Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google search redirected

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Google search redirected

Unread postby otc » January 24th, 2012, 7:10 pm

Whenn I use google search the search items come up I click on my choice them I'm redirectedas the search is loading I noticed on the bottom datingpuma.com.
I use firefox. I have trend micro,I also used spybot this has not corrected the problem

DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_26
Run by Bill at 14:54:36 on 2012-01-24
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1109 [GMT -8:00]
.
AV: PC Cleaners *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
AV: Trend Micro Titanium Maximum Security *Enabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlimDrivers\SlimDrivers.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Documents and Settings\Bill\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bill\My Documents\Downloads\dds(1).scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.genieo.com/
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatc ... p=aus&qkw=%s&tbid=%tb_id&%language
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local;192.168.*.*
mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx ... 364&lng=en
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_custom ... tbid=80364
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\1.5.1504\6.6.1088\TmIEPlg.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SlimDrivers] "c:\program files\slimdrivers\SlimDrivers.exe" -boot
uRun: [Facebook Update] "c:\documents and settings\bill\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [HWSetup] c:\program files\toshiba\toshiba applet\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] c:\program files\toshiba\windows utilities\SVPWUTIL.exe SVPwUTIL
mRun: [CeEKEY] c:\program files\toshiba\e-key\CeEKey.exe
mRun: [TPSMain] TPSMain.exe
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [ZoomingHook] ZoomingHook.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [TCtryIOHook] TCtrlIOHook.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TDispVol] TDispVol.exe
mRun: [Trend Micro Titanium] c:\program files\trend micro\titanium\uiframework\uiWinMgr.exe -set Silent "1" SplashURL ""
mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [WheelMouse] c:\full-s~1\wh_exec.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
StartupFolder: c:\docume~1\bill\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\bill\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\1.5.1504\6.6.1088\TmIEPlg.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - c:\program files\trend micro\titanium\uiframework\ProToolbarIMRatingActiveX.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.0.6\ViProtocol.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bill\application data\mozilla\firefox\profiles\evoqymkq.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=w3is& ... ,0,6434&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\bill\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.81\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2011-5-2 188272]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2011-5-2 64080]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\10.0.6\ToolbarUpdater.exe [2012-1-16 909152]
R3 NETwLx32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [2012-1-17 6609920]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-2 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-1-2 1691480]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-2 136176]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2012-1-2 12984]
.
=============== Created Last 30 ================
.
2012-01-24 20:11:47 -------- d-----w- c:\documents and settings\bill\application data\SUPERAntiSpyware.com
2012-01-24 20:11:09 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-24 20:11:09 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-01-24 19:09:16 388096 ----a-r- c:\documents and settings\bill\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-01-24 17:51:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-01-24 17:51:28 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-01-24 15:29:28 -------- d-----w- c:\program files\SpywareBlaster
2012-01-23 03:58:47 153 ----a-w- C:\DelUS.bat
2012-01-17 20:55:23 -------- d-----w- c:\documents and settings\bill\application data\Dropbox
2012-01-17 19:53:33 -------- d-----w- c:\windows\tiinst
2012-01-17 19:51:30 675840 ----a-w- c:\windows\system32\NETwLc32.dll
2012-01-17 19:51:30 6609920 ----a-w- c:\windows\system32\drivers\NETwLx32.sys
2012-01-17 19:51:30 2756608 ----a-w- c:\windows\system32\NETwLr32.dll
2012-01-05 07:10:33 -------- d-----w- c:\documents and settings\bill\local settings\application data\Facebook
2012-01-03 13:37:16 -------- d-----w- c:\windows\system32\cache
2012-01-03 13:37:12 -------- d-----w- c:\documents and settings\all users\application data\AVG Secure Search
2012-01-03 13:10:44 182672 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2012-01-02 14:48:51 -------- d-----w- c:\documents and settings\bill\application data\WinBatch
2012-01-02 14:47:00 852 ----a-w- c:\windows\system32\drivers\RTKHDRC.dat
2012-01-02 14:47:00 712 ----a-w- c:\windows\system32\drivers\RTEQEX0.dat
2012-01-02 14:47:00 136 ----a-w- c:\windows\system32\drivers\rtkhdaud.dat
2012-01-02 14:42:35 172032 ----a-w- c:\windows\system32\igfxres.dll
2012-01-02 14:32:29 53248 ----a-w- c:\windows\system32\CSVer.dll
2012-01-02 14:31:20 -------- d-----w- C:\Full-size Mouse
2012-01-02 14:30:38 -------- d-----w- C:\Intel100temp
2012-01-02 14:29:52 58888 ------w- c:\windows\system32\agrsmdel.exe
2012-01-02 14:29:46 -------- d-----w- c:\program files\LSI SoftModem
2012-01-02 14:29:29 13824 ------w- c:\windows\system32\agrscoin.dll
2012-01-02 14:27:56 57344 ----a-w- c:\windows\system32\igxprd32.dll
2012-01-02 14:27:55 5854752 ----a-w- c:\windows\system32\drivers\igxpmp32.sys
2012-01-02 14:27:55 1670144 ----a-w- c:\windows\system32\igxpdv32.dll
2012-01-02 14:27:54 2643968 ----a-w- c:\windows\system32\igxpdx32.dll
2012-01-02 14:27:54 176128 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-01-02 14:27:54 172032 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-01-02 14:27:54 151040 ----a-w- c:\windows\system32\igxpgd32.dll
2012-01-02 14:27:54 147456 ----a-w- c:\windows\system32\igfxCoIn_v4926.dll
2012-01-02 14:27:52 920088 ----a-w- c:\windows\system32\igxpun.exe
2012-01-02 14:27:52 319456 ----a-w- c:\windows\system32\difxapi.dll
2012-01-02 14:27:43 -------- d-----w- C:\Intel
2012-01-02 14:25:07 12984 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-01-02 14:24:55 -------- d-----w- c:\program files\SlimDrivers
2012-01-02 14:22:24 -------- d-----w- c:\documents and settings\bill\local settings\application data\SlimWare Utilities Inc
2012-01-02 14:22:00 -------- d-----w- c:\documents and settings\bill\application data\AVG Secure Search
2012-01-02 14:21:55 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-01-02 14:21:53 -------- d-----w- c:\program files\AVG Secure Search
2012-01-02 14:21:48 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2012-01-02 14:21:35 -------- d-----w- c:\program files\SlimCleaner
.
==================== Find3M ====================
.
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 23:43:21 832512 ----a-w- c:\windows\system32\wininet.dll
2011-10-31 23:43:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-10-31 23:43:21 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-10-31 23:43:20 17408 ------w- c:\windows\system32\corpol.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
.
============= FINISH: 14:55:54.09 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 5/2/2011 2:16:14 PM
System Uptime: 1/24/2012 2:50:40 PM (0 hours ago)
.
Motherboard: TOSHIBA | | HAQAA
Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz | U2E1 | 1662/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 93 GiB total, 63.473 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP165: 10/27/2011 12:59:59 PM - System Checkpoint
