 2/17/2011 10:03:36 AM - System Checkpoint
RP355: 2/18/2011 12:44:32 PM - System Checkpoint
RP356: 2/19/2011 1:24:19 PM - System Checkpoint
RP357: 2/20/2011 2:12:19 PM - System Checkpoint
RP358: 2/21/2011 4:06:09 PM - System Checkpoint
RP359: 2/22/2011 4:35:23 PM - System Checkpoint
RP360: 2/23/2011 4:47:48 PM - System Checkpoint
RP361: 2/24/2011 5:34:18 PM - System Checkpoint
RP362: 2/25/2011 5:35:23 PM - System Checkpoint
RP363: 2/26/2011 7:45:19 PM - System Checkpoint
RP364: 2/27/2011 8:10:19 PM - System Checkpoint
RP365: 2/28/2011 8:34:20 PM - System Checkpoint
RP366: 3/1/2011 9:34:18 PM - System Checkpoint
RP367: 3/2/2011 3:00:14 AM - Software Distribution Service 3.0
RP368: 3/3/2011 3:06:32 AM - System Checkpoint
RP369: 3/4/2011 3:30:30 AM - System Checkpoint
RP370: 3/5/2011 3:31:05 AM - System Checkpoint
RP371: 3/6/2011 4:18:30 AM - System Checkpoint
RP372: 3/7/2011 5:06:30 AM - System Checkpoint
RP373: 3/8/2011 5:54:32 AM - System Checkpoint
RP374: 3/9/2011 3:00:13 AM - Software Distribution Service 3.0
RP375: 3/10/2011 4:06:31 AM - System Checkpoint
RP376: 3/11/2011 4:42:29 AM - System Checkpoint
RP377: 3/12/2011 6:08:01 AM - System Checkpoint
RP378: 3/13/2011 8:06:29 AM - System Checkpoint
RP379: 3/14/2011 9:58:33 AM - System Checkpoint
RP380: 3/15/2011 8:37:37 AM - Avg Update
RP381: 3/15/2011 8:42:25 AM - Avg Update
RP382: 3/15/2011 8:43:17 AM - Avg Update
RP383: 3/16/2011 8:53:58 AM - System Checkpoint
RP384: 3/17/2011 9:48:14 AM - System Checkpoint
RP385: 3/18/2011 9:53:58 AM - System Checkpoint
RP386: 3/19/2011 10:29:59 AM - System Checkpoint
RP387: 3/20/2011 11:17:58 AM - System Checkpoint
RP388: 3/21/2011 2:28:56 PM - System Checkpoint
RP389: 3/22/2011 5:00:13 PM - System Checkpoint
RP390: 3/23/2011 3:00:13 AM - Software Distribution Service 3.0
RP391: 3/28/2011 4:16:42 PM - Restore Operation
RP392: 3/29/2011 4:41:34 PM - System Checkpoint
RP393: 3/30/2011 5:22:26 PM - System Checkpoint
RP394: 3/31/2011 8:22:26 PM - System Checkpoint
RP395: 4/1/2011 9:22:26 PM - System Checkpoint
RP396: 4/2/2011 10:22:24 PM - System Checkpoint
RP397: 4/3/2011 11:12:29 PM - System Checkpoint
RP398: 4/4/2011 11:21:52 PM - System Checkpoint
RP399: 4/6/2011 12:21:46 AM - System Checkpoint
RP400: 4/7/2011 9:57:46 AM - System Checkpoint
RP401: 4/7/2011 1:34:30 PM - Removed WorldWinner Games
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
6000E609_eDocs
6000E609_Help
6000E609n
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
AVG 9.0
Bing Bar
Bing Bar Platform
BPDSoftware
BPDSoftware_Ini
Brother HL-3070CW
BufferChm
CDDRV_Installer
Critical Update for Windows Media Player 11 (KB959772)
DeviceDiscovery
DirectX 9 Runtime
docXConverter 3.1.1
EasyLog USB
Google Chrome
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 14.0
HP Deskjet 6500
HP Imaging Device Functions 14.0
hp LaserJet-all-in-one
HP Officejet 6000 E609 Series
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPProductAssistant
HPSSupply
IP Scanner
KhalInstallWrapper
LaserAIO
Logitech Registration
Logitech SetPoint
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Professional
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 4.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
Network
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
OrderReminder hp LaserJet 3015/3020/3030/3380
ProductContext
QFolder
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio CinePlayer
Roxio Creator XE
Roxio Express Labeler 3
Roxio File Backup
Roxio Update Manager
Scan
ScanSoft OmniPage 16
ScanSoft PDF Create! 4
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
Sonic CinePlayer Decoder Pack
Status
TextBridge Pro 11.0
Toolbox
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows PowerShell(TM) 1.0 MUI pack
Windows Search 4.0
WinZip 14.5
.
==== Event Viewer Messages From Past Week ========
.
4/7/2011 8:47:10 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/6/2011 10:47:27 AM, error: Service Control Manager [7000] - The SeaPort service failed to start due to the following error: The system cannot find the path specified.
4/6/2011 10:47:18 AM, error: DCOM [10009] - DCOM was unable to communicate with the computer MATT-HP using any of the configured protocols.
.
==== End Of File ===========================
djmatteo
Active Member
 
Posts: 8
Joined: April 7th, 2011, 2:34 pm
Advertisement
Register to Remove

Re: All browsers redirecting, Firefox, Chrome, I.E.

Unread postby Cypher » April 9th, 2011, 6:44 am

Hi.
Checking your logs now be right back.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: All browsers redirecting, Firefox, Chrome, I.E.

Unread postby Cypher » April 9th, 2011, 6:50 am

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • The instructions being given are for YOUR computer and system only!.
    Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Absence of symptoms does not mean that everything is clear.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Backup your data - XP
Backup your data - Vista
Backup your data - windows 7



Please download TDSSKiller.zip and extract (unzip) it to your Desktop.
  • Double click on TDSSKiller.exe to launch it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: All browsers redirecting, Firefox, Chrome, I.E.

Unread postby djmatteo » April 11th, 2011, 9:52 am

2011/04/11 08:46:14.0968 5368 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/11 08:46:15.0171 5368 ================================================================================
2011/04/11 08:46:15.0171 5368 SystemInfo:
2011/04/11 08:46:15.0171 5368
2011/04/11 08:46:15.0171 5368 OS Version: 5.1.2600 ServicePack: 3.0
2011/04/11 08:46:15.0171 5368 Product type: Workstation
2011/04/11 08:46:15.0171 5368 ComputerName: GML-1
2011/04/11 08:46:15.0171 5368 UserName: Sue
2011/04/11 08:46:15.0171 5368 Windows directory: C:\WINDOWS
2011/04/11 08:46:15.0171 5368 System windows directory: C:\WINDOWS
2011/04/11 08:46:15.0171 5368 Processor architecture: Intel x86
2011/04/11 08:46:15.0171 5368 Number of processors: 2
2011/04/11 08:46:15.0171 5368 Page size: 0x1000
2011/04/11 08:46:15.0171 5368 Boot type: Normal boot
2011/04/11 08:46:15.0171 5368 ================================================================================
2011/04/11 08:46:15.0531 5368 Initialize success
2011/04/11 08:46:20.0125 4720 ================================================================================
2011/04/11 08:46:20.0125 4720 Scan started
2011/04/11 08:46:20.0125 4720 Mode: Manual;
2011/04/11 08:46:20.0125 4720 ================================================================================
2011/04/11 08:46:22.0031 4720 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/04/11 08:46:22.0062 4720 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/11 08:46:22.0109 4720 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/11 08:46:22.0125 4720 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/04/11 08:46:22.0156 4720 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/11 08:46:22.0187 4720 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/04/11 08:46:22.0234 4720 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/04/11 08:46:22.0328 4720 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/04/11 08:46:22.0390 4720 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/04/11 08:46:22.0421 4720 ahcix86 (18876330870fe64bf38dd5e3bfac110b) C:\WINDOWS\system32\DRIVERS\ahcix86.sys
2011/04/11 08:46:22.0437 4720 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/04/11 08:46:22.0468 4720 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/04/11 08:46:22.0500 4720 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/04/11 08:46:22.0500 4720 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/04/11 08:46:22.0578 4720 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/04/11 08:46:22.0640 4720 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/04/11 08:46:22.0656 4720 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/04/11 08:46:22.0703 4720 AN983 (116bff96077a4a724e0aab800525ceb5) C:\WINDOWS\system32\DRIVERS\AN983.sys
2011/04/11 08:46:22.0734 4720 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/04/11 08:46:22.0734 4720 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/04/11 08:46:22.0750 4720 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/04/11 08:46:22.0796 4720 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/11 08:46:22.0812 4720 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/11 08:46:22.0875 4720 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/11 08:46:22.0921 4720 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/11 08:46:23.0000 4720 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys
2011/04/11 08:46:23.0015 4720 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\system32\Drivers\avgmfx86.sys
2011/04/11 08:46:23.0093 4720 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\WINDOWS\system32\Drivers\avgrkx86.sys
2011/04/11 08:46:23.0171 4720 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\system32\Drivers\avgtdix.sys
2011/04/11 08:46:23.0218 4720 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/11 08:46:23.0250 4720 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/04/11 08:46:23.0281 4720 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/11 08:46:23.0328 4720 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/04/11 08:46:23.0375 4720 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/11 08:46:23.0390 4720 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/11 08:46:23.0453 4720 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/11 08:46:23.0546 4720 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/04/11 08:46:23.0609 4720 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/04/11 08:46:23.0687 4720 CYGF32X (2ac98caaf07009fbd461208386e6e3c0) C:\WINDOWS\system32\drivers\CygF32x.sys
2011/04/11 08:46:23.0859 4720 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/04/11 08:46:23.0906 4720 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/04/11 08:46:23.0937 4720 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/11 08:46:24.0000 4720 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/11 08:46:24.0062 4720 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/11 08:46:24.0093 4720 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/11 08:46:24.0171 4720 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/11 08:46:24.0250 4720 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
2011/04/11 08:46:24.0312 4720 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
2011/04/11 08:46:24.0343 4720 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
2011/04/11 08:46:24.0406 4720 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/04/11 08:46:24.0453 4720 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/11 08:46:24.0500 4720 e1express (12774e08ae0b9b418e55e7338ad8b0dc) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2011/04/11 08:46:24.0578 4720 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/11 08:46:24.0640 4720 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/11 08:46:24.0687 4720 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/11 08:46:24.0718 4720 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/04/11 08:46:24.0750 4720 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/04/11 08:46:24.0812 4720 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/11 08:46:24.0843 4720 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/11 08:46:24.0906 4720 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/11 08:46:24.0953 4720 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/04/11 08:46:25.0000 4720 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/11 08:46:25.0031 4720 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/04/11 08:46:25.0156 4720 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/04/11 08:46:25.0218 4720 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/04/11 08:46:25.0265 4720 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/04/11 08:46:25.0328 4720 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/11 08:46:25.0406 4720 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/04/11 08:46:25.0437 4720 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/04/11 08:46:25.0484 4720 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/11 08:46:25.0546 4720 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/04/11 08:46:25.0593 4720 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/11 08:46:25.0718 4720 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/04/11 08:46:25.0921 4720 IntcAzAudAddService (3a3a539d7db808fad3b55740474a6d02) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/04/11 08:46:26.0062 4720 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/04/11 08:46:26.0093 4720 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/04/11 08:46:26.0125 4720 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/11 08:46:26.0125 4720 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/11 08:46:26.0234 4720 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/11 08:46:26.0265 4720 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/11 08:46:26.0328 4720 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/11 08:46:26.0390 4720 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/11 08:46:26.0421 4720 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/11 08:46:26.0453 4720 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/04/11 08:46:26.0484 4720 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/11 08:46:26.0531 4720 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/11 08:46:26.0593 4720 L8042Kbd (d88846f9f4f27ae9be584a6e5b6b8753) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
