Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google Rediredtion Issue

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Google Rediredtion Issue

Unread postby terdev » February 16th, 2012, 5:11 am

Hi

I have a major problem which i am hoping someone can help me with.

When I enter a search into Google i am auntomatically redirected to another website which asks me to enter a code to continue.

The code appears in a box and the code is blurred.

I am running Windows 7
32 bit operating system

I have run DDS. The DDS.txt log file is as follows:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by ernetemp at 22:19:31 on 2012-02-15
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3063.1668 [GMT 0:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\taskeng.exe
C:\windows\system32\rundll32.exe
C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\aestsrv.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\ernetemp\Documents\ACT\Express ClickYes\ClickYes.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
uRun: [Express ClickYes] c:\users\ernetemp\documents\act\express clickyes\ClickYes.exe
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://magnet.2020.net/virtualplanner/C ... _Win32.cab
DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} - hxxps://moneymanager.egg.com/Pinsafe/ac ... acking.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{2FAD0854-62F4-41CB-97CE-1ED75520FB51} : NameServer = 10.203.65.68 10.203.65.68
TCP: Interfaces\{E4E6752F-481A-4E5D-9B8A-112CE5B574E4} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{E85C43B5-A126-4063-98BF-A510035D256B} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{E85C43B5-A126-4063-98BF-A510035D256B}\2445F40756E6A7F6E656 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{E85C43B5-A126-4063-98BF-A510035D256B}\2445F40756E6A7F6E656D284 : DhcpNameServer = 192.168.22.22 192.168.22.23
Handler: ActLink - {2A0C35F4-82A3-4C80-919D-7879FEE79DF6} - c:\program files\act\actlink.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 94.63.240.127 http://www.google.com
Hosts: 94.63.240.128 http://www.bing.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-9-15 214024]
R1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe [2010-5-17 81920]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 VmbService;Vodafone Mobile Broadband Service;c:\program files\vodafone\vodafone mobile broadband\bin\VmbService.exe [2010-4-28 9216]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-5-17 29472]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-13 6755840]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-20 313856]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-9-15 228408]
S3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\mfeavfk.sys [2009-9-15 79816]
S3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\mfebopk.sys [2009-9-15 35272]
S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2009-9-15 34248]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-6-4 4231680]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-6-13 1120752]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-29 1343400]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-14 17920]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [2010-7-18 105856]
S3 ZTEusbwwan;ZTE MBN Miniport;c:\windows\system32\drivers\ZTEusbwwan.sys [2010-7-18 191488]
.
=============== Created Last 30 ================
.
2012-02-15 21:58:13 388096 ----a-r- c:\users\ernetemp\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-02-15 21:58:13 -------- d-----w- c:\program files\Trend Micro
2012-02-11 09:42:07 -------- d-----w- c:\users\ernetemp\appdata\local\Roxio
2012-02-09 13:38:05 -------- d-----w- c:\users\ernetemp\appdata\roaming\Malwarebytes
2012-02-09 13:37:46 -------- d-----w- c:\programdata\Malwarebytes
2012-02-09 13:37:45 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-09 13:37:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-08 23:11:17 23624 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-02-08 23:09:53 -------- d-----w- c:\programdata\HitmanPro
2012-02-06 21:49:50 -------- d-----w- c:\windows\system32\20-20 Technologies
2012-01-24 20:16:34 -------- d-----w- c:\users\ernetemp\appdata\roaming\AVG2012
2012-01-24 20:16:18 -------- d-----w- c:\programdata\AVG2012
.
==================== Find3M ====================
.
2012-01-15 20:02:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2010-08-12 21:33:24 3023056 ----a-w- c:\program files\sp39813.exe
2010-07-30 09:16:28 38808920 ----a-w- c:\program files\FileFormatConverters.exe
2010-06-05 12:07:13 118242920 ----a-w- c:\program files\CyberLink.2525_Trial_YUC100108-04.exe
2010-06-05 11:17:46 1704744 ----a-w- c:\program files\SkypeSetup.exe
2010-06-03 20:56:03 709184 ----a-w- c:\program files\OKI Printer.exe
.
============= FINISH: 22:20:06.07 ===============


THE DDS ATTACH FILE READS AS FOLLOWS:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 17/05/2010 19:37:41
System Uptime: 15/02/2012 20:06:15 (2 hours ago)
.
Motherboard: Hewlett-Packard | | 308A
Processor: Intel(R) Core(TM)2 Duo CPU T5870 @ 2.00GHz | U10 | 1980/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 281 GiB total, 224.725 GiB free.
E: is CDROM ()
V: is FIXED (NTFS) - 2 GiB total, 0.216 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{8E771301-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C112\7&E7C4B58&0&0025E753C638_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{8E771301-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C112\7&E7C4B58&0&0025E753C638_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{8E771401-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C112\7&E7C4B58&0&0025E753C638_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{8E771401-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C112\7&E7C4B58&0&0025E753C638_C00000000
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
ACT! Integration Driver
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.4.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2012
Bonjour
BT Broadband Desktop Help
BTHomeHub
Compatibility Pack for the 2007 Office system
CPQ Wallpaper
CutePDF Writer 2.8
DirectX 9 Runtime
EPSON BX300F Series Printer Uninstall
GoToAssist Corporate
HiJackThis
HP Advisor
HP Common Access Service Library
HP Customer Experience Enhancements
HP ESU for Microsoft Windows 7
HP Integrated Module with Bluetooth wireless technology
HP Quick Launch Buttons
HP Setup
HP Software Setup
HP Support Assistant
HP User Guides 0140
HP Web Camera
HP Webcam
HP Webcam Driver
HP Wireless Assistant
HPAsset component for HP Active Support Library
IDT Audio
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java(TM) 6 Update 26
LightScribe System Software
LSI HDA Modem
Malwarebytes Anti-Malware version 1.60.1.1000
Marvell Miniport Driver
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSVC80_x86_v2
MSVC90_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PaperPort Image Printer
QLBCASL
Real Time Clock Update
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Business
Roxio Creator Business v10
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD
ScanSoft PaperPort 11
Skype™ 5.0
Sonic CinePlayer Decoder Pack
Synaptics Pointing Device Driver
Vodafone Mobile Broadband Lite
Windows 7 Default Setting
Windows Mobile Device Center
.
==== Event Viewer Messages From Past Week ========
.
15/02/2012 22:19:27, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
.
==== End Of File ===========================

PLEASE LET ME KNOW WHAT NEEDS TO BE DONE TO FIX THIS PROBLEM

YOUR HELP IS MUCH APPRECIATED

TERDEV
terdev
Active Member
 
Posts: 8
Joined: February 15th, 2012, 6:14 pm
Advertisement
Register to Remove

Re: Google Rediredtion Issue

Unread postby maxi » February 16th, 2012, 6:43 am

Hello terdev,

Welcome to the forum!

My name is maxi and I'll be helping you with any malware problems.

Currently I am working under the guidance of the MRU teachers and everything I post to you, must first be approved by them.
This additional review process can add some extra time to my responses, but I will post back with instructions for you as soon as possible.


Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!"
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your log and will return, as soon as possible, with additional instructions. In the meantime...
Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Google Rediredtion Issue

Unread postby terdev » February 16th, 2012, 6:52 am

Hi Maxi

Thanks for getting in touch, i look forward to recieving your instructions

Terdev
terdev
Active Member
 
Posts: 8
Joined: February 15th, 2012, 6:14 pm

Re: Google Rediredtion Issue

Unread postby maxi » February 16th, 2012, 6:27 pm

Hi terdev,

Is this computer used for business purposes ? I need to know to give you the appropriate advice.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Google Rediredtion Issue

Unread postby terdev » February 16th, 2012, 6:51 pm

Hi Maxi

It was used for business in the past, but not anymore.

Terdev
terdev
Active Member
 
Posts: 8
Joined: February 15th, 2012, 6:14 pm

Re: Google Rediredtion Issue

Unread postby maxi » February 16th, 2012, 7:24 pm

Hi terdev, Thanks.

Please download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe And select Run as administrator to run it.
  • Under Output, ensure that Standard Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
      Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

In your next reply please include:
Both logs produced by OTL.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Google Rediredtion Issue

Unread postby terdev » February 17th, 2012, 9:07 am

Hi Maxi

Please see below OTL Logs as requested.