RP166: 10/28/2011 1:38:46 PM - System Checkpoint
RP167: 10/29/2011 2:23:24 PM - System Checkpoint
RP168: 10/30/2011 4:32:54 PM - System Checkpoint
RP169: 10/31/2011 8:33:03 PM - System Checkpoint
RP170: 11/1/2011 9:12:52 PM - System Checkpoint
RP171: 11/3/2011 7:34:29 AM - System Checkpoint
RP172: 11/4/2011 8:05:44 AM - System Checkpoint
RP173: 11/5/2011 8:53:49 AM - System Checkpoint
RP174: 11/6/2011 2:46:51 PM - System Checkpoint
RP175: 11/7/2011 8:36:58 PM - System Checkpoint
RP176: 11/9/2011 6:03:35 AM - Software Distribution Service 3.0
RP177: 11/10/2011 6:52:13 AM - System Checkpoint
RP178: 11/11/2011 3:00:17 AM - Software Distribution Service 3.0
RP179: 11/12/2011 3:30:08 AM - System Checkpoint
RP180: 11/13/2011 6:06:46 AM - System Checkpoint
RP181: 11/14/2011 1:09:26 PM - System Checkpoint
RP182: 11/15/2011 2:49:29 PM - System Checkpoint
RP183: 11/16/2011 3:06:26 PM - System Checkpoint
RP184: 11/17/2011 4:02:29 PM - System Checkpoint
RP185: 11/18/2011 4:41:35 PM - System Checkpoint
RP186: 11/21/2011 7:19:21 AM - System Checkpoint
RP187: 11/22/2011 7:58:22 AM - System Checkpoint
RP188: 11/23/2011 11:53:27 AM - System Checkpoint
RP189: 11/24/2011 12:23:12 PM - System Checkpoint
RP190: 11/25/2011 12:01:51 PM - Software Distribution Service 3.0
RP191: 11/26/2011 12:28:53 PM - System Checkpoint
RP192: 11/27/2011 3:59:18 AM - Software Distribution Service 3.0
RP193: 11/28/2011 6:12:53 AM - System Checkpoint
RP194: 11/29/2011 11:57:46 AM - System Checkpoint
RP195: 11/30/2011 12:58:03 PM - System Checkpoint
RP196: 12/1/2011 3:00:47 PM - System Checkpoint
RP197: 12/2/2011 4:04:31 PM - System Checkpoint
RP198: 12/3/2011 5:35:40 PM - System Checkpoint
RP199: 12/4/2011 5:50:13 PM - System Checkpoint
RP200: 12/5/2011 6:10:43 PM - System Checkpoint
RP201: 12/6/2011 6:15:44 PM - System Checkpoint
RP202: 12/7/2011 8:45:21 PM - System Checkpoint
RP203: 12/8/2011 10:22:25 PM - System Checkpoint
RP204: 12/10/2011 8:18:14 AM - System Checkpoint
RP205: 12/11/2011 7:05:51 PM - System Checkpoint
RP206: 12/13/2011 5:49:42 AM - System Checkpoint
RP207: 12/14/2011 6:35:09 AM - System Checkpoint
RP208: 12/15/2011 3:46:26 AM - Software Distribution Service 3.0
RP209: 12/15/2011 12:00:08 PM - TITANUIMRES[0x10001101]
RP210: 12/16/2011 12:53:05 PM - System Checkpoint
RP211: 12/17/2011 1:42:14 PM - System Checkpoint
RP212: 12/18/2011 2:54:14 PM - System Checkpoint
RP213: 12/19/2011 3:05:22 PM - System Checkpoint
RP214: 12/20/2011 6:54:44 PM - System Checkpoint
RP215: 12/21/2011 7:20:38 PM - System Checkpoint
RP216: 12/22/2011 9:25:45 PM - System Checkpoint
RP217: 12/24/2011 8:17:11 AM - System Checkpoint
RP218: 12/25/2011 8:41:39 AM - System Checkpoint
RP219: 12/26/2011 3:43:30 PM - System Checkpoint
RP220: 12/28/2011 11:37:09 AM - System Checkpoint
RP221: 12/29/2011 2:40:48 PM - System Checkpoint
RP222: 12/30/2011 3:00:51 PM - System Checkpoint
RP223: 12/31/2011 3:42:59 PM - System Checkpoint
RP224: 1/1/2012 4:10:38 PM - System Checkpoint
RP225: 1/2/2012 6:26:10 AM - SlimDrivers Installing Drivers
RP226: 1/2/2012 6:29:17 AM - SlimDrivers Installing Drivers
RP227: 1/2/2012 6:30:25 AM - SlimDrivers Installing Drivers
RP228: 1/2/2012 6:31:08 AM - SlimDrivers Installing Drivers
RP229: 1/2/2012 6:31:58 AM - SlimDrivers Installing Drivers
RP230: 1/2/2012 6:33:50 AM - SlimDrivers Installing Drivers
RP231: 1/2/2012 6:34:06 AM - SlimDrivers Installing Drivers
RP232: 1/2/2012 6:34:21 AM - SlimDrivers Installing Drivers
RP233: 1/2/2012 6:34:35 AM - SlimDrivers Installing Drivers
RP234: 1/2/2012 6:46:38 AM - Installed Realtek High Definition Audio Driver
RP235: 1/2/2012 6:48:36 AM - SlimDrivers Installing Drivers
RP236: 1/3/2012 7:57:23 AM - System Checkpoint
RP237: 1/4/2012 1:49:23 PM - System Checkpoint
RP238: 1/5/2012 2:25:26 PM - System Checkpoint
RP239: 1/6/2012 3:24:39 PM - System Checkpoint
RP240: 1/7/2012 3:51:04 PM - System Checkpoint
RP241: 1/8/2012 3:58:04 PM - System Checkpoint
RP242: 1/9/2012 4:04:27 PM - System Checkpoint
RP243: 1/10/2012 7:10:13 PM - System Checkpoint
RP244: 1/11/2012 8:17:29 PM - System Checkpoint
RP245: 1/12/2012 5:16:16 AM - Software Distribution Service 3.0
RP246: 1/12/2012 4:59:21 PM - Removed Adobe Reader 7.0
RP247: 1/12/2012 4:59:41 PM - Installed Adobe Reader X (10.1.2).
RP248: 1/13/2012 8:45:47 PM - System Checkpoint
RP249: 1/14/2012 9:32:44 PM - System Checkpoint
RP250: 1/15/2012 12:00:15 PM - TITANUIMRES[0x10001101]
RP251: 1/16/2012 12:50:22 PM - System Checkpoint
RP252: 1/17/2012 11:50:10 AM - SlimDrivers Installing Drivers
RP253: 1/17/2012 11:52:17 AM - SlimDrivers Installing Drivers
RP254: 1/17/2012 11:53:13 AM - Installed TIPCI
RP255: 1/17/2012 12:16:07 PM - SlimDrivers Installing Drivers
RP256: 1/18/2012 12:27:26 PM - System Checkpoint
RP257: 1/19/2012 12:34:59 PM - System Checkpoint
RP258: 1/20/2012 2:30:18 PM - System Checkpoint
RP259: 1/21/2012 5:22:51 PM - System Checkpoint
RP260: 1/22/2012 5:47:14 PM - System Checkpoint
RP261: 1/22/2012 7:26:25 PM - Removed SMSC IrCC V5.1.3600.5 SP2
RP262: 1/22/2012 7:57:12 PM - Removed Quicken 2006
RP263: 1/23/2012 8:10:13 PM - System Checkpoint
RP264: 1/24/2012 11:09:12 AM - Installed HiJackThis
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.2)
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
AVG Security Toolbar
Bonjour
CCleaner
CD/DVD Drive Acoustic Silencer
ClosetMaid v1.5.2
Compatibility Pack for the 2007 Office system
Dropbox
DVD-RAM Driver
EasyBits GO
Facebook Video Calling 1.1.0.13
Full-size Mouse 6.0.0.005
Google Earth
Google Update Helper
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software
InterVideo WinDVD for TOSHIBA
iTunes
J2SE Runtime Environment 5.0 Update 4
Java Auto Updater
Java(TM) 6 Update 26
Macromedia Flash Player 8
mCore
mDrWiFi
Metamail (Toshiba Registration Utility)
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office OneNote 2003
Microsoft Office Standard Edition 2003
Microsoft Office XP Web Components
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
mIWA
mLogView
mMHouse
MotoHelper MergeModules
Mozilla Firefox 9.0.1 (x86 en-US)
Mozilla Thunderbird 9.0.1 (x86 en-US)
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mWlsSafe
mXML
mZConfig
Office 2003 Trial Assistant
QuickTime
RealPlayer Basic
Realtek High Definition Audio Driver
SD Secure Module
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Skype Toolbars
Skype™ 5.3
SlimCleaner
SlimDrivers
Sonic DLA
Sonic RecordNow!
Spybot - Search & Destroy
SpywareBlaster 4.5
SUPERAntiSpyware
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TOSHIBA Accessibility
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Fn-esse
TOSHIBA Hardware Setup
TOSHIBA Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
Toshiba Tbiosdrv Driver
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Touch and Launch
TouchPad On/Off Utility
Trend Micro Titanium Maximum Security
Trend Micro™ Titanium™ Maximum Security
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Utility Common Driver
Viewpoint Media Player
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
1/24/2012 9:17:45 AM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 0013021143AE has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
1/24/2012 2:06:50 PM, error: Dhcp [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 0013021143AE has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
1/22/2012 5:06:20 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
1/20/2012 1:50:50 PM, error: Dhcp [1008] - Your computer was unable to initialize a Network Interface attached to the system. The error code is: Insufficient system resources exist to complete the requested service. .
1/17/2012 2:05:42 PM, error: Dhcp [1002] - The IP address lease 192.168.1.104 for the Network Card with network address 0013021143AE has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================
otc
Regular Member
 
Posts: 20
Joined: January 24th, 2012, 7:00 pm
Advertisement
Register to Remove

Re: Google search redirected

Unread postby vict0r » January 25th, 2012, 1:39 pm

Hello and welcome to the forum.

My nickname is vict0r and I will help you with the malware issues on your computer.

Please read the following information carefully.

IMPORTANT: Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

To make cleaning this machine easier:

  • Continue to respond to this thread until I I tell you that the logs are clean!
  • Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
  • Please do not run any scans other than those requested and do not post any logs/reports unless specifically requested to do so.
  • Please follow all instructions in the order posted.
  • If you have any questions or do not understand instructions, please ask before continuing.
  • Please reply to this thread. Do not start a new topic.
  • Your security program(s) may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.


I'm currently reviewing the logs from your computer and will be back with further instructions as soon as possible.
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: Google search redirected

Unread postby otc » January 26th, 2012, 9:12 am

Thanks for your help
otc
Regular Member
 
Posts: 20
Joined: January 24th, 2012, 7:00 pm

Re: Google search redirected

Unread postby vict0r » January 26th, 2012, 4:12 pm

I'm sorry for the delay. Please follow the instructions below.


TDSSKiller

    Please download TDSSKiller.exe and save it to your Desktop.
  • Important!: Run this fix once and once only.
  • Double click on TDSSKiller.exe to launch it.
  • Click on Start Scan, the scan will run.
  • A box will appear saying System scan completed.
  • If any Malicious objects are found, click the default action Cure > Continue > Reboot now.
  • If any suspicious objects are detected the default action will be Skip, ensure Skip is selected then click Continue.
  • A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010.
  • To find the log click Start > Computer > C:.
  • Please post the contents of that log in your next reply.


Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware and save it to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


Remember to post:
  • TDSSKiller log.
  • Malwarebytes log.
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: Google search redirected

Unread postby otc » January 27th, 2012, 11:08 am

Database version: v2012.01.27.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Bill :: TOSHIBA-USER [administrator]

1/27/2012 6:39:20 AM
mbam-log-2012-01-27 (06-39-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 166939
Time elapsed: 7 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Documents and Settings\Bill\My Documents\Downloads\7zipap_1320.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bill\My Documents\Downloads\ReferenceBoss.exe (Adware.FunWeb) -> Quarantined and deleted successfully.
C:\DelUS.bat (Malware.Trace) -> Quarantined and deleted successfully.

(end)
16 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
06:32:52.0031 3516 ============================================================
06:32:52.0031 3516 Current date / time: 2012/01/27 06:32:52.0031
06:32:52.0031 3516 SystemInfo:
06:32:52.0031 3516
06:32:52.0031 3516 OS Version: 5.1.2600 ServicePack: 3.0
06:32:52.0031 3516 Product type: Workstation
06:32:52.0031 3516 ComputerName: TOSHIBA-USER
06:32:52.0031 3516 UserName: Bill
06:32:52.0031 3516 Windows directory: C:\WINDOWS
06:32:52.0031 3516 System windows directory: C:\WINDOWS
06:32:52.0031 3516 Processor architecture: Intel x86
06:32:52.0031 3516 Number of processors: 2
06:32:52.0031 3516 Page size: 0x1000
06:32:52.0031 3516 Boot type: Normal boot
06:32:52.0031 3516 ============================================================
06:32:58.0656 3516 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
06:32:58.0718 3516 Initialize success
06:33:04.0359 3592 ============================================================
06:33:04.0359 3592 Scan started
06:33:04.0359 3592 Mode: Manual;
06:33:04.0359 3592 ============================================================
06:33:04.0953 3592 Abiosdsk - ok
06:33:04.0984 3592 abp480n5 - ok
06:33:05.0046 3592 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
06:33:05.0062 3592 ACPI - ok
06:33:05.0078 3592 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
06:33:05.0078 3592 ACPIEC - ok
06:33:05.0109 3592 adpu160m - ok
06:33:05.0140 3592 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
06:33:05.0156 3592 aec - ok
06:33:05.0234 3592 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
06:33:05.0375 3592 AegisP - ok
06:33:05.0578 3592 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
06:33:05.0609 3592 AFD - ok
06:33:05.0750 3592 AgereSoftModem (07758c2196a62f207f77556311e7459a) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
06:33:05.0875 3592 AgereSoftModem - ok
06:33:05.0921 3592 Aha154x - ok
06:33:06.0125 3592 aic78u2 - ok
06:33:06.0156 3592 aic78xx - ok
06:33:06.0203 3592 AliIde - ok
06:33:06.0515 3592 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
06:33:06.0671 3592 Ambfilt - ok
06:33:06.0843 3592 amsint - ok
06:33:06.0906 3592 ApfiltrService (87ec3fdcaf6c5052e2e72b861dedd3d3) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
06:33:06.0937 3592 ApfiltrService - ok
06:33:07.0031 3592 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
06:33:07.0031 3592 Arp1394 - ok
06:33:07.0031 3592 asc - ok
06:33:07.0078 3592 asc3350p - ok
06:33:07.0109 3592 asc3550 - ok
06:33:07.0171 3592 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
06:33:07.0171 3592 AsyncMac - ok
06:33:07.0312 3592 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
06:33:07.0312 3592 atapi - ok
06:33:07.0437 3592 Atdisk - ok
06:33:07.0593 3592 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
06:33:07.0609 3592 Atmarpc - ok
06:33:07.0640 3592 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
06:33:07.0640 3592 audstub - ok
06:33:07.0703 3592 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
06:33:07.0703 3592 Beep - ok
06:33:07.0937 3592 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
06:33:07.0937 3592 cbidf2k - ok
06:33:08.0109 3592 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
06:33:08.0125 3592 CCDECODE - ok
06:33:08.0187 3592 cd20xrnt - ok
06:33:08.0250 3592 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
06:33:08.0265 3592 Cdaudio - ok
06:33:08.0328 3592 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
06:33:08.0328 3592 Cdfs - ok
06:33:08.0453 3592 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
06:33:08.0468 3592 Cdrom - ok
06:33:08.0593 3592 Changer - ok
06:33:08.0640 3592 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
06:33:08.0640 3592 CmBatt - ok
06:33:08.0671 3592 CmdIde - ok
06:33:08.0796 3592 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
06:33:08.0796 3592 Compbatt - ok
06:33:08.0859 3592 Cpqarray - ok
06:33:08.0921 3592 dac2w2k - ok
06:33:09.0265 3592 dac960nt - ok
06:33:09.0437 3592 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
06:33:09.0468 3592 Disk - ok
06:33:09.0578 3592 DLABOIOM (ee4325becef51b8c32b4329097e4f301) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
06:33:09.0765 3592 DLABOIOM - ok
06:33:09.0875 3592 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
06:33:09.0890 3592 DLACDBHM - ok
06:33:10.0062 3592 DLADResN (1e6c6597833a04c2157be7b39ea92ce1) C:\WINDOWS\system32\DLA\DLADResN.SYS
06:33:10.0234 3592 DLADResN - ok
06:33:10.0375 3592 DLAIFS_M (752376e109a090970bfa9722f0f40b03) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
06:33:10.0578 3592 DLAIFS_M - ok
06:33:10.0796 3592 DLAOPIOM (62ee7902e74b90bf1ccc4643fc6c07a7) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
06:33:10.0968 3592 DLAOPIOM - ok
06:33:11.0156 3592 DLAPoolM (5c220124c5afeaee84a9bb89d685c17b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
06:33:11.0296 3592 DLAPoolM - ok
06:33:11.0468 3592 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
06:33:11.0468 3592 DLARTL_N - ok
06:33:11.0562 3592 DLAUDFAM (4ebb78d9bbf072119363b35b9b3e518f) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
06:33:11.0703 3592 DLAUDFAM - ok
06:33:11.0828 3592 DLAUDF_M (333b770e52d2cea7bd86391120466e43) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
06:33:11.0953 3592 DLAUDF_M - ok
06:33:12.0187 3592 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
06:33:12.0312 3592 dmboot - ok
06:33:12.0390 3592 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
06:33:12.0406 3592 dmio - ok
06:33:12.0484 3592 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
06:33:12.0500 3592 dmload - ok
06:33:12.0546 3592 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
06:33:12.0546 3592 DMusic - ok
06:33:12.0734 3592 dpti2o - ok
06:33:12.0828 3592 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
06:33:12.0828 3592 drmkaud - ok
06:33:12.0890 3592 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
06:33:12.0921 3592 DRVMCDB - ok
06:33:13.0046 3592 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
06:33:13.0046 3592 DRVNDDM - ok
06:33:13.0234 3592 E100B (2646883e6dd867cd872d5b51b6036710) C:\WINDOWS\system32\DRIVERS\e100b325.sys
06:33:13.0234 3592 E100B - ok
06:33:13.0437 3592 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
06:33:13.0453 3592 Fastfat - ok
06:33:13.0562 3592 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
06:33:13.0562 3592 Fdc - ok
06:33:13.0640 3592 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
06:33:13.0640 3592 Fips - ok
06:33:13.0765 3592 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
06:33:13.0765 3592 Flpydisk - ok
06:33:13.0843 3592 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
06:33:13.0875 3592 FltMgr - ok
06:33:13.0890 3592 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
06:33:13.0890 3592 Fs_Rec - ok
06:33:13.0984 3592 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
06:33:13.0984 3592 Ftdisk - ok
06:33:14.0093 3592 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
06:33:14.0093 3592 GEARAspiWDM - ok
06:33:14.0250 3592 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
06:33:14.0250 3592 Gpc - ok
06:33:14.0359 3592 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
06:33:14.0390 3592 HDAudBus - ok
06:33:14.0437 3592 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
06:33:14.0453 3592 HidUsb - ok
06:33:14.0468 3592 hpn - ok
06:33:14.0562 3592 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
06:33:14.0562 3592 HTTP - ok
06:33:14.0625 3592 i2omgmt - ok
06:33:14.0718 3592 i2omp - ok
06:33:14.0828 3592 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
06:33:14.0828 3592 i8042prt - ok
06:33:15.0328 3592 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
06:33:15.0750 3592 ialm - ok
06:33:16.0078 3592 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
06:33:16.0078 3592 Imapi - ok
06:33:16.0140 3592 ini910u - ok
06:33:16.0593 3592 IntcAzAudAddService (7cd981be2e272319a75dc11ce0382350) C:\WINDOWS\system32\drivers\RtkHDAud.sys
06:33:17.0125 3592 IntcAzAudAddService - ok
06:33:17.0343 3592 IntelIde - ok
06:33:17.0515 3592 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
06:33:17.0531 3592 intelppm - ok
06:33:17.0593 3592 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
06:33:17.0593 3592 Ip6Fw - ok
06:33:17.0671 3592 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
06:33:17.0671 3592 IpFilterDriver - ok
06:33:17.0765 3592 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
06:33:17.0765 3592 IpInIp - ok
06:33:17.0906 3592 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
06:33:17.0906 3592 IpNat - ok
06:33:18.0390 3592 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
06:33:18.0406 3592 IPSec - ok
06:33:18.0484 3592 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
06:33:18.0484 3592 IRENUM - ok
06:33:18.0593 3592 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
06:33:18.0593 3592 isapnp - ok
06:33:18.0734 3592 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
06:33:18.0734 3592 Kbdclass - ok
06:33:18.0812 3592 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
06:33:18.0859 3592 kmixer - ok
06:33:18.0984 3592 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
06:33:18.0984 3592 KSecDD - ok
06:33:19.0046 3592 lbrtfdc - ok
06:33:19.0187 3592 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys
06:33:19.0187 3592 meiudf - ok
06:33:19.0328 3592 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
06:33:19.0328 3592 mnmdd - ok
06:33:19.0421 3592 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
06:33:19.0421 3592 Modem - ok
06:33:19.0609 3592 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
06:33:19.0734 3592 Monfilt - ok
06:33:19.0906 3592 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
06:33:19.0921 3592 Mouclass - ok
06:33:20.0093 3592 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
06:33:20.0093 3592 mouhid - ok
06:33:20.0156 3592 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
06:33:20.0171 3592 MountMgr - ok
06:33:20.0187 3592 mraid35x - ok
06:33:20.0234 3592 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
06:33:20.0234 3592 MRxDAV - ok
06:33:20.0312 3592 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
06:33:20.0312 3592 MRxSmb - ok
06:33:20.0546 3592 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
06:33:20.0546 3592 Msfs - ok
06:33:20.0687 3592 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
06:33:20.0687 3592 MSKSSRV - ok
06:33:20.0734 3592 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
06:33:20.0734 3592 MSPCLOCK - ok
06:33:20.0781 3592 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
06:33:20.0781 3592 MSPQM - ok
06:33:20.0843 3592 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
06:33:20.0843 3592 mssmbios - ok
06:33:21.0015 3592 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
06:33:21.0015 3592 MSTEE - ok
06:33:21.0140 3592 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
06:33:21.0140 3592 Mup - ok
06:33:21.0234 3592 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
06:33:21.0250 3592 NABTSFEC - ok
06:33:21.0500 3592 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
06:33:21.0500 3592 NDIS - ok
06:33:21.0687 3592 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
06:33:21.0703 3592 NdisIP - ok
06:33:22.0125 3592 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
06:33:22.0125 3592 NdisTapi - ok
06:33:22.0656 3592 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
06:33:22.0656 3592 Ndisuio - ok
06:33:22.0921 3592 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
06:33:22.0937 3592 NdisWan - ok
06:33:23.0468 3592 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
06:33:23.0500 3592 NDProxy - ok
06:33:23.0718 3592 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
06:33:23.0734 3592 NetBIOS - ok
06:33:24.0453 3592 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
06:33:24.0453 3592 NetBT - ok
06:33:24.0640 3592 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
06:33:24.0718 3592 Netdevio - ok
06:33:25.0375 3592 NETwLx32 (72062b53186e4a3f5fcbc41ebb62b905) C:\WINDOWS\system32\DRIVERS\NETwLx32.sys
06:33:26.0578 3592 NETwLx32 - ok
06:33:26.0859 3592 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
06:33:26.0859 3592 NIC1394 - ok
06:33:26.0937 3592 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
06:33:26.0953 3592 Npfs - ok
06:33:27.0015 3592 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
06:33:27.0031 3592 Ntfs - ok
06:33:27.0109 3592 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
06:33:27.0109 3592 NuidFltr - ok
06:33:27.0312 3592 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
06:33:27.0312 3592 Null - ok
06:33:27.0343 3592 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
06:33:27.0343 3592 NwlnkFlt - ok
06:33:27.0437 3592 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
06:33:27.0468 3592 NwlnkFwd - ok
06:33:27.0546 3592 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
06:33:27.0546 3592 ohci1394 - ok
06:33:27.0656 3592 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
06:33:27.0656 3592 Parport - ok
06:33:27.0859 3592 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
06:33:27.0875 3592 PartMgr - ok
06:33:27.0937 3592 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
06:33:27.0937 3592 ParVdm - ok
06:33:28.0000 3592 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
06:33:28.0015 3592 PCI - ok
06:33:28.0015 3592 PCIDump - ok
06:33:28.0093 3592 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
06:33:28.0093 3592 PCIIde - ok
06:33:28.0156 3592 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
06:33:28.0156 3592 Pcmcia - ok
06:33:28.0187 3592 PDCOMP - ok
06:33:28.0328 3592 PDFRAME - ok
06:33:28.0359 3592 PDRELI - ok
06:33:28.0375 3592 PDRFRAME - ok
06:33:28.0390 3592 perc2 - ok
06:33:28.0437 3592 perc2hib - ok
06:33:28.0546 3592 pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys
06:33:28.0656 3592 pfc - ok
06:33:28.0859 3592 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
06:33:28.0859 3592 PptpMiniport - ok
06:33:28.0921 3592 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
06:33:28.0921 3592 PSched - ok
06:33:28.0984 3592 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
06:33:29.0000 3592 Ptilink - ok
06:33:29.0046 3592 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
06:33:29.0046 3592 PxHelp20 - ok
06:33:29.0062 3592 ql1080 - ok
06:33:29.0078 3592 Ql10wnt - ok
06:33:29.0093 3592 ql12160 - ok
06:33:29.0125 3592 ql1240 - ok
06:33:29.0265 3592 ql1280 - ok
06:33:29.0359 3592 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
06:33:29.0359 3592 RasAcd - ok
06:33:29.0562 3592 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
06:33:29.0562 3592 Rasl2tp - ok
06:33:29.0656 3592 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
06:33:29.0656 3592 RasPppoe - ok
06:33:29.0765 3592 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
06:33:29.0765 3592 Raspti - ok
06:33:29.0828 3592 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
06:33:29.0828 3592 Rdbss - ok
06:33:30.0093 3592 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
06:33:30.0109 3592 RDPCDD - ok
06:33:30.0234 3592 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
06:33:30.0234 3592 RDPWD - ok
06:33:30.0453 3592 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
06:33:30.0468 3592 redbook - ok
06:33:30.0609 3592 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys
06:33:30.0734 3592 s24trans - ok
06:33:30.0906 3592 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
06:33:30.0921 3592 SASDIFSV - ok
06:33:30.0968 3592 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
06:33:31.0000 3592 SASKUTIL - ok
06:33:31.0265 3592 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
06:33:31.0281 3592 sdbus - ok
06:33:31.0328 3592 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
06:33:31.0343 3592 Secdrv - ok
06:33:31.0468 3592 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
06:33:31.0468 3592 Serial - ok
06:33:31.0593 3592 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
06:33:31.0593 3592 sffdisk - ok
06:33:31.0812 3592 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
06:33:31.0828 3592 sffp_sd - ok
06:33:31.0890 3592 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
06:33:31.0937 3592 Sfloppy - ok
06:33:31.0968 3592 Simbad - ok
06:33:32.0156 3592 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
06:33:32.0171 3592 SLIP - ok
06:33:32.0406 3592 Sparrow - ok
06:33:32.0500 3592 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
06:33:32.0515 3592 splitter - ok
06:33:32.0609 3592 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
06:33:32.0625 3592 sr - ok
06:33:32.0781 3592 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
06:33:32.0828 3592 Srv - ok
06:33:33.0156 3592 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
06:33:33.0156 3592 streamip - ok
06:33:33.0312 3592 SWDUMon (62f0888f8e04ff8ca18c284237f2e447) C:\WINDOWS\system32\DRIVERS\SWDUMon.sys
06:33:33.0500 3592 SWDUMon - ok
06:33:33.0703 3592 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
06:33:33.0750 3592 swenum - ok
06:33:33.0828 3592 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
06:33:33.0828 3592 swmidi - ok
06:33:33.0890 3592 symc810 - ok
06:33:33.0906 3592 symc8xx - ok
06:33:33.0921 3592 sym_hi - ok
06:33:34.0578 3592 sym_u3 - ok
06:33:34.0625 3592 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
06:33:34.0656 3592 sysaudio - ok
06:33:34.0765 3592 TBiosDrv (eeca2b57545e7b7be949b5e70e31444f) C:\WINDOWS\system32\drivers\TBiosDrv.sys
06:33:34.0953 3592 TBiosDrv - ok
06:33:35.0421 3592 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
06:33:35.0453 3592 Tcpip - ok
06:33:35.0531 3592 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
06:33:35.0546 3592 TDPIPE - ok
06:33:35.0640 3592 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
06:33:35.0640 3592 TDTCP - ok
06:33:35.0734 3592 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
06:33:35.0750 3592 TermDD - ok
06:33:35.0906 3592 tifm21 (e4c85c291ddb3dc5e4a2f227ca465ba6) C:\WINDOWS\system32\drivers\tifm21.sys
06:33:36.0078 3592 tifm21 - ok
06:33:36.0265 3592 tmactmon (de87a23d2ddc7378d1c7ab681e20de47) C:\WINDOWS\system32\DRIVERS\tmactmon.sys
06:33:36.0312 3592 tmactmon - ok
06:33:36.0546 3592 tmcomm (540c2b5dc47651c572c2804dc72fdda8) C:\WINDOWS\system32\DRIVERS\tmcomm.sys
06:33:36.0546 3592 tmcomm - ok
06:33:36.0609 3592 tmevtmgr (2de1fa64ebaff376f2c038f64492f62c) C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys
06:33:36.0625 3592 tmevtmgr - ok
06:33:36.0859 3592 tmtdi (5a61679b2277b9ad550e30479a69503b) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
06:33:36.0875 3592 tmtdi - ok
06:33:37.0031 3592 TosIde - ok
06:33:37.0093 3592 TPwSav (9ffffb4c5b06c7b75e8159f1106006ac) C:\WINDOWS\system32\Drivers\TPwSav.sys
06:33:37.0187 3592 TPwSav - ok
06:33:37.0406 3592 Tvs (cc6763889198ef975b143d49789bcfa9) C:\WINDOWS\system32\DRIVERS\Tvs.sys
06:33:37.0562 3592 Tvs - ok
06:33:37.0718 3592 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
06:33:37.0765 3592 Udfs - ok
06:33:37.0859 3592 ultra - ok
06:33:38.0046 3592 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
06:33:38.0078 3592 Update - ok
06:33:38.0375 3592 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
06:33:38.0390 3592 USBAAPL - ok
06:33:38.0531 3592 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
06:33:38.0562 3592 usbaudio - ok
06:33:38.0687 3592 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
06:33:38.0734 3592 usbccgp - ok
06:33:38.0890 3592 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
06:33:38.0906 3592 usbehci - ok
06:33:39.0078 3592 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
06:33:39.0078 3592 usbhub - ok
06:33:39.0296 3592 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
06:33:39.0312 3592 USBSTOR - ok
06:33:39.0500 3592 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
06:33:39.0531 3592 usbuhci - ok
06:33:39.0656 3592 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
06:33:39.0656 3592 usbvideo - ok
06:33:40.0234 3592 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
06:33:40.0234 3592 VgaSave - ok
06:33:40.0484 3592 ViaIde - ok
06:33:40.0750 3592 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
06:33:40.0750 3592 VolSnap - ok
06:33:41.0015 3592 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
06:33:41.0140 3592 w39n51 - ok
06:33:41.0390 3592 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
06:33:41.0390 3592 Wanarp - ok
06:33:41.0531 3592 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
06:33:41.0546 3592 wanatw - ok
06:33:41.0750 3592 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
06:33:41.0828 3592 Wdf01000 - ok
06:33:42.0281 3592 WDICA - ok
06:33:42.0500 3592 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
06:33:42.0500 3592 wdmaud - ok
06:33:42.0703 3592 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
06:33:42.0703 3592 WSTCODEC - ok
06:33:42.0734 3592 MBR (0x1B8) (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk0\DR0
06:33:44.0875 3592 \Device\Harddisk0\DR0 - ok
06:33:44.0921 3592 Boot (0x1200) (d112bd668f9bd16d9633be93be9269dc) \Device\Harddisk0\DR0\Partition0
06:33:44.0968 3592 \Device\Harddisk0\DR0\Partition0 - ok
06:33:44.0968 3592 ============================================================
06:33:44.0968 3592 Scan finished
06:33:44.0968 3592 ============================================================
06:33:44.0968 2800 Detected object count: 0
06:33:44.0968 2800 Actual detected object count: 0
06:34:48.0593 3672 Deinitialize success
Thanks, otc
otc
Regular Member
 
Posts: 20
Joined: January 24th, 2012, 7:00 pm

Re: Google search redirected

Unread postby vict0r » January 28th, 2012, 8:29 pm

I'm sorry for the delay.

DDS

Delete your current outdated copy of DDS.

Please download DDS by sUBs from one of the links below, save it to your Desktop (Note: It must be in this location).
Please disable any anti-malware program that will block scripts from running before running DDS.

  • Double click on the dds icon and a command window will appear. This is normal.
  • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply


Security Application Check

Please download and save SecurityCheck.exe by screen317 to your Desktop from one of the links below.
Link 1 | Link 2

  • Double-click SecurityCheck.exe to start the program
  • If new window opens asking if you want to run the program, click Run
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please copy all text in checkup.txt and paste that text in your next reply.
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: Google search redirected

Unread postby vict0r » January 31st, 2012, 12:24 pm

Hello...

It has been more than 2 days since my last post to you.
  • Do you still need help with this problem?
  • Do you need more time?

Just let me know what's going on otherwise... After 24 hrs., if you have not replied to this topic... it will be closed.
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: Google search redirected

Unread postby otc » February 1st, 2012, 1:50 pm

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_26
Run by Bill at 9:10:33 on 2012-02-01
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.791 [GMT -8:00]
.
AV: PC Cleaners *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
AV: Trend Micro Titanium Maximum Security *Enabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlimDrivers\SlimDrivers.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Documents and Settings\Bill\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Sunbird\sunbird.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.genieo.com/
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatc ... p=aus&qkw=%s&tbid=%tb_id&%language
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local;192.168.*.*
mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx ... 364&lng=en
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_custom ... tbid=80364
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\1.5.1504\6.6.1088\TmIEPlg.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SlimDrivers] "c:\program files\slimdrivers\SlimDrivers.exe" -boot
uRun: [Facebook Update] "c:\documents and settings\bill\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [HWSetup] c:\program files\toshiba\toshiba applet\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] c:\program files\toshiba\windows utilities\SVPWUTIL.exe SVPwUTIL
mRun: [CeEKEY] c:\program files\toshiba\e-key\CeEKey.exe
mRun: [TPSMain] TPSMain.exe
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [ZoomingHook] ZoomingHook.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [TCtryIOHook] TCtrlIOHook.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TDispVol] TDispVol.exe
mRun: [Trend Micro Titanium] c:\program files\trend micro\titanium\uiframework\uiWinMgr.exe -set Silent "1" SplashURL ""
mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [WheelMouse] c:\full-s~1\wh_exec.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
StartupFolder: c:\docume~1\bill\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\bill\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 64.233.207.8 64.233.207.9
TCP: Interfaces\{E5CD361D-001F-4F73-96D5-C7DAD73D58EE} : DhcpNameServer = 64.233.207.8 64.233.207.9
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\1.5.1504\6.6.1088\TmIEPlg.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - c:\program files\trend micro\titanium\uiframework\ProToolbarIMRatingActiveX.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.0.6\ViProtocol.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bill\application data\mozilla\firefox\profiles\evoqymkq.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=w3is& ... ,0,6434&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\bill\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.81\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2011-5-2 188272]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2011-5-2 64080]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\10.0.6\ToolbarUpdater.exe [2012-1-16 909152]
R3 NETwLx32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [2012-1-17 6609920]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-2 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-1-2 1691480]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-2 136176]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2012-1-2 12984]
.
=============== Created Last 30 ================
.
2012-01-27 14:37:35 -------- d-----w- c:\documents and settings\bill\application data\Malwarebytes
2012-01-27 14:37:23 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-01-27 14:37:20 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-27 14:37:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-24 20:11:47 -------- d-----w- c:\documents and settings\bill\application data\SUPERAntiSpyware.com
2012-01-24 20:11:09 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-24 20:11:09 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-01-24 19:09:16 388096 ----a-r- c:\documents and settings\bill\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-01-24 17:51:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-01-24 17:51:28 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-01-24 15:29:28 -------- d-----w- c:\program files\SpywareBlaster
2012-01-17 20:55:23 -------- d-----w- c:\documents and settings\bill\application data\Dropbox
2012-01-17 19:53:33 -------- d-----w- c:\windows\tiinst
2012-01-17 19:51:30 675840 ----a-w- c:\windows\system32\NETwLc32.dll
2012-01-17 19:51:30 6609920 ----a-w- c:\windows\system32\drivers\NETwLx32.sys
2012-01-17 19:51:30 2756608 ----a-w- c:\windows\system32\NETwLr32.dll
2012-01-05 07:10:33 -------- d-----w- c:\documents and settings\bill\local settings\application data\Facebook
2012-01-03 13:37:16 -------- d-----w- c:\windows\system32\cache
2012-01-03 13:37:12 -------- d-----w- c:\documents and settings\all users\application data\AVG Secure Search
2012-01-03 13:10:44 182672 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-01-27 14:52:28 12984 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
.
============= FINISH: 9:11:32.07 ===============
otc
Regular Member
 
Posts: 20
Joined: January 24th, 2012, 7:00 pm

Re: Google search redirected

Unread postby Elrond » February 1st, 2012, 5:10 pm

Hi otc.
I have taken over from Vict0r and will do my best to help you.
Please note that removing malware from a computer always carries a certain risk and that I would therefore sugest that you back up any important data to a external medium.

A quick question while I work on the analysis of the log and waiting for the log from the Security Application Check.

What is this computer used for?
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: Google search redirected

Unread postby otc » February 1st, 2012, 6:16 pm

The computer is used for personal use,internet
otc
Regular Member
 
Posts: 20
Joined: January 24th, 2012, 7:00 pm

Re: Google search redirected

Unread postby Elrond » February 2nd, 2012, 3:32 pm

Hi again.

Some moere questions:
Have you purposly installed the following toolbars:
AVG Security Toolbar
toolbar.inbox.com


Do you know anything about
avg secure search

How come that you are using a internet name server that seems to belong to WideOpenWest Finance LLC.


Add/Remove Programs
I need you to uninstall some programs from your computer.
  1. Click Start...then click Run.
  2. In the open text entry box...please copy/paste the following:
    appwiz.cpl
  3. Click the OK...button. It takes a few seconds for the program list to be "populated'.
  4. Locate the following program(s):
    J2SE Runtime Environment 5.0 Update 4
    Macromedia Flash Player 8
  5. Press the "Remove" or "Change/Remove"...button to uninstall the program.
    Carefully read any prompts...
    Some uninstallers prompt in a way to trick you into keeping the program, sometimes, preventing them from being uninstalled again!
    Don't worry if you can not find all programs...some may not have an uninstall feature.
  6. Repeat steps 4 - 5 for each program in the list.
  7. When finished...close/exit Add/Remove Programs.

This is a repete request for the following:

Security Application Check

Please download and save SecurityCheck.exe by screen317 to your Desktop from one of the links below.
Link 1 | Link 2

  • Double-click SecurityCheck.exe to start the program
  • If new window opens asking if you want to run the program, click Run
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please copy all text in checkup.txt and paste that text in your next reply.
[/quote]

Next do the following:

Running aswMBR.exe

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Image

Do not use any other box but the Save Log one until the program tells you that it has saved the log. Then use the exit box to close the program.


Please reply with
the answers to the questions,
the Security check log,
the log from aswMBR.exe.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: Google search redirected

Unread postby otc » February 3rd, 2012, 7:05 am

no I did not purposly install avg security tool baror toolbar.inbox.com

wide open west is my internet provider aka wowway.

why did you have me remove the two programs?

Results of screen317's Security Check version 0.99.30
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG Security Toolbar
Trend Micro Titanium Maximum Security
Trend Micro™ Titanium™ Maximum Security
```````````````````````````````
Anti-malware/Other Utilities Check:

MVPS Hosts File
SpywareBlaster 4.5
Spybot - Search & Destroy
SUPERAntiSpyware
CCleaner
SlimCleaner
Java(TM) 6 Update 26
Java version out of date!
Adobe Flash Player 11.0.1.152
Adobe Reader X (10.1.2)
Mozilla Firefox 10.0. Firefox out of Date!
Mozilla Thunderbird (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Trend Micro AMSP coreServiceShell.exe
Trend Micro UniClient UiFrmWrk uiWatchDog.exe
Trend Micro AMSP coreFrameworkHost.exe
Trend Micro UniClient UiFrmWrk uiSeAgnt.exe
``````````End of Log````````````
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-03 02:58:26
-----------------------------
02:58:26.906 OS Version: Windows 5.1.2600 Service Pack 3
02:58:26.906 Number of processors: 2 586 0xE08
02:58:26.906 ComputerName: TOSHIBA-USER UserName: Bill
02:58:28.390 Initialize success
02:58:41.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
02:58:41.171 Disk 0 Vendor: FUJITSU_MHV2100BH_PL 00000029 Size: 95396MB BusType: 3
02:58:41.187 Disk 0 MBR read successfully
02:58:41.187 Disk 0 MBR scan
02:58:41.187 Disk 0 Windows XP default MBR code
02:58:41.187 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 95393 MB offset 63
02:58:41.203 Disk 0 scanning sectors +195366465
02:58:41.296 Disk 0 scanning C:\WINDOWS\system32\drivers
02:58:50.656 Service scanning
02:58:51.906 Modules scanning
02:58:56.765 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
02:58:57.953 Disk 0 trace - called modules:
02:58:57.968 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
02:58:57.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6e6ab8]
02:58:58.000 3 CLASSPNP.SYS[f7667fd7] -> nt!IofCallDriver -> \Device\00000078[0x8a6ae9e8]
02:58:58.000 5 ACPI.sys[f750e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a6e9940]
02:58:58.000 Scan finished successfully
02:59:28.140 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Bill\Desktop\MBR.dat"
02:59:28.171 The log file has been saved successfully to "C:\Documents and Settings\Bill\Desktop\aswMBR.txt"
I dont know anything about avg search I use google as my search engine.

Thanks,Bill
otc
Regular Member
 
Posts: 20
Joined: January 24th, 2012, 7:00 pm

Re: Google search redirected

Unread postby Elrond » February 3rd, 2012, 9:08 am

Hi.

Thanks for the information. It was helpful. :)

The reason that I had you remove the programs is that they were both quite out of date and are abig risk factor for infection. I will ask you later to replace the Java that you have with the latests version.

As you did not install the two toolbars we try to do our best to remove them as they are a nuiceance and could also redirect your seaeches.

As for now I would like you to do the following:

Disable SUPERAntiSpyware
Programs like SUPERAntiSpyware, may interfere with the fix, so we need to temporarily disable it.
  • Right-click on the SUPERAntiSpyware icon, in the system tray.
  • Choose View Control Center... "Preferences/options" button/tab.
  • On the General and Startup...tab, uncheck, "Start SUPERAntiSpyware when Windows starts"
  • click Close to exit.
Don't forget to enable your SUPERAntiSpyware protection, when your computer is clean.

Next try to disable Trend Micro Titanium Maximum Security.

The reason for disableing them is that they can interfere with the scan that follows.

ComboFix
Image
Please download ComboFix.exe... © Copyrighted to sUBs. Save it to your desktop. <<--- IMPORTANT!! .
Alternate download site: here
If you previously downloaded ComboFix, please delete that version and download it again. This tool is frequently updated.

The first thing you need to do is print out How-To-Use-ComboFix. Read these instructions thoroughly.
You will not have Internet access when you execute ComboFix.
Please disable any Antivirus or Firewall you have active, as shown in this topic. Close all open application windows.

  1. Double click the ComboFix.exe icon on your desktop to begin execution. If you receive the "Open File - Security Warning"... press Run.
  2. Press Yes to the Disclaimer prompt.
    ComboFix screen appears... preparing to run. ComboFix will now begin creating a System Restore Point and then backup your registry.
  3. For XP users: If not already installed... Press "Yes" to any "Recovery Console" prompts.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash!
    When finished... Notepad will open ... ComboFix will produce a log file called "ComboFix.txt".
  4. Please copy/paste the contents of ComboFix.txt... in your next reply.
Do NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read Combofix's Disclaimer.

** Enable your Antivirus and Firewall, before connecting to the Internet again! **

Please answer with the combofix log.

Please note that I will be off line from about two hours from now until Sunday morning.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: Google search redirected

Unread postby otc » February 4th, 2012, 10:26 am

ComboFix 12-02-03.02 - Bill 02/04/2012 6:08.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1025 [GMT -8:00]
Running from: c:\documents and settings\Bill\My Documents\Downloads\ComboFix.exe
AV: PC Cleaners *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
AV: Trend Micro Titanium Maximum Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Bill\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\full-s~1\wh_exec.exe
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\827d999fc370c0ef.fb
c:\windows\system32\Cache\a7f56bcfd5969bdd.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2012-01-04 to 2012-02-04 )))))))))))))))))))))))))))))))
.
.
2012-02-01 17:19 . 2012-02-01 17:38 723294 ----a-w- c:\windows\unins000.exe
2012-01-27 14:52 . 2012-01-27 14:52 -------- d-----w- c:\windows\LastGood
2012-01-27 14:37 . 2012-01-27 14:37 -------- d-----w- c:\documents and settings\Bill\Application Data\Malwarebytes
2012-01-27 14:37 . 2012-01-27 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-27 14:37 . 2012-01-27 14:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-27 14:37 . 2011-12-10 23:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-24 20:11 . 2012-01-24 20:11 -------- d-----w- c:\documents and settings\Bill\Application Data\SUPERAntiSpyware.com
2012-01-24 20:11 . 2012-01-24 20:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-24 20:11 . 2012-01-24 20:11 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-01-24 19:09 . 2012-01-24 19:09 388096 ----a-r- c:\documents and settings\Bill\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-24 17:51 . 2012-02-01 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-01-24 17:51 . 2012-01-24 17:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-01-24 15:29 . 2012-01-24 15:29 -------- d-----w- c:\program files\SpywareBlaster
2012-01-17 20:55 . 2012-01-31 20:58 -------- d-----w- c:\documents and settings\Bill\Application Data\Dropbox
2012-01-17 19:53 . 2012-01-17 19:53 -------- d-----w- c:\windows\tiinst
2012-01-17 19:51 . 2000-01-01 00:00 675840 ----a-w- c:\windows\system32\NETwLc32.dll
2012-01-17 19:51 . 2000-01-01 00:00 6609920 ----a-w- c:\windows\system32\drivers\NETwLx32.sys
2012-01-17 19:51 . 2000-01-01 00:00 2756608 ----a-w- c:\windows\system32\NETwLr32.dll
2012-01-13 00:59 . 2012-01-13 01:00 -------- d-----w- c:\program files\Common Files\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-27 14:52 . 2012-01-02 14:25 12984 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2011-11-25 21:57 . 2005-12-29 06:29 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2005-12-29 06:29 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2005-12-29 06:28 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2005-12-29 06:29 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2005-12-29 06:28 152064 ----a-w- c:\windows\system32\schannel.dll
2012-02-03 10:44 . 2012-01-24 19:02 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-01-16 20:30 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-16 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\Bill\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\Bill\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\Bill\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\Bill\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SlimDrivers"="c:\program files\SlimDrivers\SlimDrivers.exe" [2011-12-12 27481952]
"Facebook Update"="c:\documents and settings\Bill\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2012-01-05 137536]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 4616064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"NDSTray.exe"="NDSTray.exe" [BU]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 65536]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2005-12-01 671744]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-07-15 1077322]
"ZoomingHook"="ZoomingHook.exe" [2005-06-06 24576]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"TCtryIOHook"="TCtrlIOHook.exe" [2005-12-05 28672]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-12-28 73728]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-08 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 116752]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-16 939872]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2000-01-01 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2000-01-01 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2000-01-01 131072]
"RTHDCPL"="RTHDCPL.EXE" [2000-01-01 20064872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 928096]
.
c:\documents and settings\Bill\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Bill\Application Data\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-12-29 155648]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Bill\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Documents and Settings\\Bill\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1886:TCP"= 1886:TCP:Genieo
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 8:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 1:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 3:38 PM 116608]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [5/2/2011 2:46 PM 64080]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [1/16/2012 12:30 PM 909152]
R3 NETwLx32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [1/17/2012 11:51 AM 6609920]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [5/2/2011 2:37 PM 188272]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/2/2011 9:51 PM 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/2/2012 6:46 AM 1691480]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/2/2011 9:51 PM 136176]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [1/2/2012 6:25 AM 12984]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]
.
2012-01-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2343413112-2627855830-284998304-1006Core.job
- c:\documents and settings\Bill\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-01-05 07:10]
.
2012-02-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2343413112-2627855830-284998304-1006UA.job
- c:\documents and settings\Bill\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-01-05 07:10]
.
2012-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-03 05:51]
.
2012-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-03 05:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.genieo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 64.233.207.8 64.233.207.9
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Bill\Application Data\Mozilla\Firefox\Profiles\evoqymkq.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=w3is& ... ,0,6434&p=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-WheelMouse - c:\full-s~1\wh_exec.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-TOSHIBA Software Modem - c:\windows\agrsmdel
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-04 06:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(892)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2012-02-04 06:24:59
ComboFix-quarantined-files.txt 2012-02-04 14:24
.
Pre-Run: 68,257,267,712 bytes free
Post-Run: 68,438,806,528 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 7A7F770266CB26D1B4CC66512BF76F45
otc
Regular Member
 
Posts: 20
Joined: January 24th, 2012, 7:00 pm

Re: Google search redirected

Unread postby Elrond » February 5th, 2012, 2:27 pm

Hi otc

First of all
Upload File/Files for testing

Please go to jotti.org or Virustotal

Copy/paste this file and path into the white box at the top:
C:\WINDOWS\System32\DLA\DLADResN.SYS

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the permalink (web address) in your next response.
Example of web address :
Image

Next
Please download GMER Rootkit Scanner from Here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All << (don't miss this one)
    See image below, Click the image to enlarge it
    Image

  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.


And then
Please download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Standard Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.


Some more questions:
Do you use AOL?
Are you using Viewpoint Media Player?



Please answer with;
the logs from
GMER
OTL
the result of the VirusTotal scan
the answers to the questions.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 407 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware