Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

IE 8 Redirect

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

IE 8 Redirect

Unread postby salt_diver » October 26th, 2011, 6:15 pm

Just joined the forum & would appreciate some help. I am using Windows XP Professional and IE 8. IE 8 keeps getting hijacked and redirected, most of the time, to MonsterMarketplace.com. I also get redirected to other sites as well. Also noticed Microsoft Essentials and my Bell Mobile Connect service are no longer in the startup list and must now be manually launched.

I updated Microsoft Essentials, installed SuperAnti Spyware 5.0.1134 and Malwarebytes Anti-malware 1.51.2.1300. SuperAnti Spyware detected and removed a threat: "System.BrokenFileAssociation HKCR\.exe".

The original threat has remained and I can not seem to detect nor remove it. I have pasted the DDS.txt and attach.txt logs into this posting.

Would appreciate any help I can Get.

Cheers, salt-diver

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by HPXPUser at 17:51:47 on 2011-10-26
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.291 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Nuance\PDF Create! 5\pdfcreate5hook.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Bell\Mobile Connect\BellCanadaCM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
mStart Page = about:blank
TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - c:\program files\nuance\pdf create! 5\bin\ZeonIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [PDFHook] c:\program files\nuance\pdf create! 5\pdfcreate5hook.exe
mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf create! 5\RegistryController.exe
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ncprot~1.lnk - c:\program files\sec\natural color pro\NCProTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9 ... ontrol.CAB
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net ... plugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 7737502406
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdat ... /opuc4.cab
DPF: {CA6F0A67-18BB-4E39-BB8A-A1E04D6AACDF} - hxxp://www.superadblocker.com/activex/sabminf.cab
TCP: Interfaces\{27482DA4-A89B-4962-BDB4-457482A779BF} : NameServer = 204.101.237.136 206.47.201.246
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: TPSvc - TPSvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 MpKsl3c402705;MpKsl3c402705;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d7d0e958-2ba5-4ee5-a2a0-c24c7fa58997}\MpKsl3c402705.sys [2011-10-26 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 NvtlService;NovaCore SDK Service;c:\program files\novatel wireless\novacore\server\NvtlSrvr.exe [2009-11-20 82944]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-7-15 174720]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;c:\windows\system32\drivers\szkg.sys --> c:\windows\system32\drivers\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S1 MpKsl808f9258;MpKsl808f9258;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{32ba9717-c37a-4969-934c-b87e82482042}\mpksl808f9258.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{32ba9717-c37a-4969-934c-b87e82482042}\MpKsl808f9258.sys [?]
S1 MpKsl9d39ad9d;MpKsl9d39ad9d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{415e4bef-04d1-46bb-b740-3fc9e0749942}\mpksl9d39ad9d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{415e4bef-04d1-46bb-b740-3fc9e0749942}\MpKsl9d39ad9d.sys [?]
S1 MpKslc5b7cbad;MpKslc5b7cbad;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8eafd738-9e91-45de-914d-3424cf3bbd3c}\mpkslc5b7cbad.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8eafd738-9e91-45de-914d-3424cf3bbd3c}\MpKslc5b7cbad.sys [?]
S1 SABKUTIL;SABKUTIL;\??\c:\documents and settings\hpxpuser\local settings\temporary internet files\content.ie5\hyq2b4dl\saskutil.sys --> c:\documents and settings\hpxpuser\local settings\temporary internet files\content.ie5\hyq2b4dl\SASKUTIL.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 ProfileImpSvc;Native WiFi Profile Importer;c:\program files\bell\mobile connect\ProfileImpSvc.exe [2010-5-23 169240]
S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [2010-1-14 127656]
S3 SMSIRcAppSvc;SMSI Rc App Svc;c:\program files\bell\mobile connect\RcAppSvc.exe [2010-5-23 120088]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-10-26 20:53:05 -------- d-----w- c:\program files\Trend Micro
2011-10-26 15:12:20 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d7d0e958-2ba5-4ee5-a2a0-c24c7fa58997}\MpKsl3c402705.sys
2011-10-26 15:11:55 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d7d0e958-2ba5-4ee5-a2a0-c24c7fa58997}\offreg.dll
2011-10-25 17:36:39 -------- d-----w- c:\documents and settings\hpxpuser\local settings\application data\SUPERSystemInspector
2011-10-23 23:46:26 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d7d0e958-2ba5-4ee5-a2a0-c24c7fa58997}\mpengine.dll
2011-10-23 00:39:22 -------- d-----w- c:\documents and settings\hpxpuser\application data\Malwarebytes
2011-10-23 00:37:39 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-10-23 00:37:29 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-23 00:37:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-21 02:27:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-10-20 11:59:19 -------- d--h--w- c:\windows\PIF
2011-10-20 00:28:21 -------- d-----w- c:\documents and settings\hpxpuser\application data\SUPERAntiSpyware.com
2011-10-20 00:28:21 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-10-18 02:33:46 -------- d-----w- c:\program files\common files\iS3
2011-10-18 02:33:42 -------- d-----w- c:\documents and settings\all users\application data\STOPzilla!
2011-10-02 15:32:15 -------- d-----w- c:\windows\system32\NtmsData
.
==================== Find3M ====================
.
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH: 17:53:43.20 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/7/2008 9:19:58 PM
System Uptime: 10/26/2011 11:09:44 AM (6 hours ago)
.
Motherboard: Hewlett-Packard | | 0864h
Processor: Intel(R) Pentium(R) 4 CPU 2.66GHz | XU1 PROCESSOR | 2660/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 37 GiB total, 9.237 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Serial Port
Device ID: PCI\VEN_1415&DEV_9521&SUBSYS_000113E0&REV_00\4&3A321F38&0&20F0
Manufacturer:
Name: PCI Serial Port
PNP Device ID: PCI\VEN_1415&DEV_9521&SUBSYS_000113E0&REV_00\4&3A321F38&0&20F0
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Parallel Port
Device ID: PCI\VEN_1415&DEV_9523&SUBSYS_000113E0&REV_00\4&3A321F38&0&21F0
Manufacturer:
Name: PCI Parallel Port
PNP Device ID: PCI\VEN_1415&DEV_9523&SUBSYS_000113E0&REV_00\4&3A321F38&0&21F0
Service:
.
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&369939D9&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&369939D9&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP103: 8/25/2011 5:46:24 AM - Software Distribution Service 3.0
RP104: 8/28/2011 10:23:55 PM - Software Distribution Service 3.0
RP105: 9/3/2011 11:30:14 AM - Software Distribution Service 3.0
RP106: 9/4/2011 2:40:46 PM - Software Distribution Service 3.0
RP107: 9/8/2011 11:01:34 PM - Software Distribution Service 3.0
RP108: 9/9/2011 7:34:55 AM - Software Distribution Service 3.0
RP109: 9/11/2011 6:11:07 PM - Software Distribution Service 3.0
RP110: 9/14/2011 7:51:41 AM - Software Distribution Service 3.0
RP111: 9/15/2011 10:47:44 PM - Software Distribution Service 3.0
RP112: 9/16/2011 12:18:21 PM - Software Distribution Service 3.0
RP113: 9/17/2011 6:16:27 PM - Software Distribution Service 3.0
RP114: 9/22/2011 9:07:44 PM - Software Distribution Service 3.0
RP115: 9/23/2011 5:52:05 PM - Software Distribution Service 3.0
RP116: 9/27/2011 9:34:07 AM - Software Distribution Service 3.0
RP117: 9/28/2011 8:21:22 PM - Software Distribution Service 3.0
RP118: 10/2/2011 7:32:56 PM - Software Distribution Service 3.0
RP119: 10/5/2011 12:53:31 PM - Software Distribution Service 3.0
RP120: 10/7/2011 9:40:43 AM - Software Distribution Service 3.0
RP121: 10/9/2011 9:49:40 AM - Software Distribution Service 3.0
RP122: 10/9/2011 10:12:35 AM - Installed ContentManager
RP123: 10/10/2011 7:40:13 PM - Software Distribution Service 3.0
RP124: 10/14/2011 6:16:56 PM - Software Distribution Service 3.0
RP125: 10/14/2011 8:03:22 PM - Software Distribution Service 3.0
RP126: 10/17/2011 8:44:32 AM - Software Distribution Service 3.0
RP127: 10/17/2011 10:33:02 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP128: 10/18/2011 9:29:10 PM - Software Distribution Service 3.0
RP129: 10/19/2011 6:47:22 AM - Software Distribution Service 3.0
RP130: 10/19/2011 6:54:22 AM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP131: 10/20/2011 7:47:33 AM - Software Distribution Service 3.0
RP132: 10/21/2011 3:12:31 PM - Software Distribution Service 3.0
RP133: 10/23/2011 7:46:18 PM - Software Distribution Service 3.0
RP134: 10/26/2011 11:06:58 AM - Removed Java(TM) 6 Update 18
RP135: 10/26/2011 1:19:49 PM - Software Distribution Service 3.0
RP136: 10/26/2011 2:02:24 PM - Installed Microsoft Fix it 50195
RP137: 10/26/2011 4:22:44 PM - Software Distribution Service 3.0
RP138: 10/26/2011 4:58:43 PM - Removed ContentManager
.
==== Installed Programs ======================
.
Acrobat.com
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.4
Broadcom NetXtreme Ethernet Controller
BufferChm
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_PrintOnCDConfig
cp_UpdateProjectsConfig
CueTour
Deco Planner 3
Decochek2
Destinations
DeviceManagementQFolder
DiveMaster 2.0
DocProc
DocProcQFolder
DocumentViewer
DocumentViewerQFolder
eSupportQFolder
FileOpen Client Installer
FRAMEplus
FullDPAppQFolder
HijackThis 2.0.2
Homestead SiteBuilder
HOT2000 v10.50 EGH
HOT2000 v10.51 EGH
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Document Viewer 7.0
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Scanjet G3010 7.0
HP Solution Center 7.0
HP Update
hpg3010
hpg3010QFolder
HPProductAssistant
IcoFX 1.6.4
InstallVC90Support
InstantShareDevices
Intel(R) Extreme Graphics 2 Driver
Java Auto Updater
Legacy 7.5
Logitech Desktop Messenger
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Download Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Word MUI (English) 2007
Microsoft Outlook Personal Folders Backup
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Security Client
Microsoft Security Essentials
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mobile Broadband Generic Drivers
Mobile Connect
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Natural Color Pro
Nero OEM
Nuance PDF Create! 5
OCR Software by I.R.I.S 7.0
OptionalContentQFolder
PanoStandAlone
PhotoGallery
PolyView 4.402
PowerDVD
Punch! ViaCAD 2D/3D V6
QuickBooks Pro 2009
RandMap
Samsung CLP-310 Series
Samsung Universal Print Driver
Scan
ScannerCopy
Scansoft PDF Create
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SkinsHP1
SlideShow
SlideShowMusic
SolutionCenter
Sonic_PrimoSDK
Spelling Dictionaries Support For Adobe Reader 9
SUPERAntiSpyware
SupportSoft Assisted Service
SureThing CD Labeler Deluxe 3.1
TECLOG
TECLOG2
TECTITE 3.2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Outlook 2007 Junk Email Filter (KB2596560)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
ZPDCU
.
==== Event Viewer Messages From Past Week ========
.
10/26/2011 8:13:02 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.391.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
10/26/2011 8:02:02 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the TCP/IP NetBIOS Helper service to connect.
10/26/2011 8:02:02 AM, error: Service Control Manager [7000] - The TCP/IP NetBIOS Helper service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/26/2011 11:22:53 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.391.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
10/25/2011 9:08:50 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.391.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
10/25/2011 1:36:39 PM, error: Service Control Manager [7000] - The SABKUTIL service failed to start due to the following error: The system cannot find the file specified.
10/23/2011 7:17:00 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.281.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
10/23/2011 6:44:13 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.281.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
10/22/2011 6:36:14 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.281.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
10/21/2011 9:30:47 AM, error: Service Control Manager [7000] - The SABProcEnum service failed to start due to the following error: The system cannot find the file specified.
10/20/2011 8:37:41 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: szkg5 szkgfs
10/20/2011 8:37:06 PM, error: Service Control Manager [7000] - The SSPORT service failed to start due to the following error: The system cannot find the file specified.
10/20/2011 8:37:06 PM, error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the file specified.
10/19/2011 6:52:40 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the szserver service.
.
==== End Of File ===========================
salt_diver
Active Member
 
Posts: 8
Joined: October 26th, 2011, 5:33 pm
Advertisement
Register to Remove

Re: IE 8 Redirect

Unread postby diver79 » October 27th, 2011, 8:14 pm

Hi and welcome to MalwareRemoval.com, sorry for any delay in answering your request for help, the forum is really busy.
My name is Diver79, and I will be helping you with your malware problems. I am currently in training at the Malware University. All of my instructions need to be checked and approved by a teacher, which may lead to a slight delay.

Before we start please note the following important guidelines.
  • The instructions given are for THIS computer only! Using these instructions on a different computer, can make it inoperable!
  • Please DO NOT run any other software or scans whilst I am helping you.

Note: If you haven't done so already, please ensure you have read the following article. ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
diver79 wrote:Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.
How do I backup my files and folders in XP?
How to backup your data - Vista/Win7

Looking into your logs now. Will post instructions soon...

diver79.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: IE 8 Redirect

Unread postby diver79 » October 30th, 2011, 10:17 am

Hi salt_diver,

Please accept my apologies for the late reply.

Before we proceed can you please let me know if this computer is used for business purposes so I can provide the appropriate support.

Thanks,

diver79.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: IE 8 Redirect

Unread postby salt_diver » October 30th, 2011, 11:04 pm

Hi Diver79,
Thanks for taking the time to help me with this problem.
This computer is for personal use.

Thanks, John
salt_diver
Active Member
 
Posts: 8
Joined: October 26th, 2011, 5:33 pm

Re: IE 8 Redirect

Unread postby diver79 » October 31st, 2011, 1:09 pm

Hi John,

Lets see if TDSSKiller finds anything. Just run the scan for now, I want to see what it finds before attempting to remove anything.