The OTL.Txt Log reads as follows:

OTL logfile created on: 2/17/2012 12:58:26 PM - Run 1
OTL by OldTimer - Version 3.2.32.0 Folder = C:\Users\ernetemp\Desktop
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 57.04% Memory free
5.98 Gb Paging File | 4.69 Gb Available in Paging File | 78.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 280.84 Gb Total Space | 224.56 Gb Free Space | 79.96% Space Free | Partition Type: NTFS
Drive V: | 1.95 Gb Total Space | 0.22 Gb Free Space | 11.06% Space Free | Partition Type: NTFS

Computer Name: TDEVINE-PC | User Name: ernetemp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/17 12:57:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\ernetemp\Desktop\OTL.exe
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2010/04/28 19:26:26 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
PRC - [2009/12/07 11:50:52 | 001,584,640 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
PRC - [2009/10/31 05:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/30 15:49:34 | 002,352,416 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009/07/30 15:49:34 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/07/30 15:49:34 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/07/27 15:52:16 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2009/07/14 01:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 23:56:02 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\stacsv.exe
PRC - [2009/06/17 16:56:16 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/03/02 21:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe
PRC - [2007/12/17 13:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007/01/11 13:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2005/07/27 08:39:06 | 000,032,256 | ---- | M] (ContextMagic.com) -- C:\Users\ernetemp\Documents\ACT\Express ClickYes\ClickYes.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/07/29 07:58:46 | 012,430,848 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2e2e31c87004468796d3defa1a1df011\System.Windows.Forms.ni.dll
MOD - [2009/07/30 15:49:52 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2009/07/14 04:45:49 | 000,997,888 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e033d390dc7e9567b6960b0f530cf30\System.Management.ni.dll
MOD - [2009/07/14 04:42:57 | 001,586,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll
MOD - [2009/07/14 04:42:36 | 007,949,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll
MOD - [2009/07/14 04:42:30 | 011,490,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/16 20:29:50 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2010/07/29 07:32:15 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/04/28 19:26:26 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
SRV - [2009/07/30 15:49:34 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/27 15:52:16 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/07/14 01:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 23:56:02 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\stacsv.exe -- (STacSV)
SRV - [2009/06/17 16:56:16 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/06/13 18:13:20 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/03/02 21:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe -- (AESTFilters)
SRV - [2007/12/17 13:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/05/31 15:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 15:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/01/11 13:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:28 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:14 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:12 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/11 01:14:12 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/04/19 14:42:26 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/04/19 14:42:26 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/04/19 14:42:26 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/04/19 14:42:24 | 000,191,488 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbwwan.sys -- (ZTEusbwwan)
DRV - [2010/04/19 14:42:24 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2010/01/13 15:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)
DRV - [2009/12/07 11:50:48 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/12/07 11:50:46 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/27 15:52:14 | 001,161,664 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/20 09:10:00 | 000,313,856 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/14 01:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 01:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 01:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 00:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 23:56:02 | 000,408,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/07/13 23:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 23:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 23:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 23:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 23:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/02 09:40:34 | 001,765,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/06/04 18:19:00 | 004,231,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009/05/16 01:15:14 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/05/16 01:15:14 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (MfeAVFK)
DRV - [2009/05/16 01:15:14 | 000,055,336 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/05/16 01:15:14 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (MfeBOPK)
DRV - [2009/05/16 01:15:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (MfeRKDK)
DRV - [2009/04/29 15:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/04/20 16:38:54 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\windows\system32\DRIVERS\cpqbttn.sys -- (HBtnKey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1653805038-3814399018-1828290661-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
IE - HKU\S-1-5-21-1653805038-3814399018-1828290661-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1653805038-3814399018-1828290661-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1653805038-3814399018-1828290661-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG2012\Firefox\ [2012/02/01 08:56:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/01 08:56:55 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/02/06 19:51:20 | 000,000,884 | RH-- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 94.63.240.127 www.google.com
O1 - Hosts: 94.63.240.128 www.bing.com
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4 - HKU\S-1-5-21-1653805038-3814399018-1828290661-1005..\Run: [Express ClickYes] C:\Users\ernetemp\Documents\ACT\Express ClickYes\ClickYes.exe (ContextMagic.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1653805038-3814399018-1828290661-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://magnet.2020.net/virtualplanner/C ... _Win32.cab (20-20 3D Viewer)
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager.egg.com/Pinsafe/ac ... acking.cab (Egg Money Manager Digital Safe)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FAD0854-62F4-41CB-97CE-1ED75520FB51}: NameServer = 10.203.65.68 10.203.65.68
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4E6752F-481A-4E5D-9B8A-112CE5B574E4}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E85C43B5-A126-4063-98BF-A510035D256B}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ActLink {2A0C35F4-82A3-4C80-919D-7879FEE79DF6} - C:\Program Files\ACT\actlink.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0b587c3a-4444-11e0-8c92-002713589e4d}\Shell - "" = AutoRun
O33 - MountPoints2\{0b587c3a-4444-11e0-8c92-002713589e4d}\Shell\AutoRun\command - "" = D:\LaunchU3.exe
O33 - MountPoints2\{b47522b6-92a3-11df-be92-d8d385059699}\Shell - "" = AutoRun
O33 - MountPoints2\{b47522b6-92a3-11df-be92-d8d385059699}\Shell\AutoRun\command - "" = D:\setup_vmb_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/17 12:57:20 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\ernetemp\Desktop\OTL.exe
[2012/02/15 21:58:13 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/02/15 21:58:13 | 000,000,000 | ---D | C] -- C:\Users\ernetemp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/02/15 20:09:14 | 000,000,000 | ---D | C] -- C:\Users\ernetemp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2012/02/11 09:42:07 | 000,000,000 | ---D | C] -- C:\Users\ernetemp\AppData\Local\Roxio
[2012/02/09 13:38:05 | 000,000,000 | ---D | C] -- C:\Users\ernetemp\AppData\Roaming\Malwarebytes
[2012/02/09 13:37:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/09 13:37:45 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/02/09 13:37:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/08 23:09:53 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/02/06 21:49:50 | 000,000,000 | ---D | C] -- C:\windows\System32\20-20 Technologies
[2012/01/27 14:34:25 | 000,000,000 | ---D | C] -- C:\Users\ernetemp\Desktop\New folder
[2012/01/24 20:17:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2012/01/24 20:16:34 | 000,000,000 | ---D | C] -- C:\Users\ernetemp\AppData\Roaming\AVG2012
[2012/01/24 20:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2010/08/12 21:21:32 | 003,023,056 | ---- | C] (HP ) -- C:\Program Files\sp39813.exe
[2010/07/30 09:15:51 | 038,808,920 | ---- | C] (Microsoft Corporation) -- C:\Program Files\FileFormatConverters.exe
[2010/06/05 12:07:12 | 118,242,920 | ---- | C] ( ) -- C:\Program Files\CyberLink.2525_Trial_YUC100108-04.exe
[2010/06/05 11:17:32 | 001,704,744 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup.exe
[2010/05/17 18:45:15 | 000,256,560 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
[2010/05/17 18:45:12 | 000,203,312 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll

========== Files - Modified Within 30 Days ==========

[2012/02/17 12:57:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\ernetemp\Desktop\OTL.exe
[2012/02/17 12:24:30 | 000,020,944 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/17 12:24:30 | 000,020,944 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/17 12:23:25 | 089,269,996 | ---- | M] () -- C:\windows\System32\drivers\AVG\incavi.avm
[2012/02/17 12:17:11 | 000,000,308 | -HS- | M] () -- C:\windows\tasks\siaavgp.job
[2012/02/17 12:17:02 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/02/17 12:16:57 | 2409,078,784 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/16 11:23:31 | 000,000,015 | ---- | M] () -- C:\windows\DatabaseID
[2012/02/15 21:58:13 | 000,002,979 | ---- | M] () -- C:\Users\ernetemp\Desktop\HiJackThis.lnk
[2012/02/09 13:37:46 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/08 23:11:17 | 000,023,624 | ---- | M] () -- C:\windows\System32\drivers\hitmanpro36.sys
[2012/02/01 09:26:09 | 000,000,426 | ---- | M] () -- C:\windows\BRWMARK.INI
[2012/01/27 14:34:32 | 002,156,004 | ---- | M] () -- C:\Users\ernetemp\Desktop\IMG_4410.JPG
[2012/01/19 17:05:12 | 000,178,060 | ---- | M] () -- C:\windows\System32\drivers\AVG\iavichjg.avm
[2012/01/18 21:54:20 | 000,622,546 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/01/18 21:54:20 | 000,108,636 | ---- | M] () -- C:\windows\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2012/02/15 21:58:13 | 000,002,979 | ---- | C] () -- C:\Users\ernetemp\Desktop\HiJackThis.lnk
[2012/02/09 13:37:46 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/08 23:11:17 | 000,023,624 | ---- | C] () -- C:\windows\System32\drivers\hitmanpro36.sys
[2012/01/27 14:44:09 | 002,156,004 | ---- | C] () -- C:\Users\ernetemp\Desktop\IMG_4410.JPG
[2011/12/26 13:30:52 | 000,210,856 | -H-- | C] () -- C:\windows\System32\mlfcache.dat
[2011/10/11 21:39:50 | 000,003,584 | ---- | C] () -- C:\Users\ernetemp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/05 08:14:15 | 000,087,552 | ---- | C] () -- C:\windows\System32\cpwmon2k.dll
[2011/07/05 07:52:12 | 000,004,096 | -H-- | C] () -- C:\Users\ernetemp\AppData\Local\keyfile3.drm
[2011/07/01 09:27:44 | 000,000,050 | ---- | C] () -- C:\windows\System32\BD9120CN.DAT
[2011/07/01 09:27:36 | 000,106,496 | ---- | C] () -- C:\windows\System32\BrMuSNMP.dll
[2011/07/01 09:23:15 | 000,031,767 | ---- | C] () -- C:\windows\maxlink.ini
[2011/06/10 08:58:53 | 000,000,426 | ---- | C] () -- C:\windows\BRWMARK.INI
[2011/04/28 06:57:45 | 000,000,020 | ---- | C] () -- C:\windows\System32\FDWNETY.DLL
[2011/01/24 22:08:21 | 000,000,571 | ---- | C] () -- C:\windows\System32\FeMakro.ini
[2011/01/24 22:08:20 | 000,000,497 | ---- | C] () -- C:\windows\System32\FeAnim.ini
[2010/08/03 12:39:48 | 000,007,605 | ---- | C] () -- C:\Users\ernetemp\AppData\Local\Resmon.ResmonCfg
[2010/06/05 11:28:55 | 000,000,056 | -H-- | C] () -- C:\windows\System32\ezsidmv.dat
[2010/06/03 21:11:36 | 000,000,100 | ---- | C] () -- C:\windows\OPLB.INI
[2010/06/03 20:56:02 | 000,709,184 | ---- | C] () -- C:\Program Files\OKI Printer.exe
[2010/05/20 21:45:13 | 000,192,512 | ---- | C] () -- C:\windows\System32\EmailShared.dll
[2010/05/17 20:59:06 | 000,270,336 | ---- | C] () -- C:\windows\System32\Sglist32.dll
[2010/05/17 20:59:06 | 000,249,856 | ---- | C] () -- C:\windows\System32\Sgtool32.dll
[2010/05/17 20:59:06 | 000,172,032 | ---- | C] () -- C:\windows\System32\Sghelp32.dll
[2010/05/17 20:59:06 | 000,090,112 | ---- | C] () -- C:\windows\System32\SGIntl32.dll
[2010/05/17 20:59:06 | 000,073,728 | ---- | C] () -- C:\windows\System32\Sgdt32.dll
[2010/05/17 20:59:05 | 000,086,016 | ---- | C] () -- C:\windows\System32\Sgcom32.dll
[2010/05/17 20:31:16 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2010/05/17 18:45:14 | 000,027,184 | ---- | C] () -- C:\windows\snuvcdsm.exe
[2010/05/17 18:45:13 | 001,765,168 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2010/05/17 18:45:13 | 000,034,480 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2010/05/17 18:45:13 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2010/05/17 18:38:13 | 000,140,288 | ---- | C] () -- C:\windows\System32\igfxtvcx.dll
[2010/04/22 18:37:02 | 000,155,474 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2009/07/16 00:50:42 | 000,013,312 | ---- | C] () -- C:\windows\LPRES.DLL
[2009/07/14 04:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 04:33:53 | 000,457,904 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 02:05:48 | 000,622,546 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 02:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 02:05:48 | 000,108,636 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 02:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 02:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 02:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 00:19:49 | 000,066,048 | ---- | C] () -- C:\windows\System32\PrintBrmUi.exe
[2009/07/13 23:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 23:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/07/13 22:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009/07/13 22:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009/07/13 22:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/07/13 22:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009/06/16 06:26:00 | 002,031,008 | ---- | C] () -- C:\windows\System32\igkrng400.bin
[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\windows\System32\OUTLPERF.INI

< End of report >

THE EXTRAS.TXT LOG READS AS FOLLOWS:

OTL Extras logfile created on: 2/17/2012 12:58:26 PM - Run 1
OTL by OldTimer - Version 3.2.32.0 Folder = C:\Users\ernetemp\Desktop
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 57.04% Memory free
5.98 Gb Paging File | 4.69 Gb Available in Paging File | 78.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 280.84 Gb Total Space | 224.56 Gb Free Space | 79.96% Space Free | Partition Type: NTFS
Drive V: | 1.95 Gb Total Space | 0.22 Gb Free Space | 11.06% Space Free | Partition Type: NTFS

Computer Name: TDEVINE-PC | User Name: ernetemp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0

I LOOKED FORWARD TO RECIEVING FURTHER INSTRUCTION FROM YOU.

Thanks
Terdev
terdev
Active Member
 
Posts: 8
Joined: February 15th, 2012, 6:14 pm

Re: Google Rediredtion Issue

Unread postby maxi » February 17th, 2012, 7:31 pm

Hi terdev,

It looks like half of the second logfile is missing. (extras.txt) it should be on your destop. Please post it again in your next reply.

Step 1
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista - W7 users: Right-click and select "Run As Administrator".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com). If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure SKIP is selected... DO NOT attempt to FIX anything yet!
    • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  6. Copy and paste the contents of that file in your next reply.

Step2
aswMBR - Scan

Please download aswMBR.exe ... © Avast Software ( 511KB ). Save it to your desktop.
  1. Double click the aswMBR.exe to run it
  2. Click the "Scan" button to start the scan.
  3. On completion of the scan, "Scan finished successfully" press the "Save log" button.
  4. You'll be prompted to save a file named "aswMBR.txt"... Save it to your desktop.
  5. Please copy and paste the contents of aswMBR.txt in your next reply.
Note: A file will be created and placed on your desktop when you execute aswMBR, named MBR.dat... this is a copy of your MBR record, before we make changes, it can be used to recover the MBR record to it's previous condition, if problems exist after changes.

In your next reply please include:
TdssKiller log.
The aswMBR log.
The extras.txt log.


Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Google Rediredtion Issue

Unread postby terdev » February 17th, 2012, 8:06 pm

Hi Maxi

Please see below the information you have requested:

TDSSKiller - Rootkit Removal Tool -
The scan completed with no threats found
There was no log file created

aswMBR - Scan Results

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-17 23:54:17
-----------------------------
23:54:17.420 OS Version: Windows 6.1.7600
23:54:17.420 Number of processors: 2 586 0xF0D
23:54:17.436 ComputerName: TDEVINE-PC UserName: ernetemp
23:54:18.886 Initialize success
23:55:06.927 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:55:06.927 Disk 0 Vendor: Hitachi_ FC4O Size: 305245MB BusType: 3
23:55:06.943 Disk 0 MBR read successfully
23:55:06.943 Disk 0 MBR scan
23:55:06.959 Disk 0 Windows VISTA default MBR code
23:55:06.974 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 300 MB offset 2048
23:55:06.990 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 287582 MB offset 616448
23:55:06.990 Disk 0 Partition - 00 0F Extended LBA 2001 MB offset 589584384
23:55:07.037 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15355 MB offset 593682432
23:55:07.052 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 2000 MB offset 589586432
23:55:07.068 Disk 0 scanning sectors +625129472
23:55:07.130 Disk 0 scanning C:\windows\system32\drivers
23:55:12.294 Service scanning
23:55:13.589 Modules scanning
23:55:19.704 Disk 0 trace - called modules:
23:55:19.735 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll dxgkrnl.sys igdkmd32.sys dxgmms1.sys
23:55:19.735 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87345030]
23:55:19.751 3 CLASSPNP.SYS[8b60459e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85b67028]
23:55:19.751 Scan finished successfully
23:55:56.958 Disk 0 MBR has been saved successfully to "C:\Users\ernetemp\Desktop\MBR.dat"
23:55:56.973 The log file has been saved successfully to "C:\Users\ernetemp\Desktop\aswMBR.txt"

OTL Extras Logfile:

OTL Extras logfile created on: 2/17/2012 12:58:26 PM - Run 1
OTL by OldTimer - Version 3.2.32.0 Folder = C:\Users\ernetemp\Desktop
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 57.04% Memory free
5.98 Gb Paging File | 4.69 Gb Available in Paging File | 78.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 280.84 Gb Total Space | 224.56 Gb Free Space | 79.96% Space Free | Partition Type: NTFS
Drive V: | 1.95 Gb Total Space | 0.22 Gb Free Space | 11.06% Space Free | Partition Type: NTFS

Computer Name: TDEVINE-PC | User Name: ernetemp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{083E0D59-B6B4-4570-AA0A-37F5B4526CF5}" = AVG 2012
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}" = HP Support Assistant
"{511376F5-7E5A-4EC9-B603-193B1D425BC3}" = HP ESU for Microsoft Windows 7
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{5B295588-59C1-4386-9F85-BB4BEDCB0D22}" = HP Customer Experience Enhancements
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}" = Vodafone Mobile Broadband Lite
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76AF1F61-BB44-4694-A0EA-C6830C8BEF41}" = HP Software Setup
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87CA636B-85B8-4611-A81D-F97E71024AFD}" = HP Common Access Service Library
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9CDFC149-8359-4C4B-9DA0-BA1F773CD70C}" = HP User Guides 0140
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{D0BFE65D-C320-4FC9-88D2-B9C32FB95DA0}" = HP Setup
"{D758B62A-6FCF-468F-A4EE-401C87C2BCFF}" = Real Time Clock Update
"{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E70E6183-F6EC-45B4-AFA4-0C3C36D4B664}" = Windows 7 Default Setting
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = CPQ Wallpaper
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"ACT! Integration Driver" = ACT! Integration Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AVG" = AVG 2012
"BT Broadband Desktop Help" = BT Broadband Desktop Help
"BTHomeHub" = BTHomeHub
"CutePDF Writer Installation" = CutePDF Writer 2.8
"EPSON BX300F Series" = EPSON BX300F Series Printer Uninstall
"GoToAssist" = GoToAssist Corporate
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"LSI Soft Modem" = LSI HDA Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Marvell Miniport Driver" = Marvell Miniport Driver
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVWiz" = Intel(R) TV Wizard

