Redirect Virus

MBfan2 · November 8, 2011

Hi - Have a redirect problem.

DDS files below - Thanks for your help !

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.0.0

Run by Frank Catena at 13:24:58 on 2011-11-08

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.612 [GMT -5:00]

.

AV: Panda Cloud Antivirus *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}

SP: Panda Cloud Antivirus *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Program Files\Intel\IntelDH\CCU\AlertService.exe

C:\Windows\system32\atashost.exe

C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe

C:\Program Files\Generic\Network Printer Wizard\NPWService.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe

C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe

C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe

C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\explorer.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe

C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Windows\sttray.exe

C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe

C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

"C:\Windows\system32\svchost.exe"

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070312

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

uWinlogon: Shell=c:\users\frank catena\appdata\local\12fa1b61\X

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe

uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [Google Update] "c:\users\frank catena\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [CCUTRAYICON] c:\program files\intel\inteldh\ccu\CCU_TrayIcon.exe

mRun: [NMSSupport] "c:\program files\common files\intel\inteldh\nms\support\IntelHCTAgent.exe" /startup

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [ECenter] c:\dell\e-center\EULALauncher.exe

mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [MBBalloon] c:\program files\hotalbummybox\MBBalloon.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [sigmatelSysTrayApp] sttray.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar

mRun: [Panda Security URL Filtering] "c:\programdata\panda security url filtering\Panda_URL_Filtering.exe"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre7\bin\jusched.exe"

mRun: [EM_EXEC] c:\progra~1\logitech\mousew~1\system\EM_EXEC.EXE

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

LSP: mswsock.dll

Trusted Zone: internet

Trusted Zone: intuit.com\ttlc

Trusted Zone: mcafee.com

Trusted Zone: turbotax.com

DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab

DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {7FA319FB-FFB9-4089-87EB-63179244E6E6} - hxxps://ssl.verizonbusiness.com/nortel_cacheable/NetDirect.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{E26935B5-BFB8-492B-97B5-3E2E8CC40305} : DhcpNameServer = 192.168.1.1

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\frank catena\appdata\roaming\mozilla\firefox\profiles\ko4ujyl7.default\

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\users\frank catena\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\users\frank catena\appdata\roaming\move networks\plugins\npqmp071503000010.dll

FF - plugin: c:\users\frank catena\appdata\roaming\mozilla\firefox\profiles\ko4ujyl7.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll

FF - plugin: c:\users\frank catena\appdata\roaming\mozilla\plugins\npatgpc.dll

FF - plugin: c:\users\frank catena\appdata\roaming\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\users\frank catena\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

.

============= SERVICES / DRIVERS ===============

.

R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [2008-8-24 15172]

R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2011-4-28 126024]

R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-8-3 43912]

R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-10-29 208896]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-19 21504]

R2 MCLServiceATL;Intel® Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-11-18 174552]

R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2011-4-28 140608]

R2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\system32\drivers\nmsgopro.sys [2006-9-27 28672]

R2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2006-10-19 7424]

R2 NPWService;NPWService;c:\program files\generic\network printer wizard\NPWService.exe [2009-1-15 462848]

R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2011-8-1 143624]

R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2011-4-28 99400]

R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2011-4-28 111176]

R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2011-4-28 112712]

R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2007-3-12 5504]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-3-12 30192]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-11-8 41272]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-11-08 18:10:12 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-11-08 17:30:48 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{18f0baf7-8b57-4153-825e-631f5f702ccd}\offreg.dll

2011-11-08 16:44:09 -------- d-sh--w- c:\users\frank catena\appdata\local\12fa1b61

2011-11-08 13:21:34 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{18f0baf7-8b57-4153-825e-631f5f702ccd}\mpengine.dll

2011-10-18 13:03:40 -------- d-----w- c:\users\frank catena\Tracing

2011-10-18 13:02:51 82696 ----a-w- c:\windows\system32\lmdimon8.dll

2011-10-18 13:02:51 82184 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\lmdippr8.dll

2011-10-18 13:01:56 -------- d-----w- c:\programdata\Applications

2011-10-13 00:31:43 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax

2011-10-13 00:31:43 293376 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-13 00:31:43 217088 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-13 00:31:42 57856 ----a-w- c:\windows\system32\MSDvbNP.ax

2011-10-13 00:31:40 2043392 ----a-w- c:\windows\system32\win32k.sys

2011-10-13 00:31:33 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2011-10-13 00:31:22 238080 ----a-w- c:\windows\system32\oleacc.dll

2011-10-13 00:31:21 563712 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-13 00:31:21 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2011-10-13 00:31:21 4096 ----a-w- c:\windows\system32\oleaccrc.dll

.

==================== Find3M ====================

.

2011-11-08 17:03:13 386560 ----a-w- c:\windows\system32\drivers\XAudio.exe

2011-11-08 16:55:51 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll

2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 13:26:41.66 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume3

Install Date: 3/12/2007 4:34:54 AM

System Uptime: 11/8/2011 1:14:52 PM (0 hours ago)

.

Motherboard: Dell Inc. | | 0WG860

Processor: Intel® Core2 CPU 6400 @ 2.13GHz | Microprocessor | 2128/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 223 GiB total, 138.822 GiB free.

D: is FIXED (NTFS) - 10 GiB total, 6.404 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

==== Installed Programs ======================

.

Adobe Flash Player 11 Plugin

Adobe Reader 8.1.3

Adobe® Photoshop® Album Starter Edition 3.2

AnswerWorks 4.0 Runtime - English

AnswerWorks 5.0 English Runtime

AOL Install

Apple Application Support

Apple Software Update

ASUS Wireless Router RT-N13U Manuals

BitPim 1.0.7

Canon MF Toolbox 4.9.1.1.mf04

Canon MF5700 Series

Conexant HDA D110 MDC V.92 Modem

Coupon Printer for Windows

Dell Support Center

Dell System Customization Wizard

DellSupport

Digital Line Detect

Documentation & Support Launcher

EarthLink Setup Files

ESET Online Scanner v3

Games, Music, & Photos Launcher

Google Desktop

Google SketchUp 8

Google Talk Plugin

Google Toolbar for Internet Explorer

HOT ALBUM MYBOX

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Intel® Matrix Storage Manager

Intel® Viiv Software

Internet Service Offers Launcher

IrfanView (remove only)

Japanese Fonts Support For Adobe Reader 8

Java Auto Updater

Java 7

Java SE Development Kit 7

Juniper Networks Host Checker

Juniper Networks Setup Client

Juniper Networks Setup Client Activex Control

LG USB Modem driver

LizardTech DjVu Control

Logitech Harmony Remote Software 7

Logitech MouseWare 9.29 .3

Malwarebytes' Anti-Malware version 1.51.2.1300

McAfee Security Scan Plus

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2572067)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Office Live Meeting 2007

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Modem Diagnostic Tool

Move Media Player

Mozilla Firefox 7.0.1 (x86 en-US)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NetWaiting

Network Printer Wizard

OpenOffice.org 3.2

Oriens JPEG2000 Professional

Panda Cloud Antivirus

Panda Security URL Filtering

Picasa 3

QuickTime

Remote Control USB Driver

Roxio Creator Audio

Roxio Creator BDAV Plugin

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Drag-to-Disc

Roxio Express Labeler

Roxio MyDVD DE

Roxio Update Manager

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

SigmaTel Audio

Sonic Activation Module

Spelling Dictionaries Support For Adobe Reader 8

TracPipe Specifier for Windows

TurboTax 2008

TurboTax 2008 WinPerFedFormset

TurboTax