TDSSKiller

Please download TDSSKiller.exe and save it to your Desktop.
  • Double click on TDSSKiller.exe to launch it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: IE 8 Redirect

Unread postby salt_diver » October 31st, 2011, 1:34 pm

Hello Diver79,
It looks like TDSSKiler.exe found one infection. I made no changes.
Here is the log:

13:26:26.0429 4056 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
13:26:26.0476 4056 ============================================================
13:26:26.0476 4056 Current date / time: 2011/10/31 13:26:26.0476
13:26:26.0476 4056 SystemInfo:
13:26:26.0476 4056
13:26:26.0476 4056 OS Version: 5.1.2600 ServicePack: 3.0
13:26:26.0476 4056 Product type: Workstation
13:26:26.0476 4056 ComputerName: HPXPUSER-7128A8
13:26:26.0476 4056 UserName: HPXPUser
13:26:26.0476 4056 Windows directory: C:\WINDOWS
13:26:26.0476 4056 System windows directory: C:\WINDOWS
13:26:26.0492 4056 Processor architecture: Intel x86
13:26:26.0492 4056 Number of processors: 1
13:26:26.0492 4056 Page size: 0x1000
13:26:26.0492 4056 Boot type: Normal boot
13:26:26.0492 4056 ============================================================
13:26:30.0210 4056 Initialize success
13:26:39.0304 0892 ============================================================
13:26:39.0304 0892 Scan started
13:26:39.0304 0892 Mode: Manual;
13:26:39.0304 0892 ============================================================
13:26:41.0554 0892 Abiosdsk - ok
13:26:41.0632 0892 abp480n5 - ok
13:26:41.0742 0892 ACPI (d8fb7d1c3f5bfa3f53fe9cc6367e9e99) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:26:41.0742 0892 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: d8fb7d1c3f5bfa3f53fe9cc6367e9e99, Fake md5: 8fd99680a539792a30e97944fdaecf17
13:26:41.0757 0892 ACPI ( Virus.Win32.Rloader.a ) - infected
13:26:41.0757 0892 ACPI - detected Virus.Win32.Rloader.a (0)
13:26:41.0882 0892 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:26:41.0882 0892 ACPIEC - ok
13:26:41.0976 0892 adpu160m - ok
13:26:42.0085 0892 aeaudio (e696e749bedcda8b23757b8b5ea93780) C:\WINDOWS\system32\drivers\aeaudio.sys
13:26:42.0085 0892 aeaudio - ok
13:26:42.0257 0892 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:26:42.0273 0892 aec - ok
13:26:42.0413 0892 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:26:42.0429 0892 AFD - ok
13:26:42.0632 0892 Aha154x - ok
13:26:42.0710 0892 aic78u2 - ok
13:26:42.0788 0892 aic78xx - ok
13:26:42.0913 0892 AliIde - ok
13:26:43.0007 0892 amsint - ok
13:26:43.0226 0892 asc - ok
13:26:43.0413 0892 asc3350p - ok
13:26:43.0460 0892 asc3550 - ok
13:26:43.0601 0892 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:26:43.0601 0892 AsyncMac - ok
13:26:43.0710 0892 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:26:43.0710 0892 atapi - ok
13:26:43.0835 0892 Atdisk - ok
13:26:43.0976 0892 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:26:43.0976 0892 Atmarpc - ok
13:26:44.0101 0892 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:26:44.0101 0892 audstub - ok
13:26:44.0195 0892 b57w2k (a9d0f6efc61d1ff69b55c495f85dd868) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
13:26:44.0210 0892 b57w2k - ok
13:26:44.0367 0892 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:26:44.0367 0892 Beep - ok
13:26:44.0507 0892 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:26:44.0523 0892 cbidf2k - ok
13:26:44.0632 0892 cd20xrnt - ok
13:26:44.0710 0892 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:26:44.0726 0892 Cdaudio - ok
13:26:44.0835 0892 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:26:44.0835 0892 Cdfs - ok
13:26:44.0960 0892 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:26:44.0960 0892 Cdrom - ok
13:26:45.0038 0892 Changer - ok
13:26:45.0179 0892 CmdIde - ok
13:26:45.0288 0892 Cpqarray - ok
13:26:45.0382 0892 dac2w2k - ok
13:26:45.0413 0892 dac960nt - ok
13:26:45.0538 0892 DgiVecp - ok
13:26:45.0648 0892 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:26:45.0648 0892 Disk - ok
13:26:45.0804 0892 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:26:45.0851 0892 dmboot - ok
13:26:45.0976 0892 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:26:45.0976 0892 dmio - ok
13:26:46.0101 0892 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:26:46.0101 0892 dmload - ok
13:26:46.0210 0892 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:26:46.0226 0892 DMusic - ok
13:26:46.0335 0892 dpti2o - ok
13:26:46.0413 0892 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:26:46.0413 0892 drmkaud - ok
13:26:46.0617 0892 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:26:46.0632 0892 Fastfat - ok
13:26:46.0726 0892 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
13:26:46.0726 0892 Fdc - ok
13:26:46.0835 0892 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:26:46.0835 0892 Fips - ok
13:26:46.0929 0892 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
13:26:46.0929 0892 Flpydisk - ok
13:26:47.0070 0892 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:26:47.0085 0892 FltMgr - ok
13:26:47.0179 0892 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:26:47.0195 0892 Fs_Rec - ok
13:26:47.0304 0892 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:26:47.0304 0892 Ftdisk - ok
13:26:47.0413 0892 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:26:47.0429 0892 Gpc - ok
13:26:47.0554 0892 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:26:47.0570 0892 hidusb - ok
13:26:47.0663 0892 hpn - ok
13:26:47.0788 0892 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:26:47.0804 0892 HTTP - ok
13:26:47.0913 0892 i2omgmt - ok
13:26:47.0976 0892 i2omp - ok
13:26:48.0101 0892 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:26:48.0101 0892 i8042prt - ok
13:26:48.0304 0892 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
13:26:48.0429 0892 ialm - ok
13:26:48.0554 0892 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:26:48.0570 0892 Imapi - ok
13:26:48.0663 0892 ini910u - ok
13:26:48.0757 0892 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:26:48.0773 0892 IntelIde - ok
13:26:48.0882 0892 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:26:48.0898 0892 intelppm - ok
13:26:49.0007 0892 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:26:49.0023 0892 Ip6Fw - ok
13:26:49.0132 0892 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:26:49.0148 0892 IpFilterDriver - ok
13:26:49.0273 0892 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:26:49.0273 0892 IpInIp - ok
13:26:49.0476 0892 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:26:49.0476 0892 IpNat - ok
13:26:49.0585 0892 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:26:49.0585 0892 IPSec - ok
13:26:49.0710 0892 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:26:49.0710 0892 IRENUM - ok
13:26:49.0804 0892 is3srv - ok
13:26:49.0945 0892 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:26:49.0945 0892 isapnp - ok
13:26:50.0054 0892 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:26:50.0054 0892 Kbdclass - ok
13:26:50.0210 0892 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:26:50.0210 0892 kbdhid - ok
13:26:50.0351 0892 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:26:50.0351 0892 kmixer - ok
13:26:50.0460 0892 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:26:50.0476 0892 KSecDD - ok
13:26:50.0585 0892 lbrtfdc - ok
13:26:50.0695 0892 LCcfltr (fb5e7a5c86c0b58aa155487b141b8457) C:\WINDOWS\system32\Drivers\LCcFltr.Sys
13:26:50.0695 0892 LCcfltr - ok
13:26:50.0851 0892 MagicTune (7acae9601b3eb413f8bf5c90a77a6848) C:\WINDOWS\system32\drivers\MTiCtwl.sys
13:26:50.0851 0892 MagicTune - ok
13:26:50.0960 0892 massfilter - ok
13:26:51.0070 0892 MBAMSwissArmy - ok
13:26:51.0163 0892 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:26:51.0163 0892 mnmdd - ok
13:26:51.0288 0892 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:26:51.0288 0892 Modem - ok
13:26:51.0413 0892 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:26:51.0429 0892 Mouclass - ok
13:26:51.0554 0892 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:26:51.0554 0892 mouhid - ok
13:26:51.0648 0892 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:26:51.0648 0892 MountMgr - ok
13:26:51.0788 0892 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
13:26:51.0804 0892 MpFilter - ok
13:26:51.0945 0892 MpKsl33b6ccd1 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F3F7132D-B518-489D-9011-BB4526010A75}\MpKsl33b6ccd1.sys
13:26:51.0945 0892 MpKsl33b6ccd1 - ok
13:26:52.0023 0892 MpKsl808f9258 - ok
13:26:52.0054 0892 MpKsl9d39ad9d - ok
13:26:52.0085 0892 MpKslc5b7cbad - ok
13:26:52.0195 0892 mraid35x - ok
13:26:52.0288 0892 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:26:52.0304 0892 MRxDAV - ok
13:26:52.0445 0892 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:26:52.0476 0892 MRxSmb - ok
13:26:52.0617 0892 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:26:52.0617 0892 Msfs - ok
13:26:52.0742 0892 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:26:52.0742 0892 MSKSSRV - ok
13:26:52.0898 0892 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:26:52.0913 0892 MSPCLOCK - ok
13:26:53.0023 0892 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:26:53.0038 0892 MSPQM - ok
13:26:53.0304 0892 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:26:53.0320 0892 mssmbios - ok
13:26:53.0445 0892 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:26:53.0460 0892 Mup - ok
13:26:53.0632 0892 NCPro (7acae9601b3eb413f8bf5c90a77a6848) C:\WINDOWS\system32\drivers\MTictwl.sys
13:26:53.0632 0892 NCPro - ok
13:26:53.0742 0892 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:26:53.0757 0892 NDIS - ok
13:26:53.0851 0892 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:26:53.0851 0892 NdisTapi - ok
13:26:53.0976 0892 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:26:53.0992 0892 Ndisuio - ok
13:26:54.0242 0892 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:26:54.0257 0892 NdisWan - ok
13:26:54.0367 0892 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:26:54.0367 0892 NDProxy - ok
13:26:54.0460 0892 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:26:54.0460 0892 NetBIOS - ok
13:26:54.0601 0892 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:26:54.0617 0892 NetBT - ok
13:26:54.0788 0892 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:26:54.0788 0892 Npfs - ok
13:26:54.0945 0892 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:26:54.0992 0892 Ntfs - ok
13:26:55.0195 0892 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:26:55.0195 0892 Null - ok
13:26:55.0351 0892 NWADI (8261ca50939f83b87c0e474c51c8ef67) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
13:26:55.0367 0892 NWADI - ok
13:26:55.0460 0892 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:26:55.0460 0892 NwlnkFlt - ok
13:26:55.0585 0892 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:26:55.0585 0892 NwlnkFwd - ok
13:26:55.0742 0892 NWUSBModem (b7112f30d7eff4b5052eba879f46228f) C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys
13:26:55.0742 0892 NWUSBModem - ok
13:26:55.0867 0892 NWUSBPort (b7112f30d7eff4b5052eba879f46228f) C:\WINDOWS\system32\DRIVERS\nwusbser.sys
13:26:55.0882 0892 NWUSBPort - ok
13:26:55.0976 0892 NWUSBPort2 (b7112f30d7eff4b5052eba879f46228f) C:\WINDOWS\system32\DRIVERS\nwusbser2.sys
13:26:55.0992 0892 NWUSBPort2 - ok
13:26:56.0148 0892 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
13:26:56.0148 0892 Parport - ok
13:26:56.0288 0892 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:26:56.0288 0892 PartMgr - ok
13:26:56.0398 0892 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:26:56.0413 0892 ParVdm - ok
13:26:56.0507 0892 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys
13:26:56.0507 0892 PCASp50 - ok
13:26:56.0648 0892 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:26:56.0679 0892 PCI - ok
13:26:56.0757 0892 PCIDump - ok
13:26:56.0867 0892 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:26:56.0882 0892 PCIIde - ok
13:26:57.0007 0892 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:26:57.0023 0892 Pcmcia - ok
13:26:57.0148 0892 PCTINDIS5 (1e715247efffdda938c085913045d599) C:\WINDOWS\system32\PCTINDIS5.SYS
13:26:57.0163 0892 PCTINDIS5 - ok
13:26:57.0242 0892 PDCOMP - ok
13:26:57.0304 0892 PDFRAME - ok
13:26:57.0382 0892 PDRELI - ok
13:26:57.0476 0892 PDRFRAME - ok
13:26:57.0554 0892 perc2 - ok
13:26:57.0632 0892 perc2hib - ok
13:26:57.0835 0892 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:26:57.0851 0892 PptpMiniport - ok
13:26:57.0976 0892 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:26:57.0976 0892 PSched - ok
13:26:58.0085 0892 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:26:58.0085 0892 Ptilink - ok
13:26:58.0210 0892 PxHelp20 (0457e25bb122b854e267cf552dcdc370) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:26:58.0210 0892 PxHelp20 - ok
13:26:58.0335 0892 ql1080 - ok
13:26:58.0413 0892 Ql10wnt - ok
13:26:58.0492 0892 ql12160 - ok
13:26:58.0570 0892 ql1240 - ok
13:26:58.0632 0892 ql1280 - ok
13:26:58.0742 0892 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:26:58.0742 0892 RasAcd - ok
13:26:58.0882 0892 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:26:58.0898 0892 Rasl2tp - ok
13:26:59.0023 0892 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:26:59.0023 0892 RasPppoe - ok
13:26:59.0148 0892 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:26:59.0148 0892 Raspti - ok
13:26:59.0304 0892 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:26:59.0320 0892 Rdbss - ok
13:26:59.0445 0892 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:26:59.0445 0892 RDPCDD - ok
13:26:59.0601 0892 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:26:59.0601 0892 rdpdr - ok
13:26:59.0742 0892 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
13:26:59.0742 0892 RDPWD - ok
13:26:59.0867 0892 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:26:59.0882 0892 redbook - ok
13:27:00.0101 0892 SABKUTIL - ok
13:27:00.0163 0892 SABProcEnum - ok
13:27:00.0257 0892 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:27:00.0257 0892 SASDIFSV - ok
13:27:00.0304 0892 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:27:00.0304 0892 SASKUTIL - ok
13:27:00.0476 0892 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:27:00.0476 0892 Secdrv - ok
13:27:00.0617 0892 Ser2pl (e42f03d1081c4f60d3db6c38235b1456) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
13:27:00.0617 0892 Ser2pl - ok
13:27:00.0726 0892 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:27:00.0726 0892 Serenum - ok
13:27:00.0835 0892 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
13:27:00.0835 0892 Serial - ok
13:27:01.0054 0892 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:27:01.0054 0892 Sfloppy - ok
13:27:01.0163 0892 Simbad - ok
13:27:01.0335 0892 smwdm (fa3368a7039f5abaa4b933703ac34763) C:\WINDOWS\system32\drivers\smwdm.sys
13:27:01.0460 0892 smwdm - ok
13:27:01.0538 0892 Sparrow - ok
13:27:01.0617 0892 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:27:01.0617 0892 splitter - ok
13:27:01.0757 0892 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:27:01.0773 0892 sr - ok
13:27:01.0913 0892 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:27:01.0960 0892 Srv - ok
13:27:02.0038 0892 SSPORT - ok
13:27:02.0195 0892 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:27:02.0195 0892 swenum - ok
13:27:02.0335 0892 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:27:02.0335 0892 swmidi - ok
13:27:02.0429 0892 swmsflt (e6c797b33a454840245c0c96e7f08b0a) C:\WINDOWS\System32\drivers\swmsflt.sys
13:27:02.0445 0892 swmsflt - ok
13:27:02.0585 0892 symc810 - ok
13:27:02.0663 0892 symc8xx - ok
13:27:02.0726 0892 sym_hi - ok
13:27:02.0820 0892 sym_u3 - ok
13:27:02.0913 0892 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:27:02.0913 0892 sysaudio - ok
13:27:03.0023 0892 szkg5 - ok
13:27:03.0085 0892 szkgfs - ok
13:27:03.0257 0892 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:27:03.0273 0892 Tcpip - ok
13:27:03.0367 0892 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:27:03.0367 0892 TDPIPE - ok
13:27:03.0492 0892 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:27:03.0507 0892 TDTCP - ok
13:27:03.0617 0892 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:27:03.0632 0892 TermDD - ok
13:27:03.0757 0892 TosIde - ok
13:27:03.0851 0892 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:27:03.0867 0892 Udfs - ok
13:27:03.0960 0892 ultra - ok
13:27:04.0101 0892 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:27:04.0132 0892 Update - ok
13:27:04.0273 0892 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:27:04.0288 0892 usbccgp - ok
13:27:04.0398 0892 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:27:04.0398 0892 usbehci - ok
13:27:04.0507 0892 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:27:04.0523 0892 usbhub - ok
13:27:04.0617 0892 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:27:04.0617 0892 usbprint - ok
13:27:04.0726 0892 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:27:04.0742 0892 usbscan - ok
13:27:04.0867 0892 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:27:04.0867 0892 USBSTOR - ok
13:27:04.0992 0892 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:27:04.0992 0892 usbuhci - ok
13:27:05.0070 0892 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:27:05.0070 0892 VgaSave - ok
13:27:05.0132 0892 ViaIde - ok
13:27:05.0226 0892 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:27:05.0226 0892 VolSnap - ok
13:27:05.0367 0892 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:27:05.0367 0892 Wanarp - ok
13:27:05.0460 0892 wceusbsh (dc7f91b2ed24a738c807ea07f298928c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
13:27:05.0476 0892 wceusbsh - ok
13:27:05.0570 0892 WDICA - ok
13:27:05.0663 0892 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:27:05.0663 0892 wdmaud - ok
13:27:06.0070 0892 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:27:06.0070 0892 WudfPf - ok
13:27:06.0210 0892 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:27:06.0210 0892 WudfRd - ok
13:27:06.0351 0892 ZTEusbmdm6k - ok
13:27:06.0413 0892 ZTEusbnmea - ok
13:27:06.0492 0892 ZTEusbser6k - ok
13:27:06.0554 0892 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:27:06.0710 0892 \Device\Harddisk0\DR0 - ok
13:27:06.0742 0892 Boot (0x1200) (4dff4c4a8deaecee334c6426db1cf694) \Device\Harddisk0\DR0\Partition0
13:27:06.0742 0892 \Device\Harddisk0\DR0\Partition0 - ok
13:27:06.0742 0892 ============================================================
13:27:06.0742 0892 Scan finished
13:27:06.0757 0892 ============================================================
13:27:06.0820 0960 Detected object count: 1
13:27:06.0820 0960 Actual detected object count: 1
13:27:53.0492 0960 ACPI ( Virus.Win32.Rloader.a ) - skipped by user
13:27:53.0492 0960 ACPI ( Virus.Win32.Rloader.a ) - User select action: Skip

Cheers, salt_Diver
salt_diver
Active Member
 
Posts: 8
Joined: October 26th, 2011, 5:33 pm

Re: IE 8 Redirect

Unread postby diver79 » November 1st, 2011, 10:45 am

Hi John,

Create a New System Restore Point.
  • Click Start,
  • Select All Programs, Accessories, System Tools... press System Restore.
  • At the Welcome screen...select Create a restore point...then press Next.
  • In the description box, type a name to describe this restore point.
    • System Restore automatically adds (to your description) the current date and time.
  • Click Create...to finish creating this restore point.
  • Click Close to exit System Restore.

If you have successfully created a System Restore Point...we can proceed.
STOP! If you have NOT successfully created a System Restore Point... STOP! do not go any further!
Please post back so we can determine why it was unsuccessful.



TDSSKiller
  • Important!: Run this fix once and once only.
  • Double click on TDSSKiller.exe to launch it.
  • Click on Start Scan, the scan will run.
  • A box will appear saying System scan completed.
  • If any Malicious objects are found, click the default action Cure > Continue > Reboot now.
  • If any suspicious objects are detected the default action will be Skip, ensure Skip is selected then click Continue.
  • A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010.
  • To find the log click Start > Computer > C:.
  • Please post the contents of that log in your next reply.

Let me know how the computer is behaing after you have run the ifx.

Thanks,

diver79
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: IE 8 Redirect

Unread postby salt_diver » November 1st, 2011, 9:59 pm

Hi Diver79,
Created system restore point with no difficulties.
Ran TDSSKiller.exe and 'cured' threat as per your instructions.
Re-booted computer and tried IE 8.

No more re-directs or hijacks :) !!!!!!!!
I realize there may be more work to do, but things are looking really great, so far.
Here is the Log:

21:38:23.0359 1356 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
21:38:23.0437 1356 ============================================================
21:38:23.0437 1356 Current date / time: 2011/11/01 21:38:23.0437
21:38:23.0437 1356 SystemInfo:
21:38:23.0437 1356
21:38:23.0437 1356 OS Version: 5.1.2600 ServicePack: 3.0
21:38:23.0437 1356 Product type: Workstation
21:38:23.0437 1356 ComputerName: HPXPUSER-7128A8
21:38:23.0437 1356 UserName: HPXPUser
21:38:23.0437 1356 Windows directory: C:\WINDOWS
21:38:23.0437 1356 System windows directory: C:\WINDOWS
21:38:23.0437 1356 Processor architecture: Intel x86
21:38:23.0437 1356 Number of processors: 1
21:38:23.0437 1356 Page size: 0x1000
21:38:23.0437 1356 Boot type: Normal boot
21:38:23.0437 1356 ============================================================
21:38:26.0437 1356 Initialize success
21:38:38.0890 3288 ============================================================
21:38:38.0890 3288 Scan started
21:38:38.0890 3288 Mode: Manual;
21:38:38.0890 3288 ============================================================
21:38:39.0281 3288 Abiosdsk - ok
21:38:39.0375 3288 abp480n5 - ok
21:38:39.0500 3288 ACPI (d8fb7d1c3f5bfa3f53fe9cc6367e9e99) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:38:39.0500 3288 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: d8fb7d1c3f5bfa3f53fe9cc6367e9e99, Fake md5: 8fd99680a539792a30e97944fdaecf17
21:38:39.0515 3288 ACPI ( Virus.Win32.Rloader.a ) - infected
21:38:39.0515 3288 ACPI - detected Virus.Win32.Rloader.a (0)
21:38:39.0656 3288 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:38:39.0656 3288 ACPIEC - ok
21:38:39.0828 3288 adpu160m - ok
21:38:39.0984 3288 aeaudio (e696e749bedcda8b23757b8b5ea93780) C:\WINDOWS\system32\drivers\aeaudio.sys
21:38:40.0000 3288 aeaudio - ok
21:38:40.0125 3288 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:38:40.0140 3288 aec - ok
21:38:40.0312 3288 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:38:40.0312 3288 AFD - ok
21:38:40.0437 3288 Aha154x - ok
21:38:40.0531 3288 aic78u2 - ok
21:38:40.0640 3288 aic78xx - ok
21:38:40.0750 3288 AliIde - ok
21:38:40.0828 3288 amsint - ok
21:38:40.0968 3288 asc - ok
21:38:41.0062 3288 asc3350p - ok
21:38:41.0156 3288 asc3550 - ok
21:38:41.0390 3288 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:38:41.0390 3288 AsyncMac - ok
21:38:41.0500 3288 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:38:41.0515 3288 atapi - ok
21:38:41.0640 3288 Atdisk - ok
21:38:41.0812 3288 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:38:41.0812 3288 Atmarpc - ok
21:38:41.0968 3288 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:38:41.0968 3288 audstub - ok
21:38:42.0125 3288 b57w2k (a9d0f6efc61d1ff69b55c495f85dd868) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
21:38:42.0140 3288 b57w2k - ok
21:38:42.0328 3288 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:38:42.0328 3288 Beep - ok
21:38:42.0546 3288 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:38:42.0546 3288 cbidf2k - ok
21:38:42.0656 3288 cd20xrnt - ok
21:38:42.0750 3288 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:38:42.0750 3288 Cdaudio - ok
21:38:42.0921 3288 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:38:42.0921 3288 Cdfs - ok
21:38:43.0093 3288 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:38:43.0093 3288 Cdrom - ok
21:38:43.0203 3288 Changer - ok
21:38:43.0390 3288 CmdIde - ok
21:38:43.0531 3288 Cpqarray - ok
21:38:43.0656 3288 dac2w2k - ok
21:38:43.0796 3288 dac960nt - ok
21:38:43.0890 3288 DgiVecp - ok
21:38:44.0046 3288 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:38:44.0046 3288 Disk - ok
21:38:44.0234 3288 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:38:44.0296 3288 dmboot - ok
21:38:44.0484 3288 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:38:44.0484 3288 dmio - ok
21:38:44.0625 3288 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:38:44.0625 3288 dmload - ok
21:38:44.0750 3288 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:38:44.0781 3288 DMusic - ok
21:38:44.0890 3288 dpti2o - ok
21:38:45.0031 3288 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:38:45.0031 3288 drmkaud - ok
21:38:45.0265 3288 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:38:45.0281 3288 Fastfat - ok
21:38:45.0437 3288 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
21:38:45.0437 3288 Fdc - ok
21:38:45.0562 3288 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:38:45.0562 3288 Fips - ok
21:38:45.0718 3288 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:38:45.0718 3288 Flpydisk - ok
21:38:45.0859 3288 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:38:45.0859 3288 FltMgr - ok
21:38:46.0031 3288 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:38:46.0046 3288 Fs_Rec - ok
21:38:46.0203 3288 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:38:46.0203 3288 Ftdisk - ok
21:38:46.0343 3288 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:38:46.0359 3288 Gpc - ok
21:38:46.0546 3288 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:38:46.0562 3288 hidusb - ok
21:38:46.0687 3288 hpn - ok
21:38:46.0875 3288 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:38:46.0906 3288 HTTP - ok
21:38:47.0062 3288 i2omgmt - ok
21:38:47.0187 3288 i2omp - ok
21:38:47.0328 3288 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:38:47.0343 3288 i8042prt - ok
21:38:47.0609 3288 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
21:38:47.0734 3288 ialm - ok
21:38:47.0906 3288 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:38:47.0906 3288 Imapi - ok
21:38:48.0093 3288 ini910u - ok
21:38:48.0265 3288 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:38:48.0265 3288 IntelIde - ok
21:38:48.0390 3288 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:38:48.0406 3288 intelppm - ok
21:38:48.0515 3288 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:38:48.0515 3288 Ip6Fw - ok
21:38:48.0671 3288 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:38:48.0671 3288 IpFilterDriver - ok
21:38:48.0875 3288 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:38:48.0875 3288 IpInIp - ok
21:38:49.0000 3288 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:38:49.0015 3288 IpNat - ok
21:38:49.0125 3288 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:38:49.0125 3288 IPSec - ok
21:38:49.0250 3288 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:38:49.0265 3288 IRENUM - ok
21:38:49.0421 3288 is3srv - ok
21:38:49.0578 3288 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:38:49.0593 3288 isapnp - ok
21:38:49.0765 3288 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:38:49.0765 3288 Kbdclass - ok
21:38:49.0906 3288 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:38:49.0906 3288 kbdhid - ok
21:38:50.0031 3288 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:38:50.0031 3288 kmixer - ok
21:38:50.0187 3288 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:38:50.0187 3288 KSecDD - ok
21:38:50.0390 3288 lbrtfdc - ok
21:38:50.0531 3288 LCcfltr (fb5e7a5c86c0b58aa155487b141b8457) C:\WINDOWS\system32\Drivers\LCcFltr.Sys
21:38:50.0531 3288 LCcfltr - ok
21:38:50.0734 3288 MagicTune (7acae9601b3eb413f8bf5c90a77a6848) C:\WINDOWS\system32\drivers\MTiCtwl.sys
21:38:50.0734 3288 MagicTune - ok
21:38:50.0843 3288 massfilter - ok
21:38:50.0937 3288 MBAMSwissArmy - ok
21:38:51.0078 3288 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:38:51.0078 3288 mnmdd - ok
21:38:51.0281 3288 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:38:51.0281 3288 Modem - ok
21:38:51.0421 3288 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:38:51.0421 3288 Mouclass - ok
21:38:51.0562 3288 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:38:51.0562 3288 mouhid - ok
21:38:51.0687 3288 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:38:51.0687 3288 MountMgr - ok
21:38:51.0828 3288 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
21:38:51.0828 3288 MpFilter - ok
21:38:51.0906 3288 MpKsl808f9258 - ok
21:38:52.0000 3288 MpKsl94771b22 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F3F7132D-B518-489D-9011-BB4526010A75}\MpKsl94771b22.sys
21:38:52.0000 3288 MpKsl94771b22 - ok
21:38:52.0062 3288 MpKsl9d39ad9d - ok
21:38:52.0109 3288 MpKslc5b7cbad - ok
21:38:52.0218 3288 mraid35x - ok
21:38:52.0328 3288 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:38:52.0328 3288 MRxDAV - ok
21:38:52.0484 3288 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:38:52.0515 3288 MRxSmb - ok
21:38:52.0718 3288 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:38:52.0734 3288 Msfs - ok
21:38:52.0875 3288 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:38:52.0875 3288 MSKSSRV - ok
21:38:53.0062 3288 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:38:53.0062 3288 MSPCLOCK - ok
21:38:53.0234 3288 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:38:53.0234 3288 MSPQM - ok
21:38:53.0390 3288 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:38:53.0390 3288 mssmbios - ok
21:38:53.0562 3288 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:38:53.0562 3288 Mup - ok
21:38:53.0718 3288 NCPro (7acae9601b3eb413f8bf5c90a77a6848) C:\WINDOWS\system32\drivers\MTictwl.sys
21:38:53.0718 3288 NCPro - ok
21:38:53.0859 3288 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:38:53.0875 3288 NDIS - ok
21:38:53.0984 3288 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:38:54.0000 3288 NdisTapi - ok
21:38:54.0125 3288 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:38:54.0125 3288 Ndisuio - ok
21:38:54.0312 3288 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:38:54.0312 3288 NdisWan - ok
21:38:54.0437 3288 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:38:54.0437 3288 NDProxy - ok
21:38:54.0578 3288 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:38:54.0578 3288 NetBIOS - ok
21:38:54.0656 3288 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:38:54.0671 3288 NetBT - ok
21:38:54.0890 3288 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:38:54.0906 3288 Npfs - ok
21:38:55.0062 3288 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:38:55.0109 3288 Ntfs - ok
21:38:55.0312 3288 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:38:55.0312 3288 Null - ok
21:38:55.0468 3288 NWADI (8261ca50939f83b87c0e474c51c8ef67) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
21:38:55.0484 3288 NWADI - ok
21:38:55.0609 3288 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:38:55.0609 3288 NwlnkFlt - ok
21:38:55.0781 3288 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:38:55.0781 3288 NwlnkFwd - ok
21:38:55.0953 3288 NWUSBModem (b7112f30d7eff4b5052eba879f46228f) C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys
21:38:55.0953 3288 NWUSBModem - ok
21:38:56.0125 3288 NWUSBPort (b7112f30d7eff4b5052eba879f46228f) C:\WINDOWS\system32\DRIVERS\nwusbser.sys
21:38:56.0140 3288 NWUSBPort - ok
21:38:56.0296 3288 NWUSBPort2 (b7112f30d7eff4b5052eba879f46228f) C:\WINDOWS\system32\DRIVERS\nwusbser2.sys
21:38:56.0312 3288 NWUSBPort2 - ok
21:38:56.0500 3288 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
21:38:56.0500 3288 Parport - ok
21:38:56.0656 3288 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:38:56.0656 3288 PartMgr - ok
21:38:56.0781 3288 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:38:56.0781 3288 ParVdm - ok
21:38:56.0953 3288 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys
21:38:56.0953 3288 PCASp50 - ok
21:38:57.0125 3288 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:38:57.0125 3288 PCI - ok
21:38:57.0250 3288 PCIDump - ok
21:38:57.0406 3288 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:38:57.0406 3288 PCIIde - ok
21:38:57.0515 3288 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:38:57.0515 3288 Pcmcia - ok
21:38:57.0656 3288 PCTINDIS5 (1e715247efffdda938c085913045d599) C:\WINDOWS\system32\PCTINDIS5.SYS
21:38:57.0687 3288 PCTINDIS5 - ok
21:38:57.0812 3288 PDCOMP - ok
21:38:57.0890 3288 PDFRAME - ok
21:38:58.0062 3288 PDRELI - ok
21:38:58.0109 3288 PDRFRAME - ok
21:38:58.0218 3288 perc2 - ok
21:38:58.0312 3288 perc2hib - ok
21:38:58.0531 3288 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:38:58.0546 3288 PptpMiniport - ok
21:38:58.0671 3288 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:38:58.0687 3288 PSched - ok
21:38:58.0796 3288 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:38:58.0796 3288 Ptilink - ok
21:38:58.0906 3288 PxHelp20 (0457e25bb122b854e267cf552dcdc370) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:38:58.0921 3288 PxHelp20 - ok
21:38:59.0031 3288 ql1080 - ok
21:38:59.0156 3288 Ql10wnt - ok
21:38:59.0328 3288 ql12160 - ok
21:38:59.0421 3288 ql1240 - ok
21:38:59.0500 3288 ql1280 - ok
21:38:59.0640 3288 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:38:59.0640 3288 RasAcd - ok
21:38:59.0828 3288 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:38:59.0828 3288 Rasl2tp - ok
21:38:59.0984 3288 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:39:00.0000 3288 RasPppoe - ok
21:39:00.0171 3288 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:39:00.0171 3288 Raspti - ok
21:39:00.0265 3288 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:39:00.0265 3288 Rdbss - ok
21:39:00.0390 3288 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:39:00.0406 3288 RDPCDD - ok
21:39:00.0609 3288 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:39:00.0625 3288 rdpdr - ok
21:39:00.0765 3288 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:39:00.0781 3288 RDPWD - ok
21:39:00.0968 3288 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:39:00.0968 3288 redbook - ok
21:39:01.0125 3288 SABKUTIL - ok
21:39:01.0187 3288 SABProcEnum - ok
21:39:01.0296 3288 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:39:01.0296 3288 SASDIFSV - ok
21:39:01.0343 3288 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:39:01.0359 3288 SASKUTIL - ok
21:39:01.0562 3288 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:39:01.0578 3288 Secdrv - ok
21:39:01.0765 3288 Ser2pl (e42f03d1081c4f60d3db6c38235b1456) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
21:39:01.0765 3288 Ser2pl - ok
21:39:01.0906 3288 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:39:01.0906 3288 Serenum - ok
21:39:02.0078 3288 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:39:02.0078 3288 Serial - ok
21:39:02.0312 3288 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:39:02.0312 3288 Sfloppy - ok
21:39:02.0437 3288 Simbad - ok
21:39:02.0656 3288 smwdm (fa3368a7039f5abaa4b933703ac34763) C:\WINDOWS\system32\drivers\smwdm.sys
21:39:02.0734 3288 smwdm - ok
21:39:02.0906 3288 Sparrow - ok
21:39:03.0062 3288 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:39:03.0062 3288 splitter - ok
21:39:03.0218 3288 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:39:03.0218 3288 sr - ok
21:39:03.0390 3288 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:39:03.0421 3288 Srv - ok
21:39:03.0562 3288 SSPORT - ok
21:39:03.0734 3288 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:39:03.0734 3288 swenum - ok
21:39:03.0875 3288 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:39:03.0890 3288 swmidi - ok
21:39:04.0046 3288 swmsflt (e6c797b33a454840245c0c96e7f08b0a) C:\WINDOWS\System32\drivers\swmsflt.sys
21:39:04.0046 3288 swmsflt - ok
21:39:04.0250 3288 symc810 - ok
21:39:04.0343 3288 symc8xx - ok
21:39:04.0468 3288 sym_hi - ok
21:39:04.0593 3288 sym_u3 - ok
21:39:04.0734 3288 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:39:04.0734 3288 sysaudio - ok
21:39:04.0843 3288 szkg5 - ok
21:39:04.0968 3288 szkgfs - ok
21:39:05.0171 3288 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:39:05.0203 3288 Tcpip - ok
21:39:05.0343 3288 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:39:05.0343 3288 TDPIPE - ok
21:39:05.0484 3288 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:39:05.0500 3288 TDTCP - ok
21:39:05.0656 3288 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:39:05.0671 3288 TermDD - ok
21:39:05.0828 3288 TosIde - ok
21:39:05.0968 3288 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:39:05.0968 3288 Udfs - ok
21:39:06.0140 3288 ultra - ok
21:39:06.0343 3288 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:39:06.0406 3288 Update - ok
21:39:06.0593 3288 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:39:06.0593 3288 usbccgp - ok
21:39:06.0718 3288 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:39:06.0718 3288 usbehci - ok
21:39:06.0859 3288 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:39:06.0875 3288 usbhub - ok
21:39:07.0031 3288 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:39:07.0031 3288 usbprint - ok
21:39:07.0156 3288 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:39:07.0171 3288 usbscan - ok
21:39:07.0328 3288 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:39:07.0328 3288 USBSTOR - ok
21:39:07.0484 3288 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:39:07.0500 3288 usbuhci - ok
21:39:07.0625 3288 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:39:07.0625 3288 VgaSave - ok
21:39:07.0718 3288 ViaIde - ok
21:39:07.0875 3288 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:39:07.0875 3288 VolSnap - ok
21:39:08.0062 3288 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:39:08.0078 3288 Wanarp - ok
21:39:08.0234 3288 wceusbsh (dc7f91b2ed24a738c807ea07f298928c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
21:39:08.0234 3288 wceusbsh - ok
21:39:08.0343 3288 WDICA - ok
21:39:08.0484 3288 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:39:08.0500 3288 wdmaud - ok
21:39:08.0906 3288 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:39:08.0906 3288 WudfPf - ok
21:39:09.0062 3288 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:39:09.0062 3288 WudfRd - ok
21:39:09.0250 3288 ZTEusbmdm6k - ok
21:39:09.0359 3288 ZTEusbnmea - ok
21:39:09.0453 3288 ZTEusbser6k - ok
21:39:09.0500 3288 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:39:09.0671 3288 \Device\Harddisk0\DR0 - ok
21:39:09.0703 3288 Boot (0x1200) (4dff4c4a8deaecee334c6426db1cf694) \Device\Harddisk0\DR0\Partition0
21:39:09.0703 3288 \Device\Harddisk0\DR0\Partition0 - ok
21:39:09.0703 3288 ============================================================
21:39:09.0703 3288 Scan finished
21:39:09.0718 3288 ============================================================
21:39:09.0765 2164 Detected object count: 1
21:39:09.0765 2164 Actual detected object count: 1
21:39:36.0421 2164 Backup copy found, using it..
21:39:36.0687 2164 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
21:39:36.0687 2164 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
21:39:55.0421 3616 Deinitialize success
salt_diver
Active Member
 
Posts: 8
Joined: October 26th, 2011, 5:33 pm

Re: IE 8 Redirect

Unread postby diver79 » November 3rd, 2011, 10:13 am

Hi salt_diver,

salt_diver wrote:No more re-directs or hijacks :) !!!!!!!!

Excellent, lets see if an ESET online scan finds anything else. First run TFC to clean out your temp files which should help with the scan time.


Temp File Cleaner
  • Please download TFC and save it to your desktop.
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click Yes to reboot.
  • NOTE: Save your work.TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer than a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.


ESET Online Scanner:
Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your Anti-Virus.

Disable Microsoft Security Essentials
  • Open MSE and go to Settings > Real Time Protection.
  • Now uncheck "Turn on real time protection".

  • Please go here to run the scan.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: IE 8 Redirect

Unread postby salt_diver » November 3rd, 2011, 2:40 pm

Hi Diver79,
Thanks once again for all of your help.
Cleaned out temp files with TFC.
Ran ESET Online Scanner .... no threats found :)

Here is the log file:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b3a0a69a67f28a41a67defe512422a04
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-11-03 06:18:02
# local_time=2011-11-03 02:18:02 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 586948 586948 0 0
# compatibility_mode=5891 16776869 42 88 0 16267003 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=95744
# found=0
# cleaned=0
# scan_time=8554

Cheers, John
salt_diver
Active Member
 
Posts: 8
Joined: October 26th, 2011, 5:33 pm

Re: IE 8 Redirect

Unread postby diver79 » November 5th, 2011, 7:19 am

Hi salt_diver,

salt_diver wrote:Ran ESET Online Scanner .... no threats found :)
Excellent, good work! Almost there now.

Update vulnerable Programs
It is highly recommended that you ensure there are no vulnerable/insecure programs installed on your Computer. This can be achieved by running regular updates of Java, Adobe Reader, Flash as well as others and most importantly Windows Update. Once I am happy the computer is clean I will provide more information on keeping your machine up to date.

Adobe Reader 9.3.4
  • You should Download and Install the newest version of Adobe Reader for reading pdf files.
  • Older versions have vulnerabilities that malware can use to infect your system.
  • Go Here to download and install Adobe Reader X (10.1.1).


Security Check
  • Please download Security Check by screen317 from one of the links below:
  • Save it to your Desktop.
  • Double click SecurityCheck.exe, then follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please post the contents of that document.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: IE 8 Redirect

Unread postby salt_diver » November 5th, 2011, 6:08 pm

Hi Diver79,

Updated Adobe Reader to 10.1.1 & then re-booted computer.
Downloaded & Ran SecurityCheck.exe ... all went well.

Here is the log file:
Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
HijackThis 2.0.2
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

Cheers, John
salt_diver
Active Member
 
Posts: 8
Joined: October 26th, 2011, 5:33 pm

Re: IE 8 Redirect

Unread postby diver79 » November 6th, 2011, 8:02 am

Hi John,

RE: Antivirus up to date! (On Access scanning disabled!). Did you remember to re-enable Real Time Protection in Microsoft Security Essentials after running the ESET scan?

Please check this as files you access on the computer are currently not being scanned.

Apart from this... Congratulations your PC is now feee from infection 8) Follow the below steps to remove infected restore points and tighten your systems security.


Clean up with OTC
Download OTC by Old Timer and save it to your Desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTC.exe
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.


Flush infected System Restore points
  • Click on the Start button, Right Click on My Computer, and select Properties.
  • In the left pane, click System Protection.
  • Click the Configure button.
  • Press the Delete button to delete all restore points. Click Continue if prompted.
  • Click OK to return to the System Protection Window.
  • Press the Create button to create a new clean restore point. You can name the restore point All Clean in the next prompt
  • Press the Close button and then OK to exit the System Protection Window.

Reboot your machine to record the changes you have made.
This System Restore sequence is not to be done regularly, but only as a Special Case after the removal of malware or changes in the Restore settings.


Additional Security Tips.
Update your Antivirus programs and other programs regularly.
Secunia Personal Software Inspector - Copyright © Secunia. This app will monitor programs on your computer for known vulnerabilities. You can set it to auto-update for you, or just prompt you if an update is available. I highly recommend it.
F-secure Health Check - Copyright © F-Secure Corporation. F-Secure Health Check is a free application that tells you if your computer is protected and helps you fix possible security issues.

Visit Microsoft often
Keep on top of critical updates, as well as other updates for your computer.
How to configure and use Automatic Updates in Windows XP
Using Windows Update for Windows XP
Microsoft Update Home

Read, stay informed.
To help minimize the chances of becoming re-infected, please read.
Computer Security - a short guide to staying safer online


Please let me know that you completed the cleanup steps, the create/purge System Restore point steps and reviewed the rest of the post. Once I receive your reply, unless there are other malware questions or concerns, I will have this topic closed as resolved.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: IE 8 Redirect

Unread postby salt_diver » November 6th, 2011, 11:29 pm

Hi Diver79,
Ran OTC.exe with no problems :) .

Had problems with next set of instructions:
Flush infected System Restore points :(

.Click on the Start button, Right Click on My Computer, and select Properties.
.In the left pane, click System Protection.
.Click the Configure button.
.Press the Delete button to delete all restore points. Click Continue if prompted.
.Click OK to return to the System Protection Window.
.Press the Create button to create a new clean restore point. You can name the restore point All Clean in the next prompt
.Press the Close button and then OK to exit the System Protection Window.

There was no left pane (System Protection), nor Delete button.

Please check your instruction script. After system properties, all I could see was a System Restore tab.

Tried three methods to get into System Restore with same results.

Will wait for your comments.

Cheers, John
salt_diver
Active Member
 
Posts: 8
Joined: October 26th, 2011, 5:33 pm

Re: IE 8 Redirect

Unread postby diver79 » November 7th, 2011, 6:16 am

Hi salt_diver,

My apologies, those instructions were for Windows Vista/7. Please see updated instructions below.

Create a new, clean System Restore point
  • Create a new, clean System Restore point which you can use in case of future system problems:
  • Press Start >> All Programs >> Accessories >>System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
  • Now remove old, infected System Restore points:
  • Next click Start >> Run and type cleanmgr in the box and press OK
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  • Press OK and Yes to confirm
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 127 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware