Jump to content

MJFischer

Members
 View Profile  See their activity

  • Posts

    11

  • Joined

  • Last visited

Reputation

0 Neutral
  1. MJFischer
    Goo news! I think the problem is solved. Bottomline up front, the virus may be in the router, not my computer. I had been at my parents house since May 28. I assumed I got the virus from the unsecured network. I did secure the network with a passkey, but that did not rid the router of the virus. I think my parents will have to instruct someone to reset the router, reset the admin password, and reset the network key. I am home as of July 5th and now have no trouble. Here is the combofix log: ComboFix 11-07-06.02 - Mary Jean 07/06/2011 7:58.4.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.1040 [GMT -7:00] Running from: c:\users\Mary Jean\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2011-06-06 to 2011-07-06 ))))))))))))))))))))))))))))))) . . 2011-07-06 21:59 . 2011-07-06 21:59 -------- d-----w- c:\users\Limited Acesss\AppData\Local\temp 2011-07-06 21:59 . 2011-07-06 21:59 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-07-06 01:41 . 2011-02-17 06:23 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-07-06 01:40 . 2011-04-30 06:09 758784 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll 2011-07-04 15:21 . 2011-07-04 15:48 -------- d-----w- c:\users\Limited Acesss\AppData\Local\Microsoft Games 2011-07-04 00:53 . 2011-07-04 00:53 -------- d-----w- c:\users\Limited Acesss\AppData\Local\Mozilla 2011-07-04 00:52 . 2011-07-04 15:41 -------- d-----w- c:\users\Limited Acesss\AppData\Local\VirtualStore 2011-07-03 15:23 . 2011-05-28 04:33 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2011-07-03 15:23 . 2011-05-28 06:04 109056 ----a-w- c:\windows\system32\iesysprep.dll 2011-07-03 15:23 . 2011-05-28 06:03 743424 ----a-w- c:\program files\Internet Explorer\iedvtool.dll 2011-07-03 15:23 . 2011-05-28 06:04 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-07-03 15:23 . 2011-05-28 06:09 638232 ----a-w- c:\program files\Internet Explorer\iexplore.exe 2011-07-03 15:23 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll 2011-07-03 03:42 . 2011-07-03 03:42 -------- d-----w- c:\users\Mary Jean\AppData\Local\Mozilla 2011-07-02 15:16 . 2011-07-02 15:26 -------- d-----w- c:\users\Mary Jean\AppData\Roaming\HpUpdate 2011-07-02 15:16 . 2011-07-02 15:16 -------- d-----w- c:\windows\Hewlett-Packard 2011-06-29 06:07 . 2011-06-30 15:56 -------- d-----w- c:\users\Mary Jean\AppData\Local\Adobe 2011-06-29 05:14 . 2011-07-06 21:59 -------- d-----w- c:\users\Mary Jean\AppData\Local\temp 2011-06-29 04:32 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll 2011-06-17 17:35 . 2007-03-26 15:59 102400 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lxbfpp5c.dll 2011-06-17 17:31 . 2011-06-17 17:31 -------- d-----w- C:\drivers 2011-06-16 20:01 . 2011-06-16 20:01 -------- d-----w- c:\users\Mary Jean\AppData\Roaming\Malwarebytes 2011-06-16 20:01 . 2011-05-29 16:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-16 20:01 . 2011-06-16 20:01 -------- d-----w- c:\programdata\Malwarebytes 2011-06-16 20:01 . 2011-06-16 20:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-06-16 20:01 . 2011-05-29 16:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-15 19:41 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys 2011-06-15 19:41 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys 2011-06-15 19:41 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-06-15 19:41 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-06-15 19:40 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll 2011-06-15 19:40 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll 2011-06-15 19:40 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-06-15 19:40 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-06-15 19:40 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-06-15 19:40 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-06-09 00:18 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-06-09 00:18 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-06-09 00:18 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-06-09 00:18 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-06-09 00:18 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-06-09 00:18 . 2011-05-10 11:59 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-06-09 00:17 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr 2011-06-09 00:17 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-06-09 00:16 . 2011-06-09 00:16 -------- d-----w- c:\programdata\AVAST Software 2011-06-09 00:16 . 2011-06-09 00:16 -------- d-----w- c:\program files\AVAST Software 2011-06-09 00:06 . 2011-06-09 00:06 -------- d-----w- c:\program files\CCleaner 2011-06-08 23:59 . 2011-06-09 00:01 888 ----a-w- C:\exe.reg 2011-06-08 23:29 . 2011-06-08 23:35 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-06-08 22:34 . 2011-06-08 22:34 -------- d-----w- c:\program files\Hitman Pro 3.5 2011-06-08 22:12 . 2011-06-08 23:29 -------- d-----w- c:\programdata\Hitman Pro 2011-06-08 21:59 . 2011-06-08 21:59 0 ---ha-w- c:\users\Mary Jean\AppData\Local\BITFEB8.tmp 2011-06-08 21:48 . 2011-06-08 21:48 0 ---ha-w- c:\users\Mary Jean\AppData\Local\BITBFA7.tmp 2011-06-07 19:35 . 2011-06-07 19:35 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll 2011-06-07 16:23 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F605FD73-ECC4-4DF2-8D21-4EB6711DFFB3}\mpengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-27 06:35 . 2011-04-27 06:35 4659712 ----a-w- c:\windows\system32\Redemption.dll 2011-04-27 06:34 . 2011-04-27 06:35 770912 ----a-w- c:\windows\system32\Msfdbqp.dll 2011-04-27 06:34 . 2011-04-27 06:35 397152 ----a-w- c:\windows\system32\Msfdbse.dll 2011-04-27 06:34 . 2011-04-27 06:35 230240 ----a-w- c:\windows\system32\Msfdb.dll 2011-04-27 06:34 . 2011-04-27 06:35 189792 ----a-w- c:\windows\system32\SimpleProviders2.dll 2011-04-27 06:34 . 2011-04-27 06:35 511328 ----a-w- c:\windows\system32\Synchronization2.dll 2011-04-27 06:34 . 2011-04-27 06:35 253280 ----a-w- c:\windows\system32\MetaStore2.dll 2011-04-27 06:34 . 2011-04-27 06:35 171360 ----a-w- c:\windows\system32\FileSyncProvider2.dll 2011-04-27 06:34 . 2011-04-27 06:35 156512 ----a-w- c:\windows\system32\FeedSync2.dll 2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr 1998-01-14 14:40 . 2010-10-05 22:48 5696 ----a-w- c:\program files\FTWSYSUN.BIN 1998-01-14 14:40 . 2010-10-05 22:48 39936 ----a-w- c:\program files\UNINSTAL.EXE 1998-01-14 14:40 . 2010-10-05 22:48 361984 ----a-w- c:\program files\FTWSYS.BIN 1998-01-14 14:40 . 2010-10-05 22:48 151552 ----a-w- c:\program files\IMAGING.DLL 1998-01-14 14:40 . 2010-10-05 22:48 150528 ----a-w- c:\program files\SSCE5132.DLL 1998-01-14 14:40 . 2010-10-05 22:48 391680 ----a-w- c:\program files\FTWSTR32.DLL 1998-01-14 14:40 . 2010-10-05 22:48 3033088 ----a-w- c:\program files\FTW.EXE 1998-01-14 14:40 . 2010-10-05 22:48 2514432 ----a-w- c:\program files\FTWBMP32.DLL 1998-01-14 14:40 . 2010-10-05 22:48 82944 ----a-w- c:\program files\FTWBUB32.DLL 1998-01-14 14:40 . 2010-10-05 22:48 60928 ----a-w- c:\program files\FTOSUB.EXE 1998-01-14 14:40 . 2010-10-05 22:48 5008 ----a-w- c:\program files\FTWSKM.EXE 1998-01-14 14:40 . 2010-10-05 22:48 38912 ----a-w- c:\program files\FTOINST.EXE 1998-01-14 14:40 . 2010-10-05 22:48 22528 ----a-w- c:\program files\FTWMSC32.DLL 1998-01-14 14:40 . 2010-10-05 22:48 19344 ----a-w- c:\program files\FTINST16.EXE 1998-01-14 14:40 . 2010-10-05 22:48 151792 ----a-w- c:\program files\FTOSUB16.EXE 1996-09-20 11:15 . 2010-10-05 22:48 57344 ----a-w- c:\program files\PGCNTL32.DLL 1996-09-20 11:14 . 2010-10-05 22:48 212480 ----a-w- c:\program files\PCDLIB32.DLL 1996-09-20 11:14 . 2010-10-05 22:48 17920 ----a-w- c:\program files\IMPLODE.DLL 1996-09-20 11:13 . 2010-10-05 22:48 74240 ----a-w- c:\program files\INFOLINK.DLL 1996-09-20 11:08 . 2010-10-05 22:48 49264 ----a-w- c:\program files\LAUNCH16.DLL 1996-09-20 11:08 . 2010-10-05 22:48 48640 ----a-w- c:\program files\LAUNCH32.DLL 2011-06-16 04:17 . 2011-07-03 03:42 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MSSOverlay] @="{b75ab0c8-03d5-4592-9821-a48d54d66b14}" [HKEY_CLASSES_ROOT\CLSID\{b75ab0c8-03d5-4592-9821-a48d54d66b14}] 2008-04-01 23:46 91488 ----a-w- c:\program files\Maxtor\ManagerApp\MssShellExt.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-02 39408] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256] "mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-04-01 169312] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584] "Creative WebCam Tray"="c:\program files\Creative\Shared Files\CAMTRAY.EXE" [2003-06-26 184320] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsWnd] 2008-09-18 19:14 880640 ------w- c:\program files\Brownie\BrStsWnd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI] 2006-12-19 09:27 136768 ----a-w- c:\program files\McAfee\Common Framework\UdaterUI.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2008-09-07 01:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE] 2007-02-22 18:50 112216 ----a-w- c:\program files\McAfee\VirusScan Enterprise\shstat.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 21:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-24 135664] R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 30312] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-24 135664] R3 P1130VID;Creative WebCam NX Pro;c:\windows\system32\DRIVERS\P1130Vid.sys [2004-05-04 90229] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-12-21 96488] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2010-12-21 12776] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2010-12-21 121576] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592] S2 lxbf_device;lxbf_device;c:\windows\system32\lxbfcoms.exe [2007-04-25 537520] S2 Maxtor Sync Services;Maxtor Service;c:\program files\Maxtor\Sync\SyncServices.exe [2008-04-01 161120] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HPService REG_MULTI_SZ HPSLPSVC LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-04-19 20:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2011-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-24 05:57] . 2011-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-24 05:57] . 2011-06-08 c:\windows\Tasks\Hitman Pro 3.5 Boot Task.job - c:\program files\Hitman Pro 3.5\HitmanPro35.exe [2011-06-08 16:14] . 2011-07-06 c:\windows\Tasks\User_Feed_Synchronization-{D19F6642-8AA9-4EA2-916F-4231B46DFBBA}.job - c:\windows\system32\msfeedssync.exe [2011-07-03 04:32] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.bing.com/ uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html LSP: c:\windows\system32\wpclsp.dll Trusted Zone: aol.com\free TCP: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53 FF - ProfilePath - c:\users\Mary Jean\AppData\Roaming\Mozilla\Firefox\Profiles\ly3m40bi.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-06 11:59 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . . C:\## aswSnx private storage . scan completed successfully hidden files: 1 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(5584) c:\program files\Maxtor\ManagerApp\MssShellExt.dll . Completion time: 2011-07-06 12:04:45 ComboFix-quarantined-files.txt 2011-07-06 22:04 ComboFix2.txt 2011-06-29 05:14 ComboFix3.txt 2011-06-16 20:26 . Pre-Run: 22,847,053,824 bytes free Post-Run: 22,679,572,480 bytes free . Current=1 Default=1 Failed=0 LastKnownGood=1 Sets=1,2,3,4,5,6,7,8,9,10 - - End Of File - - 95ABD997D8F2BE936CD6E10584A325EE Best -MJ
  2. MJFischer
    Well - further investigation reveals the problem is for any account on this computer but if I click a search result a second time (after closing the bogus window) I get to the correct site. Now our posts are back on track. -MJ
  3. MJFischer
    I take that back. I was on as a non-administrator user. When I am logged in on my user account (administrator) I get redirected. Ex: I did a google search for recipe curry vegitarian. I should have ended up at allrecipes.com/recipe/spicy-vegan-potatoe-curry (or some such.) but instead I ended up at http://fastsfind.com/in.cgi?25&parameter=curry+recipe+vegetarian&affzref=24386&bides=z*z&affzref2=24386vv*vvcurry+recipe+vegetarian&CS=1 or if I click another search result I end up at http://www.localdouble.com/yb/search.php?what=vegetarians&where=novato%2Cca&ps=185_48757 or http://www.theclickcheck.com/?sub=1544043&rm=aHR0cDovLzcxLTE1NDQwNDMuYW1wbmV0d29yay5uZXQ%3D&pub=71&cid=1596382720&ds=aHR0cDovL3d3dy5sb2NhbGRvdWJsZS5jb20veWIvc2VhcmNoLnBocD93aGF0PXZlZ2V0YXJpYW4m%0Ad2hlcmU9bm92YXRvJTJDY2EmcHM9NzFfMTU0NDA0Mw%3D%3D Sorry to put the posts out of order
  4. MJFischer
    I did as directed, opened IE with no add-ons. This is better!?! For example, when I click on my search choice, the window goes through http://c0e4.r.google.com/click?q=tree%20pruning%20method&lnk=http%3A%2F%2Fwww.treemasters.com%2F&ref=http%3A%2F%2Fwww.google.com%2F%23sclient%3Dpsy%26hl%3Den%26source%3Dhp%26q%3Dtree%2Bpruning%2Bmarin%26aq%3Df%26aqi%3D%26aql%3D%26oq%3D%26pbx%3D1%26bav%3Don.2%2Cor.r_gc.r_pw.%26fp%3Dc488823cce0a6f39%26biw%3D1280%26bih%3D608 before landing at www.treemasters.com/ Is this good?
  5. MJFischer
    I did install IE 8. Did the search for tree pruning. Failed. Still redirects when I use google. Best, MJ
  6. MJFischer
    I am sorry - I was waiting for a email to check the forum. I only have IE and it does happen with google and yahoo in IE (yahoo, google) but not BING. I had to download FF and try google through FF. The answer is NO! It does not happen when I use Google with FF. innnnteresting! -MJ
  7. MJFischer
    I removed the ask.com application I can open .exe shortcuts now. I still have the redirect issue I google this: tree trimming service Marin I click on my choice: Marin County Tree Service which should take me here: www.treemasters.com/ But instead the new window first goes here http://bb1d.r.google.com/click?q=tree%20triming%20service%20marin&lnk=http%3A%2F%2Fwww.treemasters.com%2F&ref=http%3A%2F%2Fwww.google.com%2Fsearch%3Fhl%3Den%26source%3Dhp%26q%3Dtree%20triming%20service%20marin and ends up here http://scour.com/search/web/Tree%20Triming%20Service%20Marin/a10/gathi-149/v5 Malwarebytes has not successfully updated in 31 days. Thank you for sticking with me. MJ
  8. MJFischer
    Below is the combofix log While running, something happened. I may have caused this as I was messing with the computer while combo fix was doing its thing... "pev.cfxxe has stopped working. A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available" I clicked "close program" and combofix finished. Also, all .exe shortcuts will not run. I get "Illegal operation attempted on a registry key that has been marked for deletion" I went to program files to run iexplore.exe ComboFix 11-06-28.05 - Mary Jean 06/28/2011 21:58:01.3.2 - x86 Running from: c:\users\Mary Jean\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-29 ))))))))))))))))))))))))))))))) . . 2011-06-29 05:09 . 2011-06-29 05:10 -------- d-----w- c:\users\Mary Jean\AppData\Local\temp 2011-06-29 05:09 . 2011-06-29 05:09 -------- d-----w- c:\users\Limited Acesss\AppData\Local\temp 2011-06-29 05:09 . 2011-06-29 05:09 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-06-17 17:35 . 2007-03-26 15:59 102400 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lxbfpp5c.dll 2011-06-17 17:31 . 2011-06-17 17:31 -------- d-----w- C:\drivers 2011-06-16 20:01 . 2011-06-16 20:01 -------- d-----w- c:\users\Mary Jean\AppData\Roaming\Malwarebytes 2011-06-16 20:01 . 2011-05-29 16:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-16 20:01 . 2011-06-16 20:01 -------- d-----w- c:\programdata\Malwarebytes 2011-06-16 20:01 . 2011-06-16 20:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-06-16 20:01 . 2011-05-29 16:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-15 19:40 . 2011-05-02 17:19 766464 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll 2011-06-15 19:40 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll 2011-06-15 19:40 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll 2011-06-15 19:40 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-06-15 19:40 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-06-15 19:40 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-06-15 19:40 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-06-09 00:18 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-06-09 00:18 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-06-09 00:18 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-06-09 00:18 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-06-09 00:18 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-06-09 00:18 . 2011-05-10 11:59 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-06-09 00:17 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr 2011-06-09 00:17 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-06-09 00:16 . 2011-06-09 00:16 -------- d-----w- c:\programdata\AVAST Software 2011-06-09 00:16 . 2011-06-09 00:16 -------- d-----w- c:\program files\AVAST Software 2011-06-09 00:06 . 2011-06-09 00:06 -------- d-----w- c:\program files\CCleaner 2011-06-08 23:59 . 2011-06-09 00:01 888 ----a-w- C:\exe.reg 2011-06-08 23:29 . 2011-06-08 23:35 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-06-08 22:34 . 2011-06-08 22:34 -------- d-----w- c:\program files\Hitman Pro 3.5 2011-06-08 22:12 . 2011-06-08 23:29 -------- d-----w- c:\programdata\Hitman Pro 2011-06-08 21:59 . 2011-06-08 21:59 0 ---ha-w- c:\users\Mary Jean\AppData\Local\BITFEB8.tmp 2011-06-08 21:48 . 2011-06-08 21:48 0 ---ha-w- c:\users\Mary Jean\AppData\Local\BITBFA7.tmp 2011-06-07 16:23 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F605FD73-ECC4-4DF2-8D21-4EB6711DFFB3}\mpengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-27 06:35 . 2011-04-27 06:35 4659712 ----a-w- c:\windows\system32\Redemption.dll 2011-04-27 06:34 . 2011-04-27 06:35 770912 ----a-w- c:\windows\system32\Msfdbqp.dll 2011-04-27 06:34 . 2011-04-27 06:35 397152 ----a-w- c:\windows\system32\Msfdbse.dll 2011-04-27 06:34 . 2011-04-27 06:35 230240 ----a-w- c:\windows\system32\Msfdb.dll 2011-04-27 06:34 . 2011-04-27 06:35 189792 ----a-w- c:\windows\system32\SimpleProviders2.dll 2011-04-27 06:34 . 2011-04-27 06:35 511328 ----a-w- c:\windows\system32\Synchronization2.dll 2011-04-27 06:34 . 2011-04-27 06:35 253280 ----a-w- c:\windows\system32\MetaStore2.dll 2011-04-27 06:34 . 2011-04-27 06:35 171360 ----a-w- c:\windows\system32\FileSyncProvider2.dll 2011-04-27 06:34 . 2011-04-27 06:35 156512 ----a-w- c:\windows\system32\FeedSync2.dll 2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr 1998-01-14 14:40 . 2010-10-05 22:48 5696 ----a-w- c:\program files\FTWSYSUN.BIN 1998-01-14 14:40 . 2010-10-05 22:48 39936 ----a-w- c:\program files\UNINSTAL.EXE 1998-01-14 14:40 . 2010-10-05 22:48 361984 ----a-w- c:\program files\FTWSYS.BIN 1998-01-14 14:40 . 2010-10-05 22:48 151552 ----a-w- c:\program files\IMAGING.DLL 1998-01-14 14:40 . 2010-10-05 22:48 150528 ----a-w- c:\program files\SSCE5132.DLL 1998-01-14 14:40 . 2010-10-05 22:48 391680 ----a-w- c:\program files\FTWSTR32.DLL 1998-01-14 14:40 . 2010-10-05 22:48 3033088 ----a-w- c:\program files\FTW.EXE 1998-01-14 14:40 . 2010-10-05 22:48 2514432 ----a-w- c:\program files\FTWBMP32.DLL 1998-01-14 14:40 . 2010-10-05 22:48 82944 ----a-w- c:\program files\FTWBUB32.DLL 1998-01-14 14:40 . 2010-10-05 22:48 60928 ----a-w- c:\program files\FTOSUB.EXE 1998-01-14 14:40 . 2010-10-05 22:48 5008 ----a-w- c:\program files\FTWSKM.EXE 1998-01-14 14:40 . 2010-10-05 22:48 38912 ----a-w- c:\program files\FTOINST.EXE 1998-01-14 14:40 . 2010-10-05 22:48 22528 ----a-w- c:\program files\FTWMSC32.DLL 1998-01-14 14:40 . 2010-10-05 22:48 19344 ----a-w- c:\program files\FTINST16.EXE 1998-01-14 14:40 . 2010-10-05 22:48 151792 ----a-w- c:\program files\FTOSUB16.EXE 1996-09-20 11:15 . 2010-10-05 22:48 57344 ----a-w- c:\program files\PGCNTL32.DLL 1996-09-20 11:14 . 2010-10-05 22:48 212480 ----a-w- c:\program files\PCDLIB32.DLL 1996-09-20 11:14 . 2010-10-05 22:48 17920 ----a-w- c:\program files\IMPLODE.DLL 1996-09-20 11:13 . 2010-10-05 22:48 74240 ----a-w- c:\program files\INFOLINK.DLL 1996-09-20 11:08 . 2010-10-05 22:48 49264 ----a-w- c:\program files\LAUNCH16.DLL 1996-09-20 11:08 . 2010-10-05 22:48 48640 ----a-w- c:\program files\LAUNCH32.DLL . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2011-04-29 22:12 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-04-29 1490312] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-04-29 1490312] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MSSOverlay] @="{b75ab0c8-03d5-4592-9821-a48d54d66b14}" [HKEY_CLASSES_ROOT\CLSID\{b75ab0c8-03d5-4592-9821-a48d54d66b14}] 2008-04-01 23:46 91488 ----a-w- c:\program files\Maxtor\ManagerApp\MssShellExt.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-02 39408] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256] "mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-04-01 169312] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584] "Creative WebCam Tray"="c:\program files\Creative\Shared Files\CAMTRAY.EXE" [2003-06-26 184320] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-21 09:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater] 2011-04-29 22:12 395144 ----a-w- c:\program files\Ask.com\Updater\Updater.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsWnd] 2008-09-18 19:14 880640 ------w- c:\program files\Brownie\BrStsWnd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI] 2006-12-19 09:27 136768 ----a-w- c:\program files\McAfee\Common Framework\UdaterUI.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2008-09-07 01:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE] 2007-02-22 18:50 112216 ----a-w- c:\program files\McAfee\VirusScan Enterprise\shstat.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 21:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-24 135664] R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 30312] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-24 135664] R3 P1130VID;Creative WebCam NX Pro;c:\windows\system32\DRIVERS\P1130Vid.sys [2004-05-04 90229] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-12-21 96488] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2010-12-21 12776] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2010-12-21 121576] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592] S2 lxbf_device;lxbf_device;c:\windows\system32\lxbfcoms.exe [2007-04-25 537520] S2 Maxtor Sync Services;Maxtor Service;c:\program files\Maxtor\Sync\SyncServices.exe [2008-04-01 161120] S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HPService REG_MULTI_SZ HPSLPSVC LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-04-19 20:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2011-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-24 05:57] . 2011-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-24 05:57] . 2011-06-08 c:\windows\Tasks\Hitman Pro 3.5 Boot Task.job - c:\program files\Hitman Pro 3.5\HitmanPro35.exe [2011-06-08 16:14] . 2011-06-29 c:\windows\Tasks\User_Feed_Synchronization-{D19F6642-8AA9-4EA2-916F-4231B46DFBBA}.job - c:\windows\system32\msfeedssync.exe [2008-09-16 07:33] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html LSP: c:\windows\system32\wpclsp.dll Trusted Zone: aol.com\free TCP: DhcpNameServer = 192.168.1.1 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-28 22:10 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . . C:\## aswSnx private storage . scan completed successfully hidden files: 1 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(2128) c:\program files\Maxtor\ManagerApp\MssShellExt.dll . Completion time: 2011-06-28 22:14:52 ComboFix-quarantined-files.txt 2011-06-29 05:14 ComboFix2.txt 2011-06-16 20:26 . Pre-Run: 16,760,401,920 bytes free Post-Run: 16,747,126,784 bytes free . Current=1 Default=1 Failed=0 LastKnownGood=7 Sets=1,2,3,4,5,6,7 - - End Of File - - E69BC14C631E8D63D3B897D75E8415B4 Thank you very much, MJ
  9. MJFischer
    hello, Thank you still. I did as directed. ATF cleaner GooredFix TDSSKiller - nothing found Computer still has problems: Cant update Malwarebytes PROGRAM_ERROR_UPDATING and the redirect works like this: I search for something with google, say tree pruning in marin, I see a site Bay Area Trimming www.elitetreeservice.biz That looks good. I click on it and end up at some other site (http://scour.com/search/web/Tree%20Pruning%20Novato/a10/and2-2742/v5) or I get this: The previous page is sending you to http://mls.marchex.com/c?pid=1228611. If you do not want to visit that page, you can return to the previous page. here is the log for KDSSKiller 2011/06/26 20:16:35.0297 5452 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15 2011/06/26 20:16:35.0906 5452 ================================================================================ 2011/06/26 20:16:35.0906 5452 SystemInfo: 2011/06/26 20:16:35.0906 5452 2011/06/26 20:16:35.0906 5452 OS Version: 6.0.6002 ServicePack: 2.0 2011/06/26 20:16:35.0906 5452 Product type: Workstation 2011/06/26 20:16:35.0906 5452 ComputerName: MARYJEAN-PC 2011/06/26 20:16:35.0921 5452 UserName: Mary Jean 2011/06/26 20:16:35.0921 5452 Windows directory: C:\Windows 2011/06/26 20:16:35.0921 5452 System windows directory: C:\Windows 2011/06/26 20:16:35.0921 5452 Processor architecture: Intel x86 2011/06/26 20:16:35.0921 5452 Number of processors: 2 2011/06/26 20:16:35.0921 5452 Page size: 0x1000 2011/06/26 20:16:35.0921 5452 Boot type: Normal boot 2011/06/26 20:16:35.0921 5452 ================================================================================ 2011/06/26 20:16:40.0352 5452 Initialize success 2011/06/26 20:17:02.0956 5616 ================================================================================ 2011/06/26 20:17:02.0956 5616 Scan started 2011/06/26 20:17:02.0956 5616 Mode: Manual; 2011/06/26 20:17:02.0956 5616 ================================================================================ 2011/06/26 20:17:04.0079 5616 61883 (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys 2011/06/26 20:17:04.0204 5616 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 2011/06/26 20:17:04.0360 5616 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 2011/06/26 20:17:04.0469 5616 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 2011/06/26 20:17:04.0532 5616 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 2011/06/26 20:17:04.0641 5616 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 2011/06/26 20:17:04.0781 5616 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 2011/06/26 20:17:04.0922 5616 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 2011/06/26 20:17:05.0000 5616 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2011/06/26 20:17:05.0062 5616 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys 2011/06/26 20:17:05.0124 5616 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 2011/06/26 20:17:05.0187 5616 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys 2011/06/26 20:17:05.0374 5616 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 2011/06/26 20:17:05.0452 5616 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys 2011/06/26 20:17:05.0577 5616 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\Windows\system32\Drivers\ssadadb.sys 2011/06/26 20:17:05.0717 5616 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 2011/06/26 20:17:05.0795 5616 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 2011/06/26 20:17:05.0951 5616 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\Windows\system32\drivers\aswFsBlk.sys 2011/06/26 20:17:06.0060 5616 aswMonFlt (9bdc8e9ce17b773f69d2c6696c768c4f) C:\Windows\system32\drivers\aswMonFlt.sys 2011/06/26 20:17:06.0170 5616 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\Windows\system32\drivers\aswRdr.sys 2011/06/26 20:17:06.0279 5616 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\Windows\system32\drivers\aswSnx.sys 2011/06/26 20:17:06.0388 5616 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\Windows\system32\drivers\aswSP.sys 2011/06/26 20:17:06.0528 5616 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\Windows\system32\drivers\aswTdi.sys 2011/06/26 20:17:06.0684 5616 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/06/26 20:17:06.0794 5616 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 2011/06/26 20:17:06.0934 5616 Avc (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys 2011/06/26 20:17:07.0106 5616 BCM43XV (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys 2011/06/26 20:17:07.0168 5616 BCM43XX (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys 2011/06/26 20:17:07.0277 5616 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 2011/06/26 20:17:07.0620 5616 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 2011/06/26 20:17:07.0714 5616 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2011/06/26 20:17:07.0854 5616 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2011/06/26 20:17:07.0964 5616 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2011/06/26 20:17:08.0057 5616 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2011/06/26 20:17:08.0120 5616 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2011/06/26 20:17:08.0213 5616 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2011/06/26 20:17:08.0291 5616 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 2011/06/26 20:17:08.0494 5616 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/06/26 20:17:08.0634 5616 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 2011/06/26 20:17:08.0697 5616 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 2011/06/26 20:17:08.0837 5616 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 2011/06/26 20:17:08.0962 5616 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/06/26 20:17:09.0056 5616 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys 2011/06/26 20:17:09.0134 5616 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 2011/06/26 20:17:09.0212 5616 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 2011/06/26 20:17:09.0305 5616 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 2011/06/26 20:17:09.0524 5616 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 2011/06/26 20:17:09.0664 5616 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 2011/06/26 20:17:09.0851 5616 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys 2011/06/26 20:17:09.0945 5616 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys 2011/06/26 20:17:10.0116 5616 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys 2011/06/26 20:17:10.0257 5616 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 2011/06/26 20:17:10.0366 5616 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 2011/06/26 20:17:10.0506 5616 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys 2011/06/26 20:17:10.0600 5616 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 2011/06/26 20:17:10.0694 5616 eabfiltr (e88b0cfcecf745211bba87f44f85d0dd) C:\Windows\system32\DRIVERS\eabfiltr.sys 2011/06/26 20:17:10.0928 5616 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 2011/06/26 20:17:11.0130 5616 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 2011/06/26 20:17:11.0333 5616 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 2011/06/26 20:17:11.0474 5616 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 2011/06/26 20:17:11.0583 5616 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 2011/06/26 20:17:11.0770 5616 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 2011/06/26 20:17:11.0895 5616 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 2011/06/26 20:17:12.0020 5616 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/06/26 20:17:12.0176 5616 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 2011/06/26 20:17:12.0347 5616 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 2011/06/26 20:17:12.0456 5616 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 2011/06/26 20:17:12.0659 5616 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys 2011/06/26 20:17:12.0784 5616 HdAudAddService (a08f4808fb19a40792a6056848187afe) C:\Windows\system32\drivers\CHDART.sys 2011/06/26 20:17:12.0940 5616 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/06/26 20:17:13.0080 5616 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2011/06/26 20:17:13.0205 5616 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2011/06/26 20:17:13.0299 5616 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 2011/06/26 20:17:13.0439 5616 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 2011/06/26 20:17:13.0611 5616 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 2011/06/26 20:17:13.0767 5616 HSF_DPV (0d7a055a840c3099c37d576573a42cd5) C:\Windows\system32\DRIVERS\HSX_DPV.sys 2011/06/26 20:17:13.0923 5616 HSXHWAZL (bcc074692882c056b0e1ac97f3331a02) C:\Windows\system32\DRIVERS\HSXHWAZL.sys 2011/06/26 20:17:14.0048 5616 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 2011/06/26 20:17:14.0126 5616 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 2011/06/26 20:17:14.0282 5616 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/06/26 20:17:14.0422 5616 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys 2011/06/26 20:17:14.0578 5616 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 2011/06/26 20:17:14.0703 5616 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2011/06/26 20:17:14.0796 5616 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys 2011/06/26 20:17:14.0937 5616 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys 2011/06/26 20:17:15.0077 5616 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/06/26 20:17:15.0264 5616 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 2011/06/26 20:17:15.0389 5616 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 2011/06/26 20:17:15.0670 5616 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 2011/06/26 20:17:15.0795 5616 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 2011/06/26 20:17:15.0873 5616 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/06/26 20:17:15.0966 5616 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2011/06/26 20:17:16.0076 5616 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2011/06/26 20:17:16.0169 5616 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/06/26 20:17:16.0278 5616 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/06/26 20:17:16.0403 5616 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 2011/06/26 20:17:16.0575 5616 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/06/26 20:17:16.0715 5616 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 2011/06/26 20:17:16.0793 5616 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 2011/06/26 20:17:16.0918 5616 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 2011/06/26 20:17:17.0027 5616 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 2011/06/26 20:17:17.0261 5616 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\Windows\system32\drivers\MCSTRM.sys 2011/06/26 20:17:17.0402 5616 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys 2011/06/26 20:17:17.0480 5616 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 2011/06/26 20:17:17.0604 5616 mfeapfk (b5c306c5b5e7417b9d2b410894678069) C:\Windows\system32\drivers\mfeapfk.sys 2011/06/26 20:17:17.0651 5616 mfeavfk (87b28198b308af3469d6e0b81d86c1fa) C:\Windows\system32\drivers\mfeavfk.sys 2011/06/26 20:17:17.0714 5616 mfebopk (cf37784dd24c83f62626bc0ea3f5e386) C:\Windows\system32\drivers\mfebopk.sys 2011/06/26 20:17:17.0792 5616 mfehidk (241c09c7d8c589ea1d72a36e6578e42c) C:\Windows\system32\drivers\mfehidk.sys 2011/06/26 20:17:17.0901 5616 mferkdk (37b5228bea6b4429ffb90dfa77af4431) C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys 2011/06/26 20:17:18.0026 5616 mfetdik (19c2d8af421e96d12e4004ca2162dbe9) C:\Windows\system32\drivers\mfetdik.sys 2011/06/26 20:17:18.0182 5616 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 2011/06/26 20:17:18.0306 5616 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 2011/06/26 20:17:18.0447 5616 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 2011/06/26 20:17:18.0509 5616 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 2011/06/26 20:17:18.0650 5616 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 2011/06/26 20:17:18.0743 5616 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 2011/06/26 20:17:18.0915 5616 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 2011/06/26 20:17:19.0024 5616 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2011/06/26 20:17:19.0118 5616 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 2011/06/26 20:17:19.0242 5616 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/06/26 20:17:19.0352 5616 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/06/26 20:17:19.0476 5616 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/06/26 20:17:19.0586 5616 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys 2011/06/26 20:17:19.0695 5616 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 2011/06/26 20:17:19.0866 5616 MSDV (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys 2011/06/26 20:17:20.0007 5616 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 2011/06/26 20:17:20.0163 5616 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 2011/06/26 20:17:20.0350 5616 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 2011/06/26 20:17:20.0459 5616 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/06/26 20:17:20.0537 5616 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 2011/06/26 20:17:20.0662 5616 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 2011/06/26 20:17:20.0771 5616 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/06/26 20:17:20.0990 5616 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 2011/06/26 20:17:21.0130 5616 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 2011/06/26 20:17:21.0286 5616 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 2011/06/26 20:17:21.0458 5616 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 2011/06/26 20:17:21.0629 5616 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/06/26 20:17:21.0738 5616 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/06/26 20:17:21.0879 5616 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/06/26 20:17:22.0019 5616 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 2011/06/26 20:17:22.0160 5616 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 2011/06/26 20:17:22.0331 5616 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 2011/06/26 20:17:22.0596 5616 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2011/06/26 20:17:22.0752 5616 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 2011/06/26 20:17:22.0862 5616 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 2011/06/26 20:17:23.0002 5616 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 2011/06/26 20:17:23.0236 5616 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2011/06/26 20:17:23.0345 5616 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 2011/06/26 20:17:23.0501 5616 NVENETFD (a1108084b0d2fc43dcc401735770e2a3) C:\Windows\system32\DRIVERS\nvmfdx32.sys 2011/06/26 20:17:23.0969 5616 nvlddmkm (b36c3b866b0d47e2e2856ec8fd746e39) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2011/06/26 20:17:24.0250 5616 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 2011/06/26 20:17:24.0344 5616 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys 2011/06/26 20:17:24.0422 5616 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 2011/06/26 20:17:24.0531 5616 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 2011/06/26 20:17:24.0812 5616 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/06/26 20:17:24.0983 5616 P1130VID (37d3e66567e5082a783bea33cf69837c) C:\Windows\system32\DRIVERS\P1130Vid.sys 2011/06/26 20:17:25.0139 5616 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 2011/06/26 20:17:25.0248 5616 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 2011/06/26 20:17:25.0373 5616 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 2011/06/26 20:17:25.0514 5616 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 2011/06/26 20:17:25.0638 5616 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys 2011/06/26 20:17:25.0826 5616 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 2011/06/26 20:17:25.0966 5616 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2011/06/26 20:17:26.0231 5616 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 2011/06/26 20:17:26.0309 5616 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 2011/06/26 20:17:26.0418 5616 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 2011/06/26 20:17:26.0543 5616 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys 2011/06/26 20:17:26.0668 5616 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 2011/06/26 20:17:26.0855 5616 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2011/06/26 20:17:26.0980 5616 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 2011/06/26 20:17:27.0120 5616 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 2011/06/26 20:17:27.0292 5616 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/06/26 20:17:27.0432 5616 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/06/26 20:17:27.0666 5616 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 2011/06/26 20:17:27.0947 5616 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 2011/06/26 20:17:28.0072 5616 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/06/26 20:17:28.0150 5616 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 2011/06/26 20:17:28.0228 5616 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 2011/06/26 20:17:28.0384 5616 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 2011/06/26 20:17:28.0493 5616 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys 2011/06/26 20:17:28.0602 5616 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys 2011/06/26 20:17:28.0696 5616 rismxdp (c663af77e2f4eabf8eb08b388d2f1f36) C:\Windows\system32\DRIVERS\rixdptsk.sys 2011/06/26 20:17:28.0821 5616 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 2011/06/26 20:17:28.0961 5616 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2011/06/26 20:17:29.0133 5616 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys 2011/06/26 20:17:29.0195 5616 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/06/26 20:17:29.0304 5616 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 2011/06/26 20:17:29.0367 5616 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 2011/06/26 20:17:29.0492 5616 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 2011/06/26 20:17:29.0585 5616 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys 2011/06/26 20:17:29.0679 5616 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 2011/06/26 20:17:29.0757 5616 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys 2011/06/26 20:17:29.0819 5616 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2011/06/26 20:17:29.0928 5616 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 2011/06/26 20:17:30.0053 5616 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 2011/06/26 20:17:30.0147 5616 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 2011/06/26 20:17:30.0287 5616 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 2011/06/26 20:17:30.0443 5616 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 2011/06/26 20:17:30.0537 5616 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 2011/06/26 20:17:30.0646 5616 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 2011/06/26 20:17:30.0786 5616 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 2011/06/26 20:17:30.0896 5616 ssadbus (6d83ff6722baf7e82a4521dbec363e5a) C:\Windows\system32\DRIVERS\ssadbus.sys 2011/06/26 20:17:30.0974 5616 ssadmdfl (5ae42e90f99749e0e35b9989a2d0275c) C:\Windows\system32\DRIVERS\ssadmdfl.sys 2011/06/26 20:17:31.0020 5616 ssadmdm (9285d8aba50a4d6482b1574448f9eb76) C:\Windows\system32\DRIVERS\ssadmdm.sys 2011/06/26 20:17:31.0145 5616 sscdbus (069351a1d7d291013177a90ae6edccbc) C:\Windows\system32\DRIVERS\sscdbus.sys 2011/06/26 20:17:31.0254 5616 sscdmdfl (1c925be223a5c0f9f469252292a48df6) C:\Windows\system32\DRIVERS\sscdmdfl.sys 2011/06/26 20:17:31.0348 5616 sscdmdm (ae3e77ae0fbdb07eb1ac3fed74a0695e) C:\Windows\system32\DRIVERS\sscdmdm.sys 2011/06/26 20:17:31.0535 5616 StillCam (7a95b5deb594616f1693486b8161411e) C:\Windows\system32\DRIVERS\serscan.sys 2011/06/26 20:17:31.0691 5616 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 2011/06/26 20:17:31.0785 5616 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2011/06/26 20:17:31.0910 5616 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2011/06/26 20:17:31.0988 5616 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2011/06/26 20:17:32.0112 5616 SynTP (8327106d1c93e9a7b98e63b9fcc24bb7) C:\Windows\system32\DRIVERS\SynTP.sys 2011/06/26 20:17:32.0300 5616 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys 2011/06/26 20:17:32.0440 5616 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys 2011/06/26 20:17:32.0627 5616 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 2011/06/26 20:17:32.0830 5616 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 2011/06/26 20:17:33.0111 5616 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 2011/06/26 20:17:33.0314 5616 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 2011/06/26 20:17:33.0407 5616 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 2011/06/26 20:17:33.0548 5616 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/06/26 20:17:33.0688 5616 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 2011/06/26 20:17:33.0797 5616 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 2011/06/26 20:17:33.0922 5616 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 2011/06/26 20:17:34.0062 5616 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 2011/06/26 20:17:34.0172 5616 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 2011/06/26 20:17:34.0265 5616 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 2011/06/26 20:17:34.0390 5616 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2011/06/26 20:17:34.0484 5616 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2011/06/26 20:17:34.0608 5616 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 2011/06/26 20:17:34.0827 5616 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys 2011/06/26 20:17:34.0952 5616 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/06/26 20:17:35.0045 5616 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2011/06/26 20:17:35.0170 5616 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 2011/06/26 20:17:35.0310 5616 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 2011/06/26 20:17:35.0466 5616 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys 2011/06/26 20:17:35.0560 5616 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 2011/06/26 20:17:35.0700 5616 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 2011/06/26 20:17:35.0841 5616 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/06/26 20:17:35.0950 5616 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/06/26 20:17:36.0044 5616 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys 2011/06/26 20:17:36.0200 5616 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/06/26 20:17:36.0340 5616 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 2011/06/26 20:17:36.0418 5616 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 2011/06/26 20:17:36.0496 5616 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 2011/06/26 20:17:36.0636 5616 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys 2011/06/26 20:17:36.0746 5616 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 2011/06/26 20:17:36.0855 5616 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 2011/06/26 20:17:37.0073 5616 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 2011/06/26 20:17:37.0198 5616 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 2011/06/26 20:17:37.0385 5616 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2011/06/26 20:17:37.0479 5616 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/06/26 20:17:37.0510 5616 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/06/26 20:17:37.0650 5616 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 2011/06/26 20:17:37.0838 5616 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 2011/06/26 20:17:38.0056 5616 winachsf (3b4522d0e750bac8fe7ae61622a57014) C:\Windows\system32\DRIVERS\HSX_CNXT.sys 2011/06/26 20:17:38.0212 5616 WinDriver6 (097a8291df541f9b9af2c500797cdcaa) C:\Windows\system32\drivers\windrvr6.sys 2011/06/26 20:17:38.0477 5616 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/06/26 20:17:38.0664 5616 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 2011/06/26 20:17:38.0774 5616 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/06/26 20:17:38.0883 5616 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys 2011/06/26 20:17:39.0054 5616 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/06/26 20:17:39.0132 5616 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys 2011/06/26 20:17:39.0210 5616 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0 2011/06/26 20:17:39.0242 5616 ================================================================================ 2011/06/26 20:17:39.0242 5616 Scan finished 2011/06/26 20:17:39.0242 5616 ================================================================================ 2011/06/26 20:17:39.0257 5608 Detected object count: 0 2011/06/26 20:17:39.0257 5608 Actual detected object count: 0 GooredFix.txt
  10. MJFischer
    Hello, thank you for considering my problem. Problem: I had a redirect virus and then eventually my computer shut down (over the course of a week) I got a FOF (friend of the family) to get the computer to turn on normal, runs normal, but the redirect is still functioning. He installed avast and malwarebytes pro ($25) (I can give you the reg code) The redirect is stopped by avast, but the new window only opens the desired website occasionally. Otherwise, I dont get to where I want to go unless I type in the URL. Here is the DSS.txt . DDS (Ver_2011-06-12.02) - NTFSx86 Internet Explorer: 7.0.6002.18005 Run by Mary Jean at 9:54:12 on 2011-06-23 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.895 [GMT -7:00] . AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\rundll32.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\lxbfcoms.exe C:\Program Files\Maxtor\Sync\SyncServices.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Windows\system32\taskeng.exe C:\PROGRA~1\Maxtor\MANAGE~1\msssort.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\rundll32.exe C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Creative\Shared Files\CamTray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\ehome\ehtray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe C:\Windows\system32\ctfmon.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe" mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [Creative WebCam Tray] c:\program files\creative\shared files\CAMTRAY.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll LSP: c:\windows\system32\wpclsp.dll Trusted Zone: aol.com\free DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxp://165.248.105.228/dwa7W.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{3C4C231C-BD71-4AC7-A165-5023550969D3} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{615E413A-54E7-4B4D-88DF-8478D3D087B1} : DhcpNameServer = 192.168.1.1 mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" . ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-8 441176] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-8 307928] R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-29 31944] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-8 19544] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-6-8 53592] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-6-8 42184] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-16 21504] R2 lxbf_device;lxbf_device;c:\windows\system32\lxbfcoms.exe -service --> c:\windows\system32\lxbfcoms.exe -service [?] R2 Maxtor Sync Services;Maxtor Service;c:\program files\maxtor\sync\SyncServices.exe [2008-4-1 161120] R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-9-16 16896] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-23 135664] S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-4-26 30312] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-23 135664] S3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-6-10 72264] S3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-6-10 34152] S3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-6-10 170408] S3 P1130VID;Creative WebCam NX Pro;c:\windows\system32\drivers\P1130Vid.sys [2004-5-4 90229] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-4-26 96488] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-4-26 12776] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-4-26 121576] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-6-10 104000] S4 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2007-2-22 144960] S4 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2007-2-22 54872] . =============== Created Last 30 ================ . 2011-06-17 17:35:48 102400 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\lxbfpp5c.dll 2011-06-17 17:31:45 -------- d-----w- C:\drivers 2011-06-16 20:26:49 -------- d-sh--w- C:\$RECYCLE.BIN 2011-06-16 20:06:56 98816 ----a-w- c:\windows\sed.exe 2011-06-16 20:06:56 518144 ----a-w- c:\windows\SWREG.exe 2011-06-16 20:06:56 256512 ----a-w- c:\windows\PEV.exe 2011-06-16 20:06:56 208896 ----a-w- c:\windows\MBR.exe 2011-06-16 20:01:41 -------- d-----w- c:\users\mary jean\appdata\roaming\Malwarebytes 2011-06-16 20:01:33 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-16 20:01:32 -------- d-----w- c:\programdata\Malwarebytes 2011-06-16 20:01:28 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-16 20:01:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-06-15 19:40:59 766464 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll 2011-06-15 19:40:57 563712 ----a-w- c:\windows\system32\oleaut32.dll 2011-06-15 19:40:37 739328 ----a-w- c:\windows\system32\inetcomm.dll 2011-06-15 19:40:33 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-06-15 19:40:33 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-06-15 19:40:33 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-06-15 19:40:28 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat 2011-06-09 00:18:40 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-06-09 00:18:37 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2011-06-09 00:17:11 40112 ----a-w- c:\windows\avastSS.scr 2011-06-09 00:16:38 -------- d-----w- c:\programdata\AVAST Software 2011-06-09 00:16:38 -------- d-----w- c:\program files\AVAST Software 2011-06-09 00:06:05 -------- d-----w- c:\program files\CCleaner 2011-06-08 23:59:56 888 ----a-w- C:\exe.reg 2011-06-08 23:29:23 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-06-08 22:34:13 -------- d-----w- c:\program files\Hitman Pro 3.5 2011-06-08 22:12:11 -------- d-----w- c:\programdata\Hitman Pro 2011-06-08 21:59:52 0 ---ha-w- c:\users\mary jean\appdata\local\BITFEB8.tmp 2011-06-08 21:55:59 -------- d-----w- c:\windows\pss 2011-06-08 21:48:41 0 ---ha-w- c:\users\mary jean\appdata\local\BITBFA7.tmp 2011-06-07 16:23:50 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f605fd73-ecc4-4df2-8d21-4eb6711dffb3}\mpengine.dll . ==================== Find3M ==================== . 2011-04-29 13:25:10 146432 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-04-29 13:25:09 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-04-27 06:35:00 4659712 ----a-w- c:\windows\system32\Redemption.dll 2011-04-27 06:34:58 770912 ----a-w- c:\windows\system32\Msfdbqp.dll 2011-04-27 06:34:58 397152 ----a-w- c:\windows\system32\Msfdbse.dll 2011-04-27 06:34:58 230240 ----a-w- c:\windows\system32\Msfdb.dll 2011-04-27 06:34:58 189792 ----a-w- c:\windows\system32\SimpleProviders2.dll 2011-04-27 06:34:57 511328 ----a-w- c:\windows\system32\Synchronization2.dll 2011-04-27 06:34:57 253280 ----a-w- c:\windows\system32\MetaStore2.dll 2011-04-27 06:34:57 171360 ----a-w- c:\windows\system32\FileSyncProvider2.dll 2011-04-27 06:34:57 156512 ----a-w- c:\windows\system32\FeedSync2.dll 2011-04-21 16:04:00 834048 ----a-w- c:\windows\system32\wininet.dll 2011-04-21 14:57:48 78336 ----a-w- c:\windows\system32\ieencode.dll 2011-04-21 14:15:09 389632 ----a-w- c:\windows\system32\html.iec 2011-04-21 13:58:27 273408 ----a-w- c:\windows\system32\drivers\afd.sys 2011-04-14 14:59:03 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys 2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr 2011-03-30 01:55:52 821824 ----a-w- c:\windows\system32\dgderapi.dll 2011-03-30 01:55:52 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys 1996-09-20 11:15:20 57344 ----a-w- c:\program files\PGCNTL32.DLL 1996-09-20 11:14:48 212480 ----a-w- c:\program files\PCDLIB32.DLL 1996-09-20 11:14:30 17920 ----a-w- c:\program files\IMPLODE.DLL 1996-09-20 11:13:58 74240 ----a-w- c:\program files\INFOLINK.DLL 1996-09-20 11:08:00 49264 ----a-w- c:\program files\LAUNCH16.DLL 1996-09-20 11:08:00 48640 ----a-w- c:\program files\LAUNCH32.DLL . ============= FINISH: 9:55:10.48 =============== Attached are the zip files Thank you ark.zip
  11. MJFischer
    Hello - would you please advise me on this issue. I had a google redirect virus and after about three days of trying to fix it myself the whole computer "crashed" I called a computer fix-it guy (Friend of Family) who I will ahve to pay for his 3 hours of work that got my computer to boot up and run - I still have the google redirect though avast! stops the page from opening. Google search is useless to me I cannot update MBAM. I have tried to find a solution on the forums, but it looks like I need personal attention. I did STEP 1 and STEP 2 from a similar post 1. here is the SIGVERIF.TXT 2. here is the DDS.txt and the Attach.txt 3. Needs to be sent privately. How do I do that? SIGVERIF.TXT DDS.txt Attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.