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/21/2011 4:21:56 AM | Computer Name = tdevine-PC | Source = VmbService | ID = 0
Description = loadedConflicts

Error - 7/21/2011 8:48:45 AM | Computer Name = tdevine-PC | Source = VmbService | ID = 0
Description = loadedConflicts

Error - 7/21/2011 12:15:04 PM | Computer Name = tdevine-PC | Source = VmbService | ID = 0
Description = loadedConflicts

Error - 7/21/2011 6:04:00 PM | Computer Name = tdevine-PC | Source = VmbService | ID = 0
Description = loadedConflicts

Error - 7/22/2011 6:29:12 AM | Computer Name = tdevine-PC | Source = VmbService | ID = 0
Description = loadedConflicts

Error - 7/22/2011 11:44:39 AM | Computer Name = tdevine-PC | Source = VmbService | ID = 0
Description = loadedConflicts

Error - 7/24/2011 4:20:28 PM | Computer Name = tdevine-PC | Source = VmbService | ID = 0
Description = loadedConflicts

Error - 7/25/2011 9:36:25 AM | Computer Name = tdevine-PC | Source = VmbService | ID = 0
Description = loadedConflicts

Error - 7/26/2011 3:52:34 AM | Computer Name = tdevine-PC | Source = VmbService | ID = 0
Description = loadedConflicts

Error - 7/27/2011 6:16:49 AM | Computer Name = tdevine-PC | Source = VmbService | ID = 0
Description = loadedConflicts

[ Hewlett-Packard Events ]
Error - 6/10/2010 8:21:19 AM | Computer Name = tdevine-PC | Source = Hewlett-Packard | ID = 0
Description = en-GB Object reference not set to an instance of an object. HPSF at
HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender, RoutedEventArgs
e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs
routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object source,
RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) at System.Windows.Media.MediaContext.AnimatedRenderMessageHandler(Object
resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


Error - 6/16/2010 4:19:56 PM | Computer Name = tdevine-PC | Source = Hewlett-Packard | ID = 0
Description = en-GB Object reference not set to an instance of an object. HPSF at
HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender, RoutedEventArgs
e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs
routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object source,
RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) at System.Windows.Media.MediaContext.RenderMessageHandler(Object
resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


Error - 7/7/2010 4:29:49 PM | Computer Name = tdevine-PC | Source = Hewlett-Packard | ID = 0
Description = en-GB Object reference not set to an instance of an object. HPSF at
HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender, RoutedEventArgs
e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs
routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object source,
RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) at System.Windows.Media.MediaContext.AnimatedRenderMessageHandler(Object
resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


Error - 9/9/2010 3:58:45 AM | Computer Name = tdevine-PC | Source = Hewlett-Packard | ID = 0
Description = en-GB Object reference not set to an instance of an object. HPSF at
HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender, RoutedEventArgs
e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs
routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object source,
RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) at System.Windows.Media.MediaContext.RenderMessageHandler(Object
resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


Error - 12/1/2010 6:38:18 PM | Computer Name = tdevine-PC | Source = Hewlett-Packard | ID = 0
Description = en-GB Object reference not set to an instance of an object. HPSF at
HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender, RoutedEventArgs
e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs
routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object source,
RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) at System.Windows.Media.MediaContext.RenderMessageHandler(Object
resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


Error - 3/24/2011 9:45:03 AM | Computer Name = tdevine-PC | Source = Hewlett-Packard | ID = 0
Description = en-GB Object reference not set to an instance of an object. HPSF at
HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender, RoutedEventArgs
e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs
routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object source,
RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) at System.Windows.Media.MediaContext.AnimatedRenderMessageHandler(Object
resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


Error - 3/31/2011 9:22:45 AM | Computer Name = tdevine-PC | Source = Hewlett-Packard | ID = 0
Description = en-GB Object reference not set to an instance of an object. HPSF at
HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender, RoutedEventArgs
e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs
routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object source,
RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) at System.Windows.Media.MediaContext.RenderMessageHandler(Object
resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


Error - 6/2/2011 4:23:32 AM | Computer Name = tdevine-PC | Source = Hewlett-Packard | ID = 0
Description = en-GB Object reference not set to an instance of an object. HPSF at
HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender, RoutedEventArgs
e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs
routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object source,
RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) at System.Windows.Media.MediaContext.AnimatedRenderMessageHandler(Object
resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


[ System Events ]

I look forward to recieving further instructions from you

Regards

Terdev
terdev
Active Member
 
Posts: 8
Joined: February 15th, 2012, 6:14 pm

Re: Google Rediredtion Issue

Unread postby maxi » February 18th, 2012, 1:33 pm

Hi Terdev,

Please have a look here "C:\TDSSKiller" for the TDSSKiller log and post it in your next reply if present.



Run OTL Script

We need to run an OTL Fix

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    
    :otl
    O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
    O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab <http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab> (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab <http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab> (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab <http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab> (Java Plug-in 1.6.0_26)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    
    :commands
    
    [emptytemp]
    [resethosts] 
    [createrestorepoint] 
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

In your next reply please include:

The OTL log.
The TDSSKiller log (if present)
How are things running now.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Google Rediredtion Issue

Unread postby terdev » February 19th, 2012, 5:13 pm

Maxi

The OTL Log reads as follows:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//about.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Exclude.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//LanguageSelection.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Message.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyAgttryCmd.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyAgttryNag.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyNotification.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//NOCLessUpdate.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//quarantine.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//ScanNow.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//strings.vbs/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Template.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Update.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//VirFound.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\*\ deleted successfully.
Invalid CLSID key: *
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\*\ not found.
Invalid CLSID key: *
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\betavscan\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\betavscan\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\vs\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\vs\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\www\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\www\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: ernetemp
->Temp folder emptied: 95454248 bytes
->Temporary Internet Files folder emptied: 232545763 bytes
->Java cache emptied: 90768 bytes
->Flash cache emptied: 2892769 bytes

User: Public

User: tdevine

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 76188203 bytes
RecycleBin emptied: 1307320205 bytes

Total Files Cleaned = 1,635.00 mb

C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


OTL by OldTimer - Version 3.2.32.0 log created on 02192012_210102

Files\Folders moved on Reboot...
C:\Users\ernetemp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XW5DU18R\viewtopic[1].htm moved successfully.
C:\Users\ernetemp\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

The TDSSKiller Log reads as follows:
23:49:17.0843 5976 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
23:49:18.0061 5976 ============================================================
23:49:18.0061 5976 Current date / time: 2012/02/17 23:49:18.0061
23:49:18.0061 5976 SystemInfo:
23:49:18.0061 5976
23:49:18.0061 5976 OS Version: 6.1.7600 ServicePack: 0.0
23:49:18.0061 5976 Product type: Workstation
23:49:18.0061 5976 ComputerName: TDEVINE-PC
23:49:18.0061 5976 UserName: ernetemp
23:49:18.0061 5976 Windows directory: C:\windows
23:49:18.0061 5976 System windows directory: C:\windows
23:49:18.0061 5976 Processor architecture: Intel x86
23:49:18.0061 5976 Number of processors: 2
23:49:18.0061 5976 Page size: 0x1000
23:49:18.0061 5976 Boot type: Normal boot
23:49:18.0061 5976 ============================================================
23:49:18.0545 5976 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:49:18.0560 5976 \Device\Harddisk0\DR0:
23:49:18.0560 5976 MBR used
23:49:18.0560 5976 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000
23:49:18.0560 5976 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x231AF000
23:49:18.0576 5976 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23246000, BlocksNum 0x3E8000
23:49:18.0576 5976 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2362E000, BlocksNum 0x1DFD800
23:49:18.0670 5976 Initialize success
23:49:18.0670 5976 ============================================================
23:50:37.0482 1852 ============================================================
23:50:37.0482 1852 Scan started
23:50:37.0482 1852 Mode: Manual;
23:50:37.0482 1852 ============================================================
23:50:38.0137 1852 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
23:50:38.0137 1852 1394ohci - ok
23:50:38.0199 1852 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
23:50:38.0199 1852 ACPI - ok
23:50:38.0246 1852 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
23:50:38.0246 1852 AcpiPmi - ok
23:50:38.0309 1852 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
23:50:38.0324 1852 adp94xx - ok
23:50:38.0371 1852 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
23:50:38.0387 1852 adpahci - ok
23:50:38.0433 1852 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
23:50:38.0433 1852 adpu320 - ok
23:50:38.0527 1852 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\windows\system32\drivers\afd.sys
23:50:38.0543 1852 AFD - ok
23:50:38.0683 1852 AgereSoftModem (faa5a0b80e011464c7654851ce3d7fe7) C:\windows\system32\DRIVERS\AGRSM.sys
23:50:38.0714 1852 AgereSoftModem - ok
23:50:38.0730 1852 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
23:50:38.0745 1852 agp440 - ok
23:50:38.0777 1852 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
23:50:38.0777 1852 aic78xx - ok
23:50:38.0823 1852 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
23:50:38.0823 1852 aliide - ok
23:50:38.0855 1852 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
23:50:38.0855 1852 amdagp - ok
23:50:38.0870 1852 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
23:50:38.0870 1852 amdide - ok
23:50:38.0933 1852 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
23:50:38.0933 1852 AmdK8 - ok
23:50:38.0964 1852 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
23:50:38.0964 1852 AmdPPM - ok
23:50:38.0995 1852 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\windows\system32\DRIVERS\amdsata.sys
23:50:38.0995 1852 amdsata - ok
23:50:39.0026 1852 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
23:50:39.0026 1852 amdsbs - ok
23:50:39.0042 1852 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\windows\system32\DRIVERS\amdxata.sys
23:50:39.0042 1852 amdxata - ok
23:50:39.0073 1852 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
23:50:39.0089 1852 AppID - ok
23:50:39.0167 1852 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
23:50:39.0182 1852 arc - ok
23:50:39.0198 1852 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
23:50:39.0198 1852 arcsas - ok
23:50:39.0229 1852 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
23:50:39.0229 1852 AsyncMac - ok
23:50:39.0323 1852 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
23:50:39.0323 1852 atapi - ok
23:50:39.0432 1852 AVGIDSDriver (f6878b90a8a9795116bce335238e65af) C:\windows\system32\DRIVERS\AVGIDSDriver.Sys
23:50:39.0432 1852 AVGIDSDriver - ok
23:50:39.0463 1852 AVGIDSEH (19a08a6728a6e02099d64268218cd799) C:\windows\system32\DRIVERS\AVGIDSEH.Sys
23:50:39.0463 1852 AVGIDSEH - ok
23:50:39.0494 1852 AVGIDSFilter (f8927ab1dd086edeff2924a64dc89869) C:\windows\system32\DRIVERS\AVGIDSFilter.Sys
23:50:39.0494 1852 AVGIDSFilter - ok
23:50:39.0510 1852 AVGIDSShim (dadca567891033dcf2ec4a3f9da46ae4) C:\windows\system32\DRIVERS\AVGIDSShim.Sys
23:50:39.0510 1852 AVGIDSShim - ok
23:50:39.0541 1852 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\windows\system32\DRIVERS\avgldx86.sys
23:50:39.0541 1852 Avgldx86 - ok
23:50:39.0557 1852 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\windows\system32\DRIVERS\avgmfx86.sys
23:50:39.0557 1852 Avgmfx86 - ok
23:50:39.0588 1852 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\windows\system32\DRIVERS\avgrkx86.sys
23:50:39.0588 1852 Avgrkx86 - ok
23:50:39.0603 1852 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\windows\system32\DRIVERS\avgtdix.sys
23:50:39.0619 1852 Avgtdix - ok
23:50:39.0728 1852 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
23:50:39.0728 1852 b06bdrv - ok
23:50:39.0791 1852 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
23:50:39.0806 1852 b57nd60x - ok
23:50:39.0837 1852 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
23:50:39.0837 1852 Beep - ok
23:50:39.0884 1852 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
23:50:39.0884 1852 blbdrive - ok
23:50:39.0931 1852 bowser (fcafaef6798d7b51ff029f99a9898961) C:\windows\system32\DRIVERS\bowser.sys
23:50:39.0931 1852 bowser - ok
23:50:39.0947 1852 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
23:50:39.0947 1852 BrFiltLo - ok
23:50:39.0962 1852 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
23:50:39.0962 1852 BrFiltUp - ok
23:50:39.0993 1852 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
23:50:40.0009 1852 Brserid - ok
23:50:40.0071 1852 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
23:50:40.0071 1852 BrSerWdm - ok
23:50:40.0087 1852 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
23:50:40.0087 1852 BrUsbMdm - ok
23:50:40.0103 1852 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
23:50:40.0103 1852 BrUsbSer - ok
23:50:40.0134 1852 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\DRIVERS\BthEnum.sys
23:50:40.0134 1852 BthEnum - ok
23:50:40.0165 1852 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
23:50:40.0165 1852 BTHMODEM - ok
23:50:40.0165 1852 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
23:50:40.0181 1852 BthPan - ok
23:50:40.0212 1852 BTHPORT (4a34888e13224678dd062466afec4240) C:\windows\system32\Drivers\BTHport.sys
23:50:40.0212 1852 BTHPORT - ok
23:50:40.0243 1852 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\windows\system32\Drivers\BTHUSB.sys
23:50:40.0243 1852 BTHUSB - ok
23:50:40.0290 1852 btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\windows\system32\drivers\btwaudio.sys
23:50:40.0305 1852 btwaudio - ok
23:50:40.0337 1852 btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\windows\system32\DRIVERS\btwavdt.sys
23:50:40.0352 1852 btwavdt - ok
23:50:40.0430 1852 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\windows\system32\DRIVERS\btwl2cap.sys
23:50:40.0430 1852 btwl2cap - ok
23:50:40.0461 1852 btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\windows\system32\DRIVERS\btwrchid.sys
23:50:40.0461 1852 btwrchid - ok
23:50:40.0508 1852 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
23:50:40.0508 1852 cdfs - ok
23:50:40.0555 1852 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
23:50:40.0571 1852 cdrom - ok
23:50:40.0617 1852 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
23:50:40.0617 1852 circlass - ok
23:50:40.0680 1852 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
23:50:40.0695 1852 CLFS - ok
23:50:40.0742 1852 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
23:50:40.0742 1852 CmBatt - ok
23:50:40.0758 1852 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
23:50:40.0773 1852 cmdide - ok
23:50:40.0789 1852 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
23:50:40.0805 1852 CNG - ok
23:50:40.0851 1852 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
23:50:40.0851 1852 Compbatt - ok
23:50:40.0898 1852 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
23:50:40.0898 1852 CompositeBus - ok
23:50:40.0929 1852 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
23:50:40.0929 1852 crcdisk - ok
23:50:40.0992 1852 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\windows\system32\drivers\csc.sys
23:50:41.0007 1852 CSC - ok
23:50:41.0085 1852 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\windows\system32\Drivers\dfsc.sys
23:50:41.0085 1852 DfsC - ok
23:50:41.0101 1852 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
23:50:41.0117 1852 discache - ok
23:50:41.0195 1852 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
23:50:41.0195 1852 Disk - ok
23:50:41.0241 1852 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
23:50:41.0257 1852 drmkaud - ok
23:50:41.0304 1852 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\windows\System32\drivers\dxgkrnl.sys
23:50:41.0319 1852 DXGKrnl - ok
23:50:41.0444 1852 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
23:50:41.0507 1852 ebdrv - ok
23:50:41.0600 1852 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
23:50:41.0616 1852 elxstor - ok
23:50:41.0678 1852 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
23:50:41.0678 1852 ErrDev - ok
23:50:41.0741 1852 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
23:50:41.0741 1852 exfat - ok
23:50:41.0772 1852 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
23:50:41.0772 1852 fastfat - ok
23:50:41.0819 1852 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
23:50:41.0819 1852 fdc - ok
23:50:41.0834 1852 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
23:50:41.0850 1852 FileInfo - ok
23:50:41.0865 1852 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
23:50:41.0865 1852 Filetrace - ok
23:50:41.0928 1852 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
23:50:41.0928 1852 flpydisk - ok
23:50:41.0943 1852 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
23:50:41.0943 1852 FltMgr - ok
23:50:41.0975 1852 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
23:50:41.0975 1852 FsDepends - ok
23:50:41.0990 1852 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
23:50:41.0990 1852 Fs_Rec - ok
23:50:42.0021 1852 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
23:50:42.0021 1852 fvevol - ok
23:50:42.0053 1852 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
23:50:42.0053 1852 gagp30kx - ok
23:50:42.0115 1852 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
23:50:42.0115 1852 GEARAspiWDM - ok
23:50:42.0177 1852 HBtnKey (7dad592a4d28092d584cfb4deef1373d) C:\windows\system32\DRIVERS\cpqbttn.sys
23:50:42.0177 1852 HBtnKey - ok
23:50:42.0209 1852 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
23:50:42.0209 1852 hcw85cir - ok
23:50:42.0287 1852 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
23:50:42.0302 1852 HdAudAddService - ok
23:50:42.0318 1852 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
23:50:42.0318 1852 HDAudBus - ok
23:50:42.0333 1852 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
23:50:42.0349 1852 HidBatt - ok
23:50:42.0365 1852 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
23:50:42.0380 1852 HidBth - ok
23:50:42.0411 1852 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
23:50:42.0411 1852 HidIr - ok
23:50:42.0443 1852 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
23:50:42.0443 1852 HidUsb - ok
23:50:42.0505 1852 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\windows\system32\DRIVERS\HpqKbFiltr.sys
23:50:42.0505 1852 HpqKbFiltr - ok
23:50:42.0536 1852 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
23:50:42.0552 1852 HpSAMD - ok
23:50:42.0583 1852 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
23:50:42.0599 1852 HTTP - ok
23:50:42.0677 1852 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
23:50:42.0677 1852 hwpolicy - ok
23:50:42.0708 1852 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
23:50:42.0723 1852 i8042prt - ok
23:50:42.0770 1852 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
23:50:42.0770 1852 iaStor - ok
23:50:42.0833 1852 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\windows\system32\DRIVERS\iaStorV.sys
23:50:42.0848 1852 iaStorV - ok
23:50:43.0004 1852 igfx (c4097c4f60b7603b77e36715663d56eb) C:\windows\system32\DRIVERS\igdkmd32.sys
23:50:43.0067 1852 igfx - ok
23:50:43.0160 1852 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
23:50:43.0160 1852 iirsp - ok
23:50:43.0191 1852 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
23:50:43.0207 1852 intelide - ok
23:50:43.0223 1852 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
23:50:43.0223 1852 intelppm - ok
23:50:43.0269 1852 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
23:50:43.0269 1852 IpFilterDriver - ok
23:50:43.0301 1852 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
23:50:43.0301 1852 IPMIDRV - ok
23:50:43.0316 1852 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
23:50:43.0316 1852 IPNAT - ok
23:50:43.0363 1852 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
23:50:43.0363 1852 IRENUM - ok
23:50:43.0379 1852 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
23:50:43.0379 1852 isapnp - ok
23:50:43.0410 1852 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
23:50:43.0410 1852 iScsiPrt - ok
23:50:43.0441 1852 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
23:50:43.0441 1852 kbdclass - ok
23:50:43.0519 1852 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
23:50:43.0519 1852 kbdhid - ok
23:50:43.0550 1852 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys
23:50:43.0550 1852 KSecDD - ok
23:50:43.0581 1852 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys
23:50:43.0597 1852 KSecPkg - ok
23:50:43.0644 1852 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
23:50:43.0644 1852 lltdio - ok
23:50:43.0691 1852 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
23:50:43.0691 1852 LSI_FC - ok
23:50:43.0722 1852 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
23:50:43.0722 1852 LSI_SAS - ok
23:50:43.0753 1852 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
23:50:43.0753 1852 LSI_SAS2 - ok
23:50:43.0784 1852 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
23:50:43.0784 1852 LSI_SCSI - ok
23:50:43.0800 1852 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
23:50:43.0815 1852 luafv - ok
23:50:43.0893 1852 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
23:50:43.0893 1852 megasas - ok
23:50:43.0940 1852 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
23:50:43.0940 1852 MegaSR - ok
23:50:43.0971 1852 MfeAVFK (64b96de8c492bd435372d9130a535f1d) C:\windows\system32\drivers\MfeAVFK.sys
23:50:43.0987 1852 MfeAVFK - ok
23:50:44.0003 1852 MfeBOPK (078e87a89d36cc3516f19d5fb518bddc) C:\windows\system32\drivers\MfeBOPK.sys
23:50:44.0003 1852 MfeBOPK - ok
23:50:44.0034 1852 mfehidk (168c565101fd5b9db694efdec91fafa9) C:\windows\system32\drivers\mfehidk.sys
23:50:44.0049 1852 mfehidk - ok
23:50:44.0065 1852 MfeRKDK (e0842f67dc9bc4d21d1e319610ebe9e5) C:\windows\system32\drivers\MfeRKDK.sys
23:50:44.0065 1852 MfeRKDK - ok
23:50:44.0081 1852 mfetdik (43a7acbbd70ecd62f0b63486c72089a3) C:\windows\system32\drivers\mfetdik.sys
23:50:44.0081 1852 mfetdik - ok
23:50:44.0127 1852 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
23:50:44.0127 1852 Modem - ok
23:50:44.0159 1852 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
23:50:44.0159 1852 monitor - ok
23:50:44.0190 1852 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
23:50:44.0190 1852 mouclass - ok
23:50:44.0268 1852 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
23:50:44.0268 1852 mouhid - ok
23:50:44.0283 1852 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
23:50:44.0283 1852 mountmgr - ok
23:50:44.0315 1852 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
23:50:44.0315 1852 mpio - ok
23:50:44.0330 1852 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
23:50:44.0330 1852 mpsdrv - ok
23:50:44.0424 1852 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
23:50:44.0455 1852 MREMP50 - ok
23:50:44.0455 1852 MREMPR5 - ok
23:50:44.0455 1852 MRENDIS5 - ok
23:50:44.0486 1852 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
23:50:44.0486 1852 MRESP50 - ok
23:50:44.0517 1852 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
23:50:44.0517 1852 MRxDAV - ok
23:50:44.0564 1852 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\windows\system32\DRIVERS\mrxsmb.sys
23:50:44.0564 1852 mrxsmb - ok
23:50:44.0627 1852 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\windows\system32\DRIVERS\mrxsmb10.sys
23:50:44.0627 1852 mrxsmb10 - ok
23:50:44.0658 1852 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\windows\system32\DRIVERS\mrxsmb20.sys
23:50:44.0658 1852 mrxsmb20 - ok
23:50:44.0689 1852 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
23:50:44.0689 1852 msahci - ok
23:50:44.0720 1852 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
23:50:44.0720 1852 msdsm - ok
23:50:44.0751 1852 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
23:50:44.0751 1852 Msfs - ok
23:50:44.0767 1852 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
23:50:44.0767 1852 mshidkmdf - ok
23:50:44.0783 1852 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
23:50:44.0798 1852 msisadrv - ok
23:50:44.0829 1852 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
23:50:44.0829 1852 MSKSSRV - ok
23:50:44.0845 1852 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
23:50:44.0845 1852 MSPCLOCK - ok
23:50:44.0876 1852 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
23:50:44.0876 1852 MSPQM - ok
23:50:44.0892 1852 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
23:50:44.0907 1852 MsRPC - ok
23:50:44.0923 1852 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
23:50:44.0923 1852 mssmbios - ok
23:50:44.0939 1852 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
23:50:44.0954 1852 MSTEE - ok
23:50:45.0017 1852 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
23:50:45.0017 1852 MTConfig - ok
23:50:45.0048 1852 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
23:50:45.0048 1852 Mup - ok
23:50:45.0110 1852 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
23:50:45.0110 1852 NativeWifiP - ok
23:50:45.0157 1852 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
23:50:45.0173 1852 NDIS - ok
23:50:45.0219 1852 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
23:50:45.0219 1852 NdisCap - ok
23:50:45.0251 1852 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
23:50:45.0266 1852 NdisTapi - ok
23:50:45.0282 1852 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
23:50:45.0282 1852 Ndisuio - ok
23:50:45.0313 1852 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
23:50:45.0313 1852 NdisWan - ok
23:50:45.0375 1852 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
23:50:45.0375 1852 NDProxy - ok
23:50:45.0407 1852 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
23:50:45.0407 1852 NetBIOS - ok
23:50:45.0438 1852 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
23:50:45.0453 1852 NetBT - ok
23:50:45.0703 1852 NETw5s32 (5b2dfa9c5c02ddf2a113cc0f551b59df) C:\windows\system32\DRIVERS\NETw5s32.sys
23:50:45.0859 1852 NETw5s32 - ok
23:50:46.0046 1852 netw5v32 (af1ae2e42b03395560b1cde03230205c) C:\windows\system32\DRIVERS\netw5v32.sys
23:50:46.0124 1852 netw5v32 - ok
23:50:46.0171 1852 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
23:50:46.0171 1852 nfrd960 - ok
23:50:46.0202 1852 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
23:50:46.0202 1852 Npfs - ok
23:50:46.0218 1852 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
23:50:46.0218 1852 nsiproxy - ok
23:50:46.0327 1852 Ntfs (3795dcd21f740ee799fb7223234215af) C:\windows\system32\drivers\Ntfs.sys
23:50:46.0343 1852 Ntfs - ok
23:50:46.0374 1852 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
23:50:46.0374 1852 Null - ok
23:50:46.0405 1852 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\windows\system32\DRIVERS\nvraid.sys
23:50:46.0421 1852 nvraid - ok
23:50:46.0436 1852 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\windows\system32\DRIVERS\nvstor.sys
23:50:46.0436 1852 nvstor - ok
23:50:46.0467 1852 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
23:50:46.0467 1852 nv_agp - ok
23:50:46.0499 1852 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
23:50:46.0499 1852 ohci1394 - ok
23:50:46.0577 1852 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
23:50:46.0577 1852 Parport - ok
23:50:46.0655 1852 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
23:50:46.0655 1852 partmgr - ok
23:50:46.0670 1852 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
23:50:46.0670 1852 Parvdm - ok
23:50:46.0701 1852 pccsmcfd - ok
23:50:46.0733 1852 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
23:50:46.0733 1852 pci - ok
23:50:46.0764 1852 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
23:50:46.0764 1852 pciide - ok
23:50:46.0795 1852 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
23:50:46.0811 1852 pcmcia - ok
23:50:46.0842 1852 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
23:50:46.0842 1852 pcw - ok
23:50:46.0889 1852 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
23:50:46.0889 1852 PEAUTH - ok
23:50:47.0045 1852 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
23:50:47.0045 1852 PptpMiniport - ok
23:50:47.0091 1852 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
23:50:47.0091 1852 Processor - ok
23:50:47.0154 1852 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
23:50:47.0154 1852 Psched - ok
23:50:47.0201 1852 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\windows\system32\Drivers\PxHelp20.sys
23:50:47.0201 1852 PxHelp20 - ok
23:50:47.0263 1852 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
23:50:47.0294 1852 ql2300 - ok
23:50:47.0341 1852 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
23:50:47.0341 1852 ql40xx - ok
23:50:47.0435 1852 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
23:50:47.0450 1852 QWAVEdrv - ok
23:50:47.0466 1852 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
23:50:47.0481 1852 RasAcd - ok
23:50:47.0513 1852 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
23:50:47.0513 1852 RasAgileVpn - ok
23:50:47.0528 1852 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
23:50:47.0528 1852 Rasl2tp - ok
23:50:47.0559 1852 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
23:50:47.0575 1852 RasPppoe - ok
23:50:47.0606 1852 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
23:50:47.0622 1852 RasSstp - ok
23:50:47.0653 1852 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
23:50:47.0653 1852 rdbss - ok
23:50:47.0700 1852 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
23:50:47.0700 1852 rdpbus - ok
23:50:47.0731 1852 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
23:50:47.0731 1852 RDPCDD - ok
23:50:47.0778 1852 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\windows\system32\drivers\rdpdr.sys
23:50:47.0778 1852 RDPDR - ok
23:50:47.0856 1852 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
23:50:47.0856 1852 RDPENCDD - ok
23:50:47.0887 1852 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
23:50:47.0887 1852 RDPREFMP - ok
23:50:47.0918 1852 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
23:50:47.0918 1852 RDPWD - ok
23:50:47.0949 1852 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
23:50:47.0949 1852 rdyboost - ok
23:50:47.0996 1852 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
23:50:48.0012 1852 RFCOMM - ok
23:50:48.0074 1852 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
23:50:48.0074 1852 rspndr - ok
23:50:48.0105 1852 s3cap (5423d8437051e89dd34749f242c98648) C:\windows\system32\DRIVERS\vms3cap.sys
23:50:48.0105 1852 s3cap - ok
23:50:48.0152 1852 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
23:50:48.0152 1852 sbp2port - ok
23:50:48.0183 1852 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
23:50:48.0183 1852 scfilter - ok
23:50:48.0277 1852 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
23:50:48.0277 1852 secdrv - ok
23:50:48.0324 1852 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
23:50:48.0339 1852 Serenum - ok
23:50:48.0355 1852 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
23:50:48.0371 1852 Serial - ok
23:50:48.0402 1852 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
23:50:48.0402 1852 sermouse - ok
23:50:48.0433 1852 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
23:50:48.0433 1852 sffdisk - ok
23:50:48.0464 1852 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
23:50:48.0464 1852 sffp_mmc - ok
23:50:48.0495 1852 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys
23:50:48.0495 1852 sffp_sd - ok
23:50:48.0542 1852 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
23:50:48.0542 1852 sfloppy - ok
23:50:48.0573 1852 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
23:50:48.0573 1852 sisagp - ok
23:50:48.0589 1852 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
23:50:48.0589 1852 SiSRaid2 - ok
23:50:48.0605 1852 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
23:50:48.0620 1852 SiSRaid4 - ok
23:50:48.0683 1852 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
23:50:48.0683 1852 Smb - ok
23:50:48.0776 1852 SNP2UVC (d8aba1293b82e7af2f78b67ca46fcb3d) C:\windows\system32\DRIVERS\snp2uvc.sys
23:50:48.0792 1852 SNP2UVC - ok
23:50:48.0839 1852 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
23:50:48.0839 1852 spldr - ok
23:50:48.0901 1852 srv (50a83ca406c808bd35ac9141a0c7618f) C:\windows\system32\DRIVERS\srv.sys
23:50:48.0901 1852 srv - ok
23:50:48.0963 1852 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\windows\system32\DRIVERS\srv2.sys
23:50:48.0979 1852 srv2 - ok
23:50:48.0995 1852 srvnet (bd1433a32792fd0dc450479094fc435a) C:\windows\system32\DRIVERS\srvnet.sys
23:50:49.0010 1852 srvnet - ok
23:50:49.0057 1852 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
23:50:49.0057 1852 stexstor - ok
23:50:49.0104 1852 STHDA (901703459c668331df0c0245f6b8160a) C:\windows\system32\DRIVERS\stwrt.sys
23:50:49.0119 1852 STHDA - ok
23:50:49.0135 1852 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\windows\system32\DRIVERS\vmstorfl.sys
23:50:49.0151 1852 storflt - ok
23:50:49.0213 1852 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\windows\system32\DRIVERS\storvsc.sys
23:50:49.0213 1852 storvsc - ok
23:50:49.0260 1852 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
23:50:49.0260 1852 swenum - ok
23:50:49.0322 1852 SynTP (1de40024679cde0e573465253519730e) C:\windows\system32\DRIVERS\SynTP.sys
23:50:49.0322 1852 SynTP - ok
23:50:49.0416 1852 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\windows\system32\drivers\tcpip.sys
23:50:49.0447 1852 Tcpip - ok
23:50:49.0478 1852 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\windows\system32\DRIVERS\tcpip.sys
23:50:49.0478 1852 TCPIP6 - ok
23:50:49.0509 1852 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
23:50:49.0509 1852 tcpipreg - ok
23:50:49.0556 1852 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
23:50:49.0556 1852 TDPIPE - ok
23:50:49.0587 1852 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
23:50:49.0603 1852 TDTCP - ok
23:50:49.0619 1852 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
23:50:49.0619 1852 tdx - ok
23:50:49.0650 1852 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
23:50:49.0650 1852 TermDD - ok
23:50:49.0728 1852 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\windows\system32\drivers\tpm.sys
23:50:49.0728 1852 TPM - ok
23:50:49.0775 1852 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
23:50:49.0775 1852 tssecsrv - ok
23:50:49.0806 1852 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
23:50:49.0821 1852 tunnel - ok
23:50:49.0853 1852 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
23:50:49.0853 1852 uagp35 - ok
23:50:49.0884 1852 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys
23:50:49.0884 1852 udfs - ok
23:50:49.0946 1852 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
23:50:49.0946 1852 uliagpkx - ok
23:50:49.0977 1852 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
23:50:49.0977 1852 umbus - ok
23:50:50.0024 1852 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
23:50:50.0024 1852 UmPass - ok
23:50:50.0071 1852 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\windows\system32\Drivers\usbaapl.sys
23:50:50.0071 1852 USBAAPL - ok
23:50:50.0133 1852 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\windows\system32\DRIVERS\usbccgp.sys
23:50:50.0133 1852 usbccgp - ok
23:50:50.0180 1852 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
23:50:50.0180 1852 usbcir - ok
23:50:50.0196 1852 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\windows\system32\DRIVERS\usbehci.sys
23:50:50.0196 1852 usbehci - ok
23:50:50.0243 1852 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\windows\system32\DRIVERS\usbhub.sys
23:50:50.0258 1852 usbhub - ok
23:50:50.0274 1852 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
23:50:50.0274 1852 usbohci - ok
23:50:50.0321 1852 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
23:50:50.0321 1852 usbprint - ok
23:50:50.0383 1852 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
23:50:50.0383 1852 usbscan - ok
23:50:50.0430 1852 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\windows\system32\DRIVERS\USBSTOR.SYS
23:50:50.0430 1852 USBSTOR - ok
23:50:50.0445 1852 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\DRIVERS\usbuhci.sys
23:50:50.0445 1852 usbuhci - ok
23:50:50.0523 1852 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\windows\system32\Drivers\usbvideo.sys
23:50:50.0523 1852 usbvideo - ok
23:50:50.0586 1852 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
23:50:50.0586 1852 vdrvroot - ok
23:50:50.0617 1852 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
23:50:50.0633 1852 vga - ok
23:50:50.0648 1852 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
23:50:50.0648 1852 VgaSave - ok
23:50:50.0679 1852 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
23:50:50.0695 1852 vhdmp - ok
23:50:50.0726 1852 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
23:50:50.0726 1852 viaagp - ok
23:50:50.0757 1852 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
23:50:50.0757 1852 ViaC7 - ok
23:50:50.0773 1852 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
23:50:50.0773 1852 viaide - ok
23:50:50.0882 1852 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\windows\system32\DRIVERS\vmbus.sys
23:50:50.0882 1852 vmbus - ok
23:50:50.0913 1852 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\windows\system32\DRIVERS\VMBusHID.sys
23:50:50.0913 1852 VMBusHID - ok
23:50:50.0929 1852 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
23:50:50.0929 1852 volmgr - ok
23:50:50.0960 1852 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
23:50:50.0960 1852 volmgrx - ok
23:50:50.0991 1852 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
23:50:50.0991 1852 volsnap - ok
23:50:51.0054 1852 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
23:50:51.0054 1852 vsmraid - ok
23:50:51.0085 1852 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
23:50:51.0085 1852 vwifibus - ok
23:50:51.0116 1852 VWiFiFlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
23:50:51.0116 1852 VWiFiFlt - ok
23:50:51.0132 1852 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
23:50:51.0132 1852 vwifimp - ok
23:50:51.0163 1852 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
23:50:51.0163 1852 WacomPen - ok
23:50:51.0210 1852 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
23:50:51.0210 1852 WANARP - ok
23:50:51.0210 1852 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
23:50:51.0225 1852 Wanarpv6 - ok
23:50:51.0335 1852 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
23:50:51.0335 1852 Wd - ok
23:50:51.0366 1852 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
23:50:51.0381 1852 Wdf01000 - ok
23:50:51.0475 1852 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
23:50:51.0475 1852 WfpLwf - ok
23:50:51.0506 1852 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
23:50:51.0522 1852 WIMMount - ok
23:50:51.0600 1852 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUSB.sys
23:50:51.0600 1852 WinUsb - ok
23:50:51.0647 1852 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
23:50:51.0647 1852 WmiAcpi - ok
23:50:51.0725 1852 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
23:50:51.0725 1852 ws2ifsl - ok
23:50:51.0771 1852 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\windows\system32\DRIVERS\WSDPrint.sys
23:50:51.0787 1852 WSDPrintDevice - ok
23:50:51.0818 1852 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
23:50:51.0818 1852 WudfPf - ok
23:50:51.0849 1852 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
23:50:51.0865 1852 WUDFRd - ok
23:50:51.0943 1852 yukonw7 (3eb1576f77b60a6c79dd7742b67219b8) C:\windows\system32\DRIVERS\yk62x86.sys
23:50:51.0959 1852 yukonw7 - ok
23:50:52.0005 1852 ZTEusbmdm6k (966756d861161fcc04d8051f210b942f) C:\windows\system32\DRIVERS\ZTEusbmdm6k.sys
23:50:52.0021 1852 ZTEusbmdm6k - ok
23:50:52.0052 1852 ZTEusbnmea (966756d861161fcc04d8051f210b942f) C:\windows\system32\DRIVERS\ZTEusbnmea.sys
23:50:52.0068 1852 ZTEusbnmea - ok
23:50:52.0130 1852 ZTEusbser6k (966756d861161fcc04d8051f210b942f) C:\windows\system32\DRIVERS\ZTEusbser6k.sys
23:50:52.0146 1852 ZTEusbser6k - ok
23:50:52.0193 1852 ZTEusbvoice (966756d861161fcc04d8051f210b942f) C:\windows\system32\DRIVERS\ZTEusbvoice.sys
23:50:52.0208 1852 ZTEusbvoice - ok
23:50:52.0239 1852 ZTEusbwwan (51adcfcb8118a5060980e906736ed4db) C:\windows\system32\DRIVERS\ZTEusbwwan.sys
23:50:52.0255 1852 ZTEusbwwan - ok
23:50:52.0333 1852 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
23:50:52.0380 1852 \Device\Harddisk0\DR0 - ok
23:50:52.0395 1852 Boot (0x1200) (b685b3d2fa35e4c0b3d2cab9959c710d) \Device\Harddisk0\DR0\Partition0
23:50:52.0395 1852 \Device\Harddisk0\DR0\Partition0 - ok
23:50:52.0411 1852 Boot (0x1200) (6a0b7896c07e396bc1822ca341a1139e) \Device\Harddisk0\DR0\Partition1
23:50:52.0411 1852 \Device\Harddisk0\DR0\Partition1 - ok
23:50:52.0442 1852 Boot (0x1200) (97b2a6a89092a06ff711e4ef2a6026bf) \Device\Harddisk0\DR0\Partition2
23:50:52.0442 1852 \Device\Harddisk0\DR0\Partition2 - ok
23:50:52.0458 1852 Boot (0x1200) (e759ceb0f139e182a93255ece9bb4b78) \Device\Harddisk0\DR0\Partition3
23:50:52.0458 1852 \Device\Harddisk0\DR0\Partition3 - ok
23:50:52.0458 1852 ============================================================
23:50:52.0458 1852 Scan finished
23:50:52.0458 1852 ============================================================
23:50:52.0473 5500 Detected object count: 0
23:50:52.0473 5500 Actual detected object count: 0
23:51:50.0677 3156 Deinitialize success

I have just tried google again and it seems to be working fine.

Do you need to send me any more instructions?

If not i would like to sincerely thank you for your help with this issue. This is a great service.

Any tips or advice you might have to help me avoid this from happening again would be most appreciated.

Regards

Terdev
terdev
Active Member
 
Posts: 8
Joined: February 15th, 2012, 6:14 pm

Re: Google Rediredtion Issue

Unread postby maxi » February 20th, 2012, 9:15 am

Hi Terdev, Good job :) Just a few more steps and we will be done. After that I will give you some tips on how to stay safe.

Step 1
I see you have Malwarebytes installed. Please open the program and update it. Then run a Quick scan, If it finds anything click "Removed selected" and follow the prompts. Please post the log it creates in your next post.

Step 2
ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Select the option YES, I accept the Terms of Use then click on Start.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

In your next reply please include:
The Malwarebytes logfile.
The Eset logfile.


Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Google Rediredtion Issue

Unread postby terdev » February 21st, 2012, 11:25 am

Hi Maxi

Malwarebytes logfile reads as follows:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.20.04

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
ernetemp :: TDEVINE-PC [administrator]

20/02/2012 21:31:18
mbam-log-2012-02-20 (21-31-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205757
Time elapsed: 7 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)


The Eset logfile read as follows:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1f6f6ad8690ef3418fe5b1655301e3ed
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-02-20 10:06:49
# local_time=2012-02-20 10:06:49 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 435487 435487 0 0
# compatibility_mode=1024 16777215 100 0 2342421 2342421 0 0
# compatibility_mode=5893 16776574 66 85 55647068 82241371 0 0
# compatibility_mode=8192 67108863 100 0 3781 3781 0 0
# scanned=23552
# found=0
# cleaned=0
# scan_time=629
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1f6f6ad8690ef3418fe5b1655301e3ed
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-02-20 10:47:07
# local_time=2012-02-20 10:47:07 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 436252 436252 0 0
# compatibility_mode=1024 16777215 100 0 2343186 2343186 0 0
# compatibility_mode=5893 16776574 66 85 55647833 82242136 0 0
# compatibility_mode=8192 67108863 100 0 4546 4546 0 0
# scanned=94004
# found=0
# cleaned=0
# scan_time=2282
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1f6f6ad8690ef3418fe5b1655301e3ed
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-02-21 02:16:12
# local_time=2012-02-21 02:16:12 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 490246 490246 0 0
# compatibility_mode=1024 16777215 100 0 2397180 2397180 0 0
# compatibility_mode=5893 16776574 66 85 55701827 82296130 0 0
# compatibility_mode=8192 67108863 100 0 58540 58540 0 0
# scanned=189869
# found=0
# cleaned=0
# scan_time=4033


(end)
terdev
Active Member
 
Posts: 8
Joined: February 15th, 2012, 6:14 pm

Re: Google Rediredtion Issue

Unread postby maxi » February 21st, 2012, 3:53 pm

Hi Terdev and congratulations your system is now clean :cheers: We just have to do some housekeeping and I'll give you some information on how to stay clean :)


Remove Tools from your Desktop. (Right click and select delete)
DDS
OTL
TDSSKiller
aswMBR

Your Java is out of date.
It can be updated by the Java control panel
  • click on Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now.
  • An update should begin.
  • Just follow the prompts.


Internet Explorer 8
This is outdated and a security risk, you need to install internet explorer 9

You can find information and install IE 9 from Here


Here are some free programs I recommend that could help you improve your computer's security.
Install additional (free) programs, that can help improve security.
Many feel that having a "layered" protection scheme is beneficial, you'll have to decide what works best for your situation.
Here are a few you can look into, if you want. :)

Malwarebytes Anti-malware (Already installed)
You should run a quick scan with this once a week but dont forget to update the program first.



Install SpywareBlaster
Download and install Javacools SpywareBlaster from Here
SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly.


Install SiteAdvisor
SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from Here


Install WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE


MVPS Hosts

Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE


Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer
You can do that HERE


Read some information HERE On how to prevent Malware


I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Google Rediredtion Issue

Unread postby terdev » February 21st, 2012, 5:08 pm

Hi Maxi

Instructions recieved and understood.

Thanks very much for your help with this issue. It is much appreciated.

Regards

Terdev
terdev
Active Member
 
Posts: 8
Joined: February 15th, 2012, 6:14 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 47 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware