Jump to content

Search Engine redirect malware


Recommended Posts

I've been dealing with this irritating redirect problem for a few weeks now. In addition to your typically great program I have AVG and used it with HitmanPro at the recommendation of a friend. No luck. I hope I'm doing everything correctly here, what follows is the dds.txt log, and I've attached the attach.txt log. My huge thanks in advance.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.13

Run by Owner at 16:44:05 on 2011-10-31

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1088 [GMT -7:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Flip Video\FlipShare\FlipShareService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe

C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\WINDOWS\system32\tcpsvcs.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\AVG\AVG2012\avgemcx.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Digital Media Reader\readericon45G.exe

C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\BigFix\bigfix.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\NOTEPAD.EXE

.

============== Pseudo HJT Report ===============

.

uSearch Bar = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5056

uStart Page = https://mail.google.com/mail/?shva=1#inbox

mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5056

mURLSearchHooks: H - No File

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.34\AVG Secure Search_toolbar.dll

BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.34\AVG Secure Search_toolbar.dll

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [readericon] c:\program files\digital media reader\readericon45G.exe

mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe

mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE

mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall

mRun: [AmazonGSDownloaderTray] c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderTray.exe

mRun: [nwiz] nwiz.exe /install

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

dRun: [Power2GoExpress] NA

dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\bigfix.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventr~1.lnk - c:\program files\printmaster gold 18\Remind.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE

IE: E&xport to Microsoft Excel

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{9E9AAD84-744A-4AF9-8F16-63C625CE6779} : DhcpNameServer = 192.168.3.1

TCP: Interfaces\{E641CF65-796E-4313-9D68-BC315B41D538} : DhcpNameServer = 192.168.1.254

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\8.0.1\ViProtocol.dll

Notify: LMIinit - LMIinit.dll

Hosts: 94.63.240.149 www.google.com

Hosts: 94.63.240.150 www.bing.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\fa5dfxty.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Baf234b50-c827-45e2-9dbb-1019124c7d84%7D&mid=3d032b4c4c8f47d680f7d129f5db4d8c-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&ds=AVG&v=8.0.0.34.1〈=en&pr=fr&d=2011-09-27%2016%3A46%3A26&sap=ku&q=

FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll

FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll

FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\fa5dfxty.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 229840]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 295248]

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2010-9-2 13696]

R2 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [2010-3-24 401920]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-12 5265248]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]

R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2010-12-15 1085440]

R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2010-1-16 14336]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-3-1 374152]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-3-31 47640]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\8.0.1\ToolbarUpdater.exe [2011-9-27 246600]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 16720]

R3 TUSB1150;Airties WUS-300 USB Wireless Adapter (TNETW1450);c:\windows\system32\drivers\TUSB1150.sys [2011-1-7 450944]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-9-2 1684736]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-2 947528]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

.

=============== File Associations ===============

.

exefile="c:\documents and settings\networkservice\local settings\application data\pyb.exe" -a "%1" %*

.

=============== Created Last 30 ================

.

2011-10-31 23:15:17 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-15 07:43:21 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE

2011-10-15 00:17:21 -------- d-----w- c:\documents and settings\owner\application data\Hiylg

2011-10-15 00:17:21 -------- d-----w- c:\documents and settings\owner\application data\Akyrec

.

==================== Find3M ====================

.

2011-10-31 22:42:51 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-10-23 20:22:52 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-13 13:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-09-01 00:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-17 21:32:17 832512 ----a-w- c:\windows\system32\wininet.dll

2011-08-17 21:32:16 78336 ----a-w- c:\windows\system32\ieencode.dll

2011-08-17 21:32:16 1830912 ------w- c:\windows\system32\inetcpl.cpl

2011-08-17 21:32:15 17408 ------w- c:\windows\system32\corpol.dll

2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2011-08-17 12:22:23 389120 ----a-w- c:\windows\system32\html.iec

2011-08-12 20:51:26 26488 ----a-w- c:\windows\system32\spupdsvc.exe

.

============= FINISH: 16:44:46.78 ===============

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Link to post
Share on other sites

Ok, here is the MBAM scan log:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8093

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

11/5/2011 2:23:30 PM

mbam-log-2011-11-05 (14-23-30).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 377058

Time elapsed: 1 hour(s), 42 minute(s), 30 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

As for computer behavior, when I search the web the links no longer go to where they're supposed to go. It redirects to something called "yokosearch". In addition AVG is informing me with a pop-up that firefox is using a lot of memory (on the order of 350-650 mb) after I've been online for more than about 15 minutes. Other than these two things, computer performance seems normal. Please let me know how to proceed.

Link to post
Share on other sites

Please don't attach the scans / logs from these scans, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

  • If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • It doesn't take long to run, once it is finished move onto the next step

Next:

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Apologies for delay, was away from computer for last 3 days on family emergency. Followed instructions step by step, here is the requested log report:

13:17:16.0521 2180 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:51

13:17:16.0974 2180 ============================================================

13:17:16.0974 2180 Current date / time: 2011/11/09 13:17:16.0974

13:17:16.0974 2180 SystemInfo:

13:17:16.0974 2180

13:17:16.0974 2180 OS Version: 5.1.2600 ServicePack: 3.0

13:17:16.0974 2180 Product type: Workstation

13:17:16.0974 2180 ComputerName: SURLYDRUNK

13:17:16.0974 2180 UserName: Owner

13:17:16.0974 2180 Windows directory: C:\WINDOWS

13:17:16.0974 2180 System windows directory: C:\WINDOWS

13:17:16.0974 2180 Processor architecture: Intel x86

13:17:16.0974 2180 Number of processors: 1

13:17:16.0974 2180 Page size: 0x1000

13:17:16.0974 2180 Boot type: Normal boot

13:17:16.0974 2180 ============================================================

13:17:18.0678 2180 Initialize success

13:17:51.0709 3928 ============================================================

13:17:51.0709 3928 Scan started

13:17:51.0709 3928 Mode: Manual;

13:17:51.0709 3928 ============================================================

13:17:52.0131 3928 Abiosdsk - ok

13:17:52.0178 3928 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

13:17:52.0193 3928 abp480n5 - ok

13:17:52.0240 3928 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

13:17:52.0240 3928 ACPI - ok

13:17:52.0271 3928 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

13:17:52.0271 3928 ACPIEC - ok

13:17:52.0287 3928 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

13:17:52.0287 3928 adpu160m - ok

13:17:52.0318 3928 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

13:17:52.0318 3928 aec - ok

13:17:52.0365 3928 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

13:17:52.0381 3928 AFD - ok

13:17:52.0521 3928 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

13:17:52.0537 3928 agp440 - ok

13:17:52.0537 3928 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

13:17:52.0537 3928 agpCPQ - ok

13:17:52.0584 3928 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

13:17:52.0584 3928 Aha154x - ok

13:17:52.0599 3928 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

13:17:52.0599 3928 aic78u2 - ok

13:17:52.0599 3928 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

13:17:52.0615 3928 aic78xx - ok

13:17:52.0740 3928 ALCXWDM (92ae420be14b0d97d14dac4aba22a702) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

13:17:52.0787 3928 ALCXWDM - ok

13:17:52.0974 3928 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

13:17:52.0974 3928 AliIde - ok

13:17:52.0990 3928 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

13:17:53.0006 3928 alim1541 - ok

13:17:53.0068 3928 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys

13:17:53.0084 3928 Ambfilt - ok

13:17:53.0099 3928 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

13:17:53.0099 3928 amdagp - ok

13:17:53.0115 3928 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

13:17:53.0115 3928 amsint - ok

13:17:53.0162 3928 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

13:17:53.0162 3928 Arp1394 - ok

13:17:53.0365 3928 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

13:17:53.0365 3928 asc - ok

13:17:53.0396 3928 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

13:17:53.0396 3928 asc3350p - ok

13:17:53.0428 3928 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

13:17:53.0428 3928 asc3550 - ok

13:17:53.0474 3928 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

13:17:53.0474 3928 AsyncMac - ok

13:17:53.0490 3928 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

13:17:53.0490 3928 atapi - ok

13:17:53.0490 3928 Atdisk - ok

13:17:53.0521 3928 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

13:17:53.0521 3928 Atmarpc - ok

13:17:53.0553 3928 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

13:17:53.0553 3928 audstub - ok

13:17:53.0615 3928 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

13:17:53.0615 3928 AVGIDSDriver - ok

13:17:53.0803 3928 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

13:17:53.0803 3928 AVGIDSEH - ok

13:17:53.0818 3928 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

13:17:53.0818 3928 AVGIDSFilter - ok

13:17:54.0006 3928 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

13:17:54.0021 3928 AVGIDSShim - ok

13:17:54.0053 3928 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

13:17:54.0053 3928 Avgldx86 - ok

13:17:54.0068 3928 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

13:17:54.0068 3928 Avgmfx86 - ok

13:17:54.0115 3928 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

13:17:54.0115 3928 Avgrkx86 - ok

13:17:54.0146 3928 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

13:17:54.0146 3928 Avgtdix - ok

13:17:54.0365 3928 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

13:17:54.0396 3928 Beep - ok

13:17:54.0443 3928 BIOS (be5d50529799b9bab6be879ec768b6cf) C:\WINDOWS\system32\drivers\BIOS.sys

13:17:54.0459 3928 BIOS - ok

13:17:54.0474 3928 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

13:17:54.0474 3928 cbidf - ok

13:17:54.0584 3928 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

13:17:54.0599 3928 cbidf2k - ok

13:17:54.0599 3928 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

13:17:54.0599 3928 cd20xrnt - ok

13:17:54.0631 3928 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

13:17:54.0631 3928 Cdaudio - ok

13:17:54.0662 3928 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

13:17:54.0662 3928 Cdfs - ok

13:17:54.0709 3928 Cdr4_xp (2552670e5fbcfdb540eeb426af39704d) C:\WINDOWS\system32\drivers\Cdr4_xp.sys

13:17:54.0709 3928 Cdr4_xp - ok

13:17:54.0740 3928 Cdralw2k (b761b10d6a541be69ea448a8429d30b0) C:\WINDOWS\system32\drivers\Cdralw2k.sys

13:17:54.0740 3928 Cdralw2k - ok

13:17:54.0756 3928 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

13:17:54.0756 3928 Cdrom - ok

13:17:54.0771 3928 Changer - ok

13:17:54.0787 3928 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

13:17:54.0787 3928 CmdIde - ok

13:17:54.0818 3928 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

13:17:54.0818 3928 Cpqarray - ok

13:17:54.0849 3928 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

13:17:54.0849 3928 dac2w2k - ok

13:17:54.0959 3928 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

13:17:54.0959 3928 dac960nt - ok

13:17:54.0974 3928 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

13:17:54.0974 3928 Disk - ok

13:17:55.0037 3928 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

13:17:55.0037 3928 dmboot - ok

13:17:55.0084 3928 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

13:17:55.0084 3928 dmio - ok

13:17:55.0193 3928 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

13:17:55.0193 3928 dmload - ok

13:17:55.0256 3928 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

13:17:55.0256 3928 DMusic - ok

13:17:55.0271 3928 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

13:17:55.0271 3928 dpti2o - ok

13:17:55.0303 3928 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

13:17:55.0349 3928 drmkaud - ok

13:17:55.0396 3928 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

13:17:55.0396 3928 Fastfat - ok

13:17:55.0443 3928 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

13:17:55.0443 3928 Fdc - ok

13:17:55.0459 3928 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

13:17:55.0459 3928 Fips - ok

13:17:55.0474 3928 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

13:17:55.0474 3928 Flpydisk - ok

13:17:55.0599 3928 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

13:17:55.0599 3928 FltMgr - ok

13:17:55.0631 3928 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

13:17:55.0631 3928 Fs_Rec - ok

13:17:55.0662 3928 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

13:17:55.0662 3928 Ftdisk - ok

13:17:55.0724 3928 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

13:17:55.0724 3928 Gpc - ok

13:17:55.0787 3928 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

13:17:55.0787 3928 HDAudBus - ok

13:17:55.0803 3928 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

13:17:55.0803 3928 HidUsb - ok

13:17:55.0928 3928 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

13:17:55.0928 3928 hpn - ok

13:17:55.0974 3928 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

13:17:55.0974 3928 HPZid412 - ok

13:17:55.0990 3928 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

13:17:55.0990 3928 HPZipr12 - ok

13:17:56.0021 3928 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

13:17:56.0021 3928 HPZius12 - ok

13:17:56.0053 3928 HSFHWBS2 (c02dc9d4358e43d088f2061c2b2bf30e) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

13:17:56.0053 3928 HSFHWBS2 - ok

13:17:56.0099 3928 HSF_DPV (cbf6831420a97e8fbb91e5f52b707ef7) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

13:17:56.0115 3928 HSF_DPV - ok

13:17:56.0178 3928 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

13:17:56.0178 3928 HTTP - ok

13:17:56.0224 3928 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

13:17:56.0224 3928 i2omgmt - ok

13:17:56.0349 3928 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

13:17:56.0349 3928 i2omp - ok

13:17:56.0396 3928 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

13:17:56.0396 3928 i8042prt - ok

13:17:56.0490 3928 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\IASTOR.SYS

13:17:56.0521 3928 iaStor - ok

13:17:56.0553 3928 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

13:17:56.0553 3928 Imapi - ok

13:17:56.0599 3928 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

13:17:56.0599 3928 ini910u - ok

13:17:56.0912 3928 IntcAzAudAddService (27fea349f8043666f62b09729feb81ac) C:\WINDOWS\system32\drivers\RtkHDAud.sys

13:17:57.0099 3928 IntcAzAudAddService - ok

13:17:57.0303 3928 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

13:17:57.0303 3928 IntelIde - ok

13:17:57.0349 3928 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

13:17:57.0349 3928 Ip6Fw - ok

13:17:57.0396 3928 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

13:17:57.0412 3928 IpFilterDriver - ok

13:17:57.0428 3928 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

13:17:57.0428 3928 IpInIp - ok

13:17:57.0443 3928 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

13:17:57.0443 3928 IpNat - ok

13:17:57.0474 3928 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

13:17:57.0474 3928 IPSec - ok

13:17:57.0584 3928 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

13:17:57.0584 3928 IRENUM - ok

13:17:57.0599 3928 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

13:17:57.0599 3928 isapnp - ok

13:17:57.0646 3928 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

13:17:57.0646 3928 Kbdclass - ok

13:17:57.0678 3928 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

13:17:57.0678 3928 kbdhid - ok

13:17:57.0709 3928 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

13:17:57.0724 3928 kmixer - ok

13:17:57.0756 3928 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

13:17:57.0756 3928 KSecDD - ok

13:17:57.0771 3928 lbrtfdc - ok

13:17:57.0881 3928 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys

13:17:57.0881 3928 LMIInfo - ok

13:17:58.0037 3928 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys

13:17:58.0037 3928 lmimirr - ok

13:17:58.0037 3928 LMIRfsClientNP - ok

13:17:58.0084 3928 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys

13:17:58.0084 3928 LMIRfsDriver - ok

13:17:58.0146 3928 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

13:17:58.0146 3928 mdmxsdk - ok

13:17:58.0193 3928 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

13:17:58.0193 3928 MHNDRV - ok

13:17:58.0240 3928 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

13:17:58.0240 3928 mnmdd - ok

13:17:58.0349 3928 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

13:17:58.0381 3928 Modem - ok

13:17:58.0631 3928 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys

13:17:58.0646 3928 Monfilt - ok

13:17:58.0787 3928 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

13:17:58.0787 3928 Mouclass - ok

13:17:58.0849 3928 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

13:17:58.0849 3928 mouhid - ok

13:17:58.0865 3928 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

13:17:58.0865 3928 MountMgr - ok

13:17:58.0896 3928 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

13:17:58.0896 3928 mraid35x - ok

13:17:58.0912 3928 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

13:17:58.0912 3928 MRxDAV - ok

13:17:58.0959 3928 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

13:17:58.0974 3928 MRxSmb - ok

13:17:59.0115 3928 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

13:17:59.0115 3928 Msfs - ok

13:17:59.0209 3928 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

13:17:59.0209 3928 MSKSSRV - ok

13:17:59.0256 3928 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

13:17:59.0256 3928 MSPCLOCK - ok

13:17:59.0271 3928 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

13:17:59.0271 3928 MSPQM - ok

13:17:59.0318 3928 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

13:17:59.0318 3928 mssmbios - ok

13:17:59.0365 3928 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

13:17:59.0365 3928 Mup - ok

13:17:59.0428 3928 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys

13:17:59.0428 3928 mxnic - ok

13:17:59.0615 3928 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

13:17:59.0631 3928 NDIS - ok

13:17:59.0678 3928 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

13:17:59.0678 3928 NdisTapi - ok

13:17:59.0709 3928 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

13:17:59.0709 3928 Ndisuio - ok

13:17:59.0740 3928 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

13:17:59.0740 3928 NdisWan - ok

13:17:59.0787 3928 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

13:17:59.0787 3928 NDProxy - ok

13:17:59.0849 3928 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

13:17:59.0849 3928 NetBIOS - ok

13:17:59.0881 3928 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

13:17:59.0881 3928 NetBT - ok

13:17:59.0943 3928 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

13:17:59.0943 3928 NIC1394 - ok

13:17:59.0959 3928 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

13:17:59.0959 3928 Npfs - ok

13:18:00.0021 3928 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

13:18:00.0037 3928 Ntfs - ok

13:18:00.0099 3928 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

13:18:00.0099 3928 Null - ok

13:18:00.0287 3928 nv (eb2858f920b8135b807b5ccaa3ed73dc) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

13:18:00.0349 3928 nv - ok

13:18:00.0537 3928 NVENETFD (95486516f56c81a9c873db41b1fb5ae2) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

13:18:00.0553 3928 NVENETFD - ok

13:18:00.0615 3928 nvnetbus (11168759542065fa0a53713ab0618b5c) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

13:18:00.0615 3928 nvnetbus - ok

13:18:00.0678 3928 nvsmu (5ea2112447eb4dee9ef58d4bb2c89900) C:\WINDOWS\system32\DRIVERS\nvsmu.sys

13:18:00.0678 3928 nvsmu - ok

13:18:00.0709 3928 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

13:18:00.0724 3928 NwlnkFlt - ok

13:18:00.0834 3928 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

13:18:00.0834 3928 NwlnkFwd - ok

13:18:00.0896 3928 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

13:18:00.0896 3928 ohci1394 - ok

13:18:00.0943 3928 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys

13:18:00.0943 3928 P3 - ok

13:18:00.0959 3928 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

13:18:00.0959 3928 Parport - ok

13:18:00.0974 3928 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

13:18:00.0974 3928 PartMgr - ok

13:18:01.0021 3928 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

13:18:01.0021 3928 ParVdm - ok

13:18:01.0146 3928 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

13:18:01.0162 3928 PCI - ok

13:18:01.0178 3928 PCIDump - ok

13:18:01.0193 3928 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

13:18:01.0193 3928 PCIIde - ok

13:18:01.0240 3928 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

13:18:01.0240 3928 Pcmcia - ok

13:18:01.0256 3928 PDCOMP - ok

13:18:01.0271 3928 PDFRAME - ok

13:18:01.0271 3928 PDRELI - ok

13:18:01.0287 3928 PDRFRAME - ok

13:18:01.0303 3928 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

13:18:01.0303 3928 perc2 - ok

13:18:01.0318 3928 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

13:18:01.0318 3928 perc2hib - ok

13:18:01.0381 3928 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

13:18:01.0381 3928 PptpMiniport - ok

13:18:01.0396 3928 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

13:18:01.0396 3928 Processor - ok

13:18:01.0537 3928 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

13:18:01.0537 3928 PSched - ok

13:18:01.0599 3928 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

13:18:01.0599 3928 Ptilink - ok

13:18:01.0615 3928 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

13:18:01.0615 3928 ql1080 - ok

13:18:01.0631 3928 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

13:18:01.0631 3928 Ql10wnt - ok

13:18:01.0646 3928 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

13:18:01.0646 3928 ql12160 - ok

13:18:01.0662 3928 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

13:18:01.0662 3928 ql1240 - ok

13:18:01.0678 3928 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

13:18:01.0678 3928 ql1280 - ok

13:18:01.0693 3928 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

13:18:01.0693 3928 RasAcd - ok

13:18:01.0756 3928 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

13:18:01.0756 3928 Rasl2tp - ok

13:18:01.0865 3928 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

13:18:01.0881 3928 RasPppoe - ok

13:18:01.0943 3928 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

13:18:01.0943 3928 Raspti - ok

13:18:01.0974 3928 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

13:18:01.0974 3928 Rdbss - ok

13:18:01.0974 3928 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

13:18:01.0990 3928 RDPCDD - ok

13:18:02.0006 3928 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

13:18:02.0006 3928 rdpdr - ok

13:18:02.0053 3928 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

13:18:02.0068 3928 RDPWD - ok

13:18:02.0115 3928 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

13:18:02.0115 3928 redbook - ok

13:18:02.0162 3928 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

13:18:02.0162 3928 Secdrv - ok

13:18:02.0303 3928 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

13:18:02.0303 3928 Serenum - ok

13:18:02.0396 3928 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

13:18:02.0396 3928 Serial - ok

13:18:02.0459 3928 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

13:18:02.0459 3928 Sfloppy - ok

13:18:02.0553 3928 Simbad - ok

13:18:02.0599 3928 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

13:18:02.0646 3928 sisagp - ok

13:18:02.0693 3928 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

13:18:02.0693 3928 Sparrow - ok

13:18:02.0740 3928 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

13:18:02.0740 3928 splitter - ok

13:18:02.0865 3928 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

13:18:02.0865 3928 sr - ok

13:18:02.0928 3928 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

13:18:02.0943 3928 Srv - ok

13:18:02.0990 3928 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

13:18:02.0990 3928 swenum - ok

13:18:03.0021 3928 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

13:18:03.0021 3928 swmidi - ok

13:18:03.0068 3928 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

13:18:03.0068 3928 symc810 - ok

13:18:03.0131 3928 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

13:18:03.0131 3928 symc8xx - ok

13:18:03.0178 3928 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

13:18:03.0178 3928 sym_hi - ok

13:18:03.0178 3928 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

13:18:03.0193 3928 sym_u3 - ok

13:18:03.0209 3928 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

13:18:03.0209 3928 sysaudio - ok

13:18:03.0287 3928 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

13:18:03.0287 3928 Tcpip - ok

13:18:03.0334 3928 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys

13:18:03.0334 3928 Tcpip6 - ok

13:18:03.0443 3928 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

13:18:03.0443 3928 TDPIPE - ok

13:18:03.0521 3928 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

13:18:03.0537 3928 TDTCP - ok

13:18:03.0615 3928 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

13:18:03.0646 3928 TermDD - ok

13:18:03.0724 3928 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

13:18:03.0724 3928 TosIde - ok

13:18:03.0834 3928 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys

13:18:03.0834 3928 tunmp - ok

13:18:03.0896 3928 TUSB1150 (3185073c372caedddbac3a0eb09a9fcb) C:\WINDOWS\system32\DRIVERS\tusb1150.sys

13:18:03.0912 3928 TUSB1150 - ok

13:18:03.0974 3928 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

13:18:03.0974 3928 Udfs - ok

13:18:04.0006 3928 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

13:18:04.0006 3928 ultra - ok

13:18:04.0131 3928 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

13:18:04.0146 3928 Update - ok

13:18:04.0271 3928 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

13:18:04.0271 3928 usbccgp - ok

13:18:04.0334 3928 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

13:18:04.0334 3928 usbehci - ok

13:18:04.0459 3928 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

13:18:04.0459 3928 usbhub - ok

13:18:04.0521 3928 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

13:18:04.0521 3928 usbohci - ok

13:18:04.0553 3928 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

13:18:04.0553 3928 usbprint - ok

13:18:04.0584 3928 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

13:18:04.0584 3928 usbscan - ok

13:18:04.0631 3928 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

13:18:04.0631 3928 usbstor - ok

13:18:04.0709 3928 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

13:18:04.0709 3928 usbuhci - ok

13:18:04.0740 3928 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

13:18:04.0756 3928 VgaSave - ok

13:18:04.0787 3928 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

13:18:04.0803 3928 viaagp - ok

13:18:04.0881 3928 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

13:18:04.0881 3928 ViaIde - ok

13:18:04.0959 3928 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

13:18:04.0959 3928 VolSnap - ok

13:18:05.0006 3928 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

13:18:05.0006 3928 Wanarp - ok

13:18:05.0068 3928 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

13:18:05.0099 3928 wanatw - ok

13:18:05.0131 3928 WDICA - ok

13:18:05.0178 3928 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

13:18:05.0178 3928 wdmaud - ok

13:18:05.0240 3928 winachsf (59d043485a6eda2ed2685c81489ae5bd) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

13:18:05.0256 3928 winachsf - ok

13:18:05.0334 3928 MBR (0x1B8) (b20939cd98b7710036274839082ae757) \Device\Harddisk0\DR0

13:18:05.0334 3928 \Device\Harddisk0\DR0 - ok

13:18:05.0349 3928 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR3

13:18:05.0381 3928 \Device\Harddisk1\DR3 - ok

13:18:05.0381 3928 Boot (0x1200) (4ffc60614816fe20a9763f649d081013) \Device\Harddisk0\DR0\Partition0

13:18:05.0381 3928 \Device\Harddisk0\DR0\Partition0 - ok

13:18:05.0381 3928 Boot (0x1200) (04b6eae5c1e20d9b8cffc4c37d0d5d38) \Device\Harddisk0\DR0\Partition1

13:18:05.0381 3928 \Device\Harddisk0\DR0\Partition1 - ok

13:18:05.0396 3928 Boot (0x1200) (15655fda86a0bf49c4be12e10b1fc00d) \Device\Harddisk1\DR3\Partition0

13:18:05.0396 3928 \Device\Harddisk1\DR3\Partition0 - ok

13:18:05.0396 3928 ============================================================

13:18:05.0396 3928 Scan finished

13:18:05.0396 3928 ============================================================

13:18:05.0412 3080 Detected object count: 0

13:18:05.0412 3080 Actual detected object count: 0

I am still unable to use google searches. Still being redirected to "yokosearch" off of results. As before, other than this computer *seems* to be running normally. As ever, Thank you.

Link to post
Share on other sites

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Here is the combofix log:

ComboFix 11-11-09.02 - Owner 11/09/2011 15:38:32.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1518 [GMT -8:00]

Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\WINDOWS

c:\documents and settings\Default User\WINDOWS

c:\documents and settings\LogMeInRemoteUser\WINDOWS

c:\documents and settings\Owner\WINDOWS

c:\program files\Search Toolbar

c:\program files\Search Toolbar\icon.ico

c:\program files\Search Toolbar\SearchToolbar.dll

c:\program files\Search Toolbar\SearchToolbarUninstall.exe

c:\program files\Search Toolbar\SearchToolbarUpdater.exe

c:\windows\kb913800.exe

c:\windows\system32\config\systemprofile\WINDOWS

c:\windows\Update.bat

.

.

((((((((((((((((((((((((( Files Created from 2011-10-09 to 2011-11-09 )))))))))))))))))))))))))))))))

.

.

2011-11-09 20:14 . 2011-11-09 20:14 -------- d-----w- c:\windows\LastGood

2011-10-15 07:43 . 2011-11-05 19:39 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE

2011-10-15 00:17 . 2011-10-15 00:21 -------- d-----w- c:\documents and settings\Owner\Application Data\Hiylg

2011-10-15 00:17 . 2011-10-15 00:18 -------- d-----w- c:\documents and settings\Owner\Application Data\Akyrec

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-31 22:42 . 2011-04-02 02:12 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-10-23 20:22 . 2011-06-01 00:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-07 13:23 . 2010-12-08 11:12 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2011-10-04 13:21 . 2010-08-03 22:23 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys

2011-09-26 18:41 . 2010-01-16 18:07 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 18:41 . 2008-07-30 03:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 18:41 . 2010-01-16 18:07 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-13 13:30 . 2010-09-07 10:48 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2011-09-09 09:12 . 2010-01-16 18:04 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 13:20 . 2010-01-16 18:08 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-09-01 00:00 . 2011-03-30 01:59 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-17 21:32 . 2010-01-16 18:08 832512 ----a-w- c:\windows\system32\wininet.dll

2011-08-17 21:32 . 2010-01-16 18:05 1830912 ------w- c:\windows\system32\inetcpl.cpl

2011-08-17 21:32 . 2010-01-16 18:05 78336 ----a-w- c:\windows\system32\ieencode.dll

2011-08-17 21:32 . 2010-01-16 18:04 17408 ------w- c:\windows\system32\corpol.dll

2011-08-17 13:49 . 2010-01-16 18:04 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2011-08-17 12:22 . 2010-01-16 18:05 389120 ----a-w- c:\windows\system32\html.iec

2011-08-12 20:51 . 2005-01-10 01:27 26488 ----a-w- c:\windows\system32\spupdsvc.exe

2011-10-03 04:26 . 2011-08-08 05:41 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2011-09-27 23:46 1451336 ----a-w- c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll" [2011-09-27 1451336]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]

"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-08-27 139264]

"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]

"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-13 1121792]

"AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]

"nwiz"="nwiz.exe" [2006-10-31 1622016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]

"RTHDCPL"="RTHDCPL.EXE" [2009-10-16 18782720]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-09-27 218440]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Power2GoExpress"="NA" [X]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

BigFix.lnk - c:\program files\BigFix\bigfix.exe [2010-1-16 2168360]

Event Reminder.lnk - c:\program files\PrintMaster Gold 18\Remind.exe [2007-9-9 344064]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2011-03-01 19:12 87424 ----a-w- c:\windows\system32\LMIinit.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Vuze\\Azureus.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping

"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

"24726:TCP"= 24726:TCP:FlipShareServer

"24727:TCP"= 24727:TCP:FlipShareServer

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 2:27 PM 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 2:48 AM 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 3:12 AM 230608]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/12/2010 12:19 PM 295248]

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [9/2/2010 6:56 AM 13696]

R2 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [3/24/2010 5:36 PM 401920]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 5:09 AM 192776]

R2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [12/15/2010 1:22 PM 1085440]

R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [1/16/2010 10:08 AM 14336]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [3/1/2011 11:11 AM 374152]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/17/2010 2:40 PM 12856]

R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [9/27/2011 3:46 PM 246600]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/3/2010 2:23 PM 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/3/2010 2:23 PM 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/3/2010 2:23 PM 16720]

R3 TUSB1150;Airties WUS-300 USB Wireless Adapter (TNETW1450);c:\windows\system32\drivers\TUSB1150.sys [1/7/2011 5:38 PM 450944]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 5:25 AM 4433248]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9/2/2010 8:16 AM 1684736]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [5/2/2011 9:55 PM 947528]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 60695817

*Deregistered* - 60695817

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-04 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

.

.

------- Supplementary Scan -------

.

uStart Page = https://mail.google.com/mail/?shva=1#inbox

IE: E&xport to Microsoft Excel

TCP: DhcpNameServer = 192.168.1.254

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\fa5dfxty.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Baf234b50-c827-45e2-9dbb-1019124c7d84%7D&mid=3d032b4c4c8f47d680f7d129f5db4d8c-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&ds=AVG&v=8.0.0.34.1〈=en&pr=fr&d=2011-09-27%2016%3A46%3A26&sap=ku&q=

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

.

------- File Associations -------

.

exefile="c:\documents and settings\NetworkService\Local Settings\Application Data\pyb.exe" -a "%1" %*

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-09 15:42

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(972)

c:\windows\system32\LMIinit.dll

c:\windows\system32\LMIRfsClientNP.dll

.

Completion time: 2011-11-09 15:43:58

ComboFix-quarantined-files.txt 2011-11-09 23:43

.

Pre-Run: 134,571,507,712 bytes free

Post-Run: 134,814,597,120 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

.

- - End Of File - - FCFB94DD115338A6484EA557C10B5FD3

At present computer seems to be working excellently. No redirect problems after multiple searches, and internet connection appears to be faster in general. Crossing my fingers here, thank you so much.

Link to post
Share on other sites

Good job thumbup.gif

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
    5. Change the Download signed ActiveX controls to Prompt
    6. Change the Download unsigned ActiveX controls to Disable
    7. Change the Initialize and script ActiveX controls not marked as safe to Disable
    8. Change the Installation of desktop items to Prompt
    9. Change the Launching programs and files in an IFRAME to Prompt
    10. Change the Navigate sub-frames across different domains to Prompt
    11. When all these settings have been made, click on the OK button.
    12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    13. Next press the Apply button and then the OK to exit the Internet Properties page.

    [*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week

    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    [*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.

    Without a firewall your computer is succeptible to being hacked and taken over.

    I am very serious about this and see it happen almost every day with my clients.

    Simply using a Firewall in its default configuration can lower your risk greatly.

    [*]Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.

    •Free browser plug-in for Internet Explorer and Firefox

    •Real-time safety ratings

    •Ideal for Facebook, Twitter and LinkedIn

    [*] JAVA Click this link and click on the Free JAVA Download

    [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.

    This will ensure your computer has always the latest security updates available installed on your computer.

    If there are new updates to install, install them immediately, reboot your computer, and revisit the site

    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.