2011/04/11 08:46:26.0625 4720 L8042mou (bea61fda2103f6f51b14eb0872e8a050) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
2011/04/11 08:46:26.0718 4720 LMouKE (cab504e38fced9a56d87d838e9ba13e9) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
2011/04/11 08:46:26.0796 4720 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/11 08:46:26.0828 4720 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/11 08:46:26.0890 4720 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/04/11 08:46:26.0953 4720 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/11 08:46:27.0031 4720 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/11 08:46:27.0093 4720 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/11 08:46:27.0140 4720 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/04/11 08:46:27.0171 4720 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/11 08:46:27.0250 4720 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/11 08:46:27.0312 4720 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/11 08:46:27.0359 4720 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/11 08:46:27.0390 4720 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/11 08:46:27.0421 4720 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/11 08:46:27.0468 4720 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/11 08:46:27.0484 4720 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/11 08:46:27.0515 4720 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/11 08:46:27.0531 4720 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/11 08:46:27.0578 4720 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/11 08:46:27.0593 4720 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/11 08:46:27.0625 4720 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/11 08:46:27.0656 4720 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/11 08:46:27.0703 4720 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/11 08:46:27.0734 4720 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/11 08:46:27.0781 4720 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/11 08:46:27.0828 4720 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/11 08:46:28.0031 4720 nv (cb0ce8de9f66a297cd86eb98921b8e58) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/04/11 08:46:28.0343 4720 NVENETFD (45ba510db13a0496db1cd16826519e03) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/04/11 08:46:28.0406 4720 nvgts (1f790624ab1619cae0c78597bd33615b) C:\WINDOWS\system32\DRIVERS\nvgts.sys
2011/04/11 08:46:28.0437 4720 nvnetbus (57cbdb934fb1afb7e03b413d151a6152) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/04/11 08:46:28.0453 4720 nvrd32 (3802044ad8385654c620488da8c9f0d9) C:\WINDOWS\system32\DRIVERS\nvrd32.sys
2011/04/11 08:46:28.0484 4720 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/11 08:46:28.0500 4720 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/11 08:46:28.0531 4720 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/11 08:46:28.0531 4720 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/11 08:46:28.0562 4720 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/11 08:46:28.0578 4720 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/11 08:46:28.0593 4720 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/11 08:46:28.0640 4720 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/11 08:46:28.0703 4720 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/04/11 08:46:28.0718 4720 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/04/11 08:46:28.0765 4720 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/11 08:46:28.0781 4720 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/04/11 08:46:28.0796 4720 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/11 08:46:28.0812 4720 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/11 08:46:28.0843 4720 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/04/11 08:46:28.0890 4720 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/04/11 08:46:28.0906 4720 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/04/11 08:46:28.0921 4720 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/04/11 08:46:28.0953 4720 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/04/11 08:46:28.0968 4720 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/04/11 08:46:28.0984 4720 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/11 08:46:29.0000 4720 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/11 08:46:29.0031 4720 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/11 08:46:29.0062 4720 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/11 08:46:29.0078 4720 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/11 08:46:29.0093 4720 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/11 08:46:29.0140 4720 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/11 08:46:29.0171 4720 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/11 08:46:29.0234 4720 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/11 08:46:29.0296 4720 RxFilter (c9fcf83e0638bc2f21f5b6de9b22d07d) C:\WINDOWS\system32\DRIVERS\RxFilter.sys
2011/04/11 08:46:29.0359 4720 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/11 08:46:29.0390 4720 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/11 08:46:29.0437 4720 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/11 08:46:29.0484 4720 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/11 08:46:29.0562 4720 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/04/11 08:46:29.0578 4720 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/04/11 08:46:29.0609 4720 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/11 08:46:29.0656 4720 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/11 08:46:29.0687 4720 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/11 08:46:29.0734 4720 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/04/11 08:46:29.0750 4720 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/11 08:46:29.0796 4720 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/11 08:46:29.0828 4720 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/04/11 08:46:29.0828 4720 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/04/11 08:46:29.0843 4720 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/04/11 08:46:29.0859 4720 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/04/11 08:46:29.0890 4720 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/11 08:46:29.0921 4720 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/11 08:46:29.0953 4720 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/11 08:46:29.0953 4720 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/11 08:46:30.0000 4720 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/11 08:46:30.0015 4720 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/04/11 08:46:30.0062 4720 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/11 08:46:30.0078 4720 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/04/11 08:46:30.0109 4720 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/11 08:46:30.0156 4720 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/11 08:46:30.0171 4720 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/11 08:46:30.0187 4720 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/11 08:46:30.0218 4720 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/04/11 08:46:30.0265 4720 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/11 08:46:30.0328 4720 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/11 08:46:30.0375 4720 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/11 08:46:30.0390 4720 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/11 08:46:30.0406 4720 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/04/11 08:46:30.0421 4720 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/04/11 08:46:30.0437 4720 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/11 08:46:30.0515 4720 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/11 08:46:30.0578 4720 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/11 08:46:30.0687 4720 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/04/11 08:46:30.0859 4720 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/04/11 08:46:31.0000 4720 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/04/11 08:46:31.0046 4720 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/11 08:46:31.0062 4720 ================================================================================
2011/04/11 08:46:31.0062 4720 Scan finished
2011/04/11 08:46:31.0062 4720 ================================================================================
2011/04/11 08:46:31.0078 4696 Detected object count: 1
2011/04/11 08:48:31.0500 4696 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Skip
djmatteo
Active Member
 
Posts: 8
Joined: April 7th, 2011, 2:34 pm

Re: All browsers redirecting, Firefox, Chrome, I.E.

Unread postby Cypher » April 11th, 2011, 10:34 am

Hi djmatteo.
Unfortunately it appears your computer has an infected (MBR) Master Boot Record.
The (Master Boot Record) tells your computer what to do when it starts up. Without that information, the computer won't start.
We can try to replace your MBR with a standard one but it is not without risk, if something goes wrong when we try to remove the infection, it could leave you with a computer that wont start.
This only happens occasionally but it does happen, A couple of questions before we begin .
Did you install Windows yourself & if so do you have a Windows XP installation disk? Or did Windows come pre-installed on the machine? If so you would have been prompted to make a set of Recovery Disks. Do you have those?
Due to the nature of the main infection, if Windows was pre-installed you may no longer have access to the Recovery Partition.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: All browsers redirecting, Firefox, Chrome, I.E.

Unread postby djmatteo » April 11th, 2011, 3:45 pm

This computer came with Windows pre-installed. I did make a CD with my drivers and I have XP Pro SP3 disk available if I cannot access the Recovery Partition.

Also, if it is noteworthy - I was not able to access the ntbackup function. I have gone ahead and copied my files to an external drive in the event I need to use them.
djmatteo
Active Member
 
Posts: 8
Joined: April 7th, 2011, 2:34 pm

Re: All browsers redirecting, Firefox, Chrome, I.E.

Unread postby Cypher » April 12th, 2011, 5:38 am

Hi djmatteo
Ok do the following then give me an update on how your computer is performing.

Download MBRBackup to your Desktop.

  • Double-click MBRBackup.exe to launch the program.
  • Click SaveMBR (top left corner) and save the backup file to your Desktop.
  • It will have a name similar to MBR_2010-10-06.bin where the numbers correspond to the date the backup was made.
  • Exit the program.
  • I strongly suggest you keep a copy of this backup stored on an external device.

Next.

  • First go to Start > Computer > C: and delete the TDSSKiller log that was created there.
  • Next double click on TDSSKiller.exe to launch it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished Ensure Cure ( the default) is selected... then click Continue > Reboot now.
  • When finished re-booting, a log of the cleanup will be found at C:\TDSSKiller.2.4.0.0_DD.MM.YYYY_HH.MM.SS_log.txt.
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: All browsers redirecting, Firefox, Chrome, I.E.

Unread postby djmatteo » April 12th, 2011, 9:26 am

2011/04/12 08:12:01.0546 0948 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/12 08:12:01.0906 0948 ================================================================================
2011/04/12 08:12:01.0906 0948 SystemInfo:
2011/04/12 08:12:01.0906 0948
2011/04/12 08:12:01.0906 0948 OS Version: 5.1.2600 ServicePack: 3.0
2011/04/12 08:12:01.0906 0948 Product type: Workstation
2011/04/12 08:12:01.0906 0948 ComputerName: GML-1
2011/04/12 08:12:01.0906 0948 UserName: Sue
2011/04/12 08:12:01.0906 0948 Windows directory: C:\WINDOWS
2011/04/12 08:12:01.0906 0948 System windows directory: C:\WINDOWS
2011/04/12 08:12:01.0906 0948 Processor architecture: Intel x86
2011/04/12 08:12:01.0906 0948 Number of processors: 2
2011/04/12 08:12:01.0906 0948 Page size: 0x1000
2011/04/12 08:12:01.0906 0948 Boot type: Normal boot
2011/04/12 08:12:01.0906 0948 ================================================================================
2011/04/12 08:12:02.0671 0948 Initialize success
2011/04/12 08:12:06.0468 1456 ================================================================================
2011/04/12 08:12:06.0468 1456 Scan started
2011/04/12 08:12:06.0468 1456 Mode: Manual;
2011/04/12 08:12:06.0468 1456 ================================================================================
2011/04/12 08:12:08.0281 1456 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/04/12 08:12:08.0390 1456 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/12 08:12:08.0421 1456 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/12 08:12:08.0453 1456 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/04/12 08:12:08.0484 1456 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/12 08:12:08.0515 1456 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/04/12 08:12:08.0593 1456 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/04/12 08:12:08.0640 1456 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/04/12 08:12:08.0671 1456 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/04/12 08:12:08.0718 1456 ahcix86 (18876330870fe64bf38dd5e3bfac110b) C:\WINDOWS\system32\DRIVERS\ahcix86.sys
2011/04/12 08:12:08.0734 1456 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/04/12 08:12:08.0750 1456 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/04/12 08:12:08.0796 1456 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/04/12 08:12:08.0812 1456 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/04/12 08:12:08.0875 1456 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/04/12 08:12:08.0937 1456 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/04/12 08:12:08.0953 1456 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/04/12 08:12:09.0000 1456 AN983 (116bff96077a4a724e0aab800525ceb5) C:\WINDOWS\system32\DRIVERS\AN983.sys
2011/04/12 08:12:09.0015 1456 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/04/12 08:12:09.0031 1456 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/04/12 08:12:09.0046 1456 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/04/12 08:12:09.0093 1456 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/12 08:12:09.0109 1456 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/12 08:12:09.0171 1456 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/12 08:12:09.0218 1456 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/12 08:12:09.0296 1456 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys
2011/04/12 08:12:09.0328 1456 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\system32\Drivers\avgmfx86.sys
2011/04/12 08:12:09.0375 1456 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\WINDOWS\system32\Drivers\avgrkx86.sys
2011/04/12 08:12:09.0406 1456 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\system32\Drivers\avgtdix.sys
2011/04/12 08:12:09.0468 1456 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/12 08:12:09.0484 1456 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/04/12 08:12:09.0500 1456 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/12 08:12:09.0515 1456 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/04/12 08:12:09.0562 1456 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/12 08:12:09.0578 1456 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/12 08:12:09.0609 1456 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/12 08:12:09.0703 1456 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/04/12 08:12:09.0734 1456 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/04/12 08:12:09.0765 1456 CYGF32X (2ac98caaf07009fbd461208386e6e3c0) C:\WINDOWS\system32\drivers\CygF32x.sys
2011/04/12 08:12:09.0906 1456 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/04/12 08:12:09.0921 1456 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/04/12 08:12:09.0968 1456 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/12 08:12:10.0093 1456 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/12 08:12:10.0156 1456 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/12 08:12:10.0171 1456 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/12 08:12:10.0218 1456 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/12 08:12:10.0281 1456 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
2011/04/12 08:12:10.0296 1456 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
2011/04/12 08:12:10.0312 1456 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
2011/04/12 08:12:10.0359 1456 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/04/12 08:12:10.0390 1456 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/12 08:12:10.0421 1456 e1express (12774e08ae0b9b418e55e7338ad8b0dc) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2011/04/12 08:12:10.0500 1456 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/12 08:12:10.0546 1456 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/12 08:12:10.0578 1456 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/12 08:12:10.0640 1456 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/04/12 08:12:10.0656 1456 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/04/12 08:12:10.0687 1456 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/12 08:12:10.0734 1456 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/12 08:12:10.0750 1456 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/12 08:12:10.0781 1456 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/04/12 08:12:10.0828 1456 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/12 08:12:10.0859 1456 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/04/12 08:12:10.0984 1456 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/04/12 08:12:11.0015 1456 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/04/12 08:12:11.0062 1456 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/04/12 08:12:11.0093 1456 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/12 08:12:11.0140 1456 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/04/12 08:12:11.0171 1456 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/04/12 08:12:11.0234 1456 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/12 08:12:11.0296 1456 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/04/12 08:12:11.0343 1456 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/12 08:12:11.0453 1456 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/04/12 08:12:11.0609 1456 IntcAzAudAddService (3a3a539d7db808fad3b55740474a6d02) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/04/12 08:12:11.0812 1456 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/04/12 08:12:11.0843 1456 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/04/12 08:12:11.0875 1456 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/12 08:12:11.0890 1456 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/12 08:12:11.0921 1456 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/12 08:12:11.0953 1456 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/12 08:12:11.0984 1456 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/12 08:12:12.0015 1456 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/12 08:12:12.0046 1456 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/12 08:12:12.0093 1456 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/04/12 08:12:12.0125 1456 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/12 08:12:12.0171 1456 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/12 08:12:12.0218 1456 L8042Kbd (d88846f9f4f27ae9be584a6e5b6b8753) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
2011/04/12 08:12:12.0234 1456 L8042mou (bea61fda2103f6f51b14eb0872e8a050) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
2011/04/12 08:12:12.0296 1456 LMouKE (cab504e38fced9a56d87d838e9ba13e9) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
2011/04/12 08:12:12.0343 1456 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/12 08:12:12.0421 1456 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/12 08:12:12.0468 1456 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/04/12 08:12:12.0531 1456 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/12 08:12:12.0609 1456 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/12 08:12:12.0640 1456 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/12 08:12:12.0656 1456 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/04/12 08:12:12.0687 1456 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/12 08:12:12.0734 1456 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/12 08:12:12.0875 1456 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/12 08:12:12.0906 1456 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/12 08:12:12.0968 1456 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/12 08:12:12.0984 1456 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/12 08:12:13.0031 1456 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/12 08:12:13.0062 1456 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/12 08:12:13.0109 1456 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/12 08:12:13.0156 1456 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/12 08:12:13.0203 1456 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/12 08:12:13.0218 1456 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/12 08:12:13.0250 1456 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/12 08:12:13.0281 1456 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/12 08:12:13.0328 1456 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/12 08:12:13.0390 1456 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/12 08:12:13.0468 1456 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/12 08:12:13.0531 1456 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/12 08:12:13.0718 1456 nv (cb0ce8de9f66a297cd86eb98921b8e58) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/04/12 08:12:14.0031 1456 NVENETFD (45ba510db13a0496db1cd16826519e03) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/04/12 08:12:14.0062 1456 nvgts (1f790624ab1619cae0c78597bd33615b) C:\WINDOWS\system32\DRIVERS\nvgts.sys
2011/04/12 08:12:14.0093 1456 nvnetbus (57cbdb934fb1afb7e03b413d151a6152) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/04/12 08:12:14.0109 1456 nvrd32 (3802044ad8385654c620488da8c9f0d9) C:\WINDOWS\system32\DRIVERS\nvrd32.sys
2011/04/12 08:12:14.0156 1456 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/12 08:12:14.0171 1456 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/12 08:12:14.0203 1456 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/12 08:12:14.0234 1456 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/12 08:12:14.0250 1456 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/12 08:12:14.0250 1456 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/12 08:12:14.0390 1456 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/12 08:12:14.0453 1456 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/12 08:12:14.0531 1456 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/04/12 08:12:14.0546 1456 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/04/12 08:12:14.0609 1456 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/12 08:12:14.0640 1456 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/04/12 08:12:14.0671 1456 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/12 08:12:14.0687 1456 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/12 08:12:14.0734 1456 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/04/12 08:12:14.0765 1456 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/04/12 08:12:14.0843 1456 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/04/12 08:12:14.0875 1456 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/04/12 08:12:14.0890 1456 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/04/12 08:12:14.0937 1456 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/04/12 08:12:14.0968 1456 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/12 08:12:15.0031 1456 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/12 08:12:15.0078 1456 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/12 08:12:15.0109 1456 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/12 08:12:15.0140 1456 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/12 08:12:15.0156 1456 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/12 08:12:15.0171 1456 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/12 08:12:15.0218 1456 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/12 08:12:15.0265 1456 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/12 08:12:15.0375 1456 RxFilter (c9fcf83e0638bc2f21f5b6de9b22d07d) C:\WINDOWS\system32\DRIVERS\RxFilter.sys
2011/04/12 08:12:15.0484 1456 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/12 08:12:15.0546 1456 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/12 08:12:15.0593 1456 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/12 08:12:15.0625 1456 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/12 08:12:15.0703 1456 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/04/12 08:12:15.0765 1456 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/04/12 08:12:15.0796 1456 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/12 08:12:15.0875 1456 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/12 08:12:15.0921 1456 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/12 08:12:15.0968 1456 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/04/12 08:12:16.0078 1456 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/12 08:12:16.0109 1456 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/12 08:12:16.0156 1456 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/04/12 08:12:16.0171 1456 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/04/12 08:12:16.0171 1456 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/04/12 08:12:16.0187 1456 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/04/12 08:12:16.0218 1456 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/12 08:12:16.0265 1456 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/12 08:12:16.0312 1456 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/12 08:12:16.0328 1456 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/12 08:12:16.0406 1456 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/12 08:12:16.0546 1456 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/04/12 08:12:16.0593 1456 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/12 08:12:16.0640 1456 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/04/12 08:12:16.0671 1456 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/12 08:12:16.0765 1456 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/12 08:12:16.0796 1456 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/12 08:12:16.0828 1456 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/12 08:12:16.0859 1456 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/04/12 08:12:16.0921 1456 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/12 08:12:16.0984 1456 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/12 08:12:17.0046 1456 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/12 08:12:17.0078 1456 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/12 08:12:17.0125 1456 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/04/12 08:12:17.0156 1456 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/04/12 08:12:17.0171 1456 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/12 08:12:17.0265 1456 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/12 08:12:17.0343 1456 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/12 08:12:17.0515 1456 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/04/12 08:12:17.0593 1456 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/04/12 08:12:17.0609 1456 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/04/12 08:12:17.0640 1456 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/12 08:12:17.0687 1456 ================================================================================
2011/04/12 08:12:17.0687 1456 Scan finished
2011/04/12 08:12:17.0687 1456 ================================================================================
2011/04/12 08:12:17.0703 5284 Detected object count: 1
2011/04/12 08:12:51.0437 5284 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/12 08:12:51.0437 5284 \HardDisk0 - ok
2011/04/12 08:12:51.0437 5284 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/04/12 08:12:57.0546 5376 Deinitialize success
djmatteo
Active Member
 
Posts: 8
Joined: April 7th, 2011, 2:34 pm

Re: All browsers redirecting, Firefox, Chrome, I.E.

Unread postby Cypher » April 12th, 2011, 11:14 am

Hi djmatteo.
Are your searches still redirected? let me know in your next reply.
We need to do a couple of updates then i need you to run another scan for me.

Java SE Runtime Environment (JRE).

Please download from HERE
  • Find Java SE Runtime Environment (JRE) 6 Update 24.
  • Click the Download JRE button to the right.
  • Choose the correct Platform and Multi-language. Next, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
  • Click the Continue button.
  • Click on the filename under Windows Offline Installation and save it to your desktop.
  • Close all active windows.
  • Install the program.
  • Note: remember to Uncheck Free McAfee® Security Scan Plus (optional)

Next.

Update Adobe Reader

  • You should Download and Install the newest version of Adobe Reader for reading pdf files.
  • Older versions may have vulnerabilities that malware can use to infect your system.
  • Go Here to download and install Adobe Reader X (10.0.1).
  • Note: remember to Uncheck Free McAfee® Security Scan Plus (optional)

Next.

Please download ATF Cleaner to your desktop.

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Logs/Information to Post in your Next Reply

  • Are your searches still redirected?
  • ESET log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: All browsers redirecting, Firefox, Chrome, I.E.

Unread postby djmatteo » April 12th, 2011, 1:53 pm

MBR sector of the 0. physical disk Win32/Olmarik.AJL trojan Clean
MBR sector of the 0. physical disk Win32/Olmarik.AJL trojan Clean

The above threats were found on ESET scan - do I clean or no action?

Otherwise - searches seem to be directing properly at this time.
djmatteo
Active Member
 
Posts: 8
Joined: April 7th, 2011, 2:34 pm

Re: All browsers redirecting, Firefox, Chrome, I.E.

Unread postby Cypher » April 12th, 2011, 2:00 pm

Hi djmatteo.
No don't clean anything at this point.

Please download aswMBR and save it to your Desktop.

  • Double click aswMBR.exe to run it.
  • Click the Scan button.
  • After a short while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK > Exit.
  • Note: Do not attempt to fix anything at this stage!
  • Two files will be created, aswMBR.txt & a file named MBR.dat.
  • MBR.dat is a backup of the MBR(master boot record), do not delete it..
  • I strongly suggest you keep a copy of this backup stored on an external device.
  • Copy & Paste the contents of aswMBR.txt into your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: All browsers redirecting, Firefox, Chrome, I.E.

Unread postby djmatteo » April 12th, 2011, 2:14 pm

aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-04-12 13:11:29
-----------------------------
13:11:29.390 OS Version: Windows 5.1.2600 Service Pack 3
13:11:29.390 Number of processors: 2 586 0x602
13:11:29.390 ComputerName: GML-1 UserName: Sue
13:11:33.656 Initialize success
13:11:58.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-10
13:11:58.281 Disk 0 Vendor: ST3160318AS CC45 Size: 152627MB BusType: 3
13:12:00.296 Disk 0 MBR read successfully
13:12:00.296 Disk 0 MBR scan
13:12:00.296 Disk 0 TDL4@MBR code has been found
13:12:00.296 Disk 0 MBR [TDL4] **ROOTKIT**
13:12:00.296 Disk 0 scanning C:\WINDOWS\system32\drivers
13:12:05.453 Service scanning
13:12:06.390 Disk 0 trace - called modules:
13:12:06.406 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
13:12:06.421 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a19e030]
13:12:06.421 3 CLASSPNP.SYS[b80c8fd7] -> nt!IofCallDriver -> \Device\00000093[0x8a1bd338]
13:12:06.421 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-10[0x8a1b1d98]
13:12:06.421 Scan finished successfully
aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-04-12 13:13:06
-----------------------------
13:13:06.093 OS Version: Windows 5.1.2600 Service Pack 3
13:13:06.093 Number of processors: 2 586 0x602
13:13:06.093 ComputerName: GML-1 UserName: Sue
13:13:07.656 Initialize success
13:13:09.656 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-10
13:13:09.656 Disk 0 Vendor: ST3160318AS CC45 Size: 152627MB BusType: 3
13:13:11.671 Disk 0 MBR read successfully
13:13:11.671 Disk 0 MBR scan
13:13:11.671 Disk 0 TDL4@MBR code has been found
13:13:11.671 Disk 0 MBR [TDL4] **ROOTKIT**
13:13:11.671 Disk 0 scanning C:\WINDOWS\system32\drivers
13:13:15.390 Service scanning
13:13:16.218 Disk 0 trace - called modules:
13:13:16.250 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
13:13:16.250 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a19e030]
13:13:16.250 3 CLASSPNP.SYS[b80c8fd7] -> nt!IofCallDriver -> \Device\00000093[0x8a1bd338]
13:13:16.250 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-10[0x8a1b1d98]
13:13:16.250 Scan finished successfully
djmatteo
Active Member
 
Posts: 8
Joined: April 7th, 2011, 2:34 pm

Re: All browsers redirecting, Firefox, Chrome, I.E.

Unread postby Cypher » April 12th, 2011, 2:20 pm

Hi djmatteo.

Re-run aswMBR

  • Double click aswMBR.exe to run it.
  • Click the Scan button.
  • After a short while the scan will report "Scan finished successfully"
  • You should see the Fix button become active.
  • Click to fix the infection & and wait till the scanner reports "Infection fixed successfully"
  • Click Save log & save the log to your desktop
  • Click Exit then Reboot your computer.
  • After reboot, copy & Paste the contents of aswMBR.txt into your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: All browsers redirecting, Firefox, Chrome, I.E.

Unread postby djmatteo » April 12th, 2011, 2:44 pm

aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-04-12 13:32:29
-----------------------------
13:32:29.968 OS Version: Windows 5.1.2600 Service Pack 3
13:32:29.968 Number of processors: 2 586 0x602
13:32:29.968 ComputerName: GML-1 UserName: Sue
13:32:30.218 Initialize success
13:32:33.203 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-10
13:32:33.203 Disk 0 Vendor: ST3160318AS CC45 Size: 152627MB BusType: 3
13:32:35.250 Disk 0 MBR read successfully
13:32:35.250 Disk 0 MBR scan
13:32:35.250 Disk 0 TDL4@MBR code has been found
13:32:35.250 Disk 0 MBR [TDL4] **ROOTKIT**
13:32:35.250 Disk 0 scanning C:\WINDOWS\system32\drivers
13:32:39.125 Service scanning
13:32:40.125 Disk 0 trace - called modules:
13:32:40.156 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
13:32:40.156 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a19e030]
13:32:40.156 3 CLASSPNP.SYS[b80c8fd7] -> nt!IofCallDriver -> \Device\00000093[0x8a1bd338]
13:32:40.156 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-10[0x8a1b1d98]
13:32:40.156 Scan finished successfully
13:33:47.375 Disk 0 fixing MBR
13:33:57.375 Disk 0 MBR restored successfully
13:33:57.375 Disk 0 Windows 501 MBR fixed successfully


Assuming we have fixed the problem, what would you recommend I do to prevent this from happening again?
djmatteo
Active Member
 
Posts: 8
Joined: April 7th, 2011, 2:34 pm

Re: All browsers redirecting, Firefox, Chrome, I.E.

Unread postby Cypher » April 12th, 2011, 3:00 pm

Hi djmatteo.
Assuming we have fixed the problem, what would you recommend I do to prevent this from happening again?

Good it looks like we got it that time.
Unfortunately i have no way of knowing how you got infected, read my recommendations below on how to better secure your PC.
your latest set of logs appear to be clean!
If you are having no further problems you should be good to go.
This is my general post for when your logs show no more signs of malware.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Download OTC by Old Timer and save it to your Desktop. This tool will remove all the tools we used to clean your pc.

  • Double-click OTC.exe
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

You can now delete any tools we used if they remain on your Desktop.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

Now we needed to deal with security vulnerabilities
Internet Explorer: 7

This is outdated and a security risk, you need to install internet explorer 8


Here are some free programs I recommend that could help you improve your computer's security.

Install SpywareBlaster
Download and install Javacools SpywareBlaster from Here
SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly.

Install SiteAdvisor
SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from Here

Install WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE

MVPS Hosts

Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer
You can do that HERE

Read some information HERE On how to prevent Malware

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 289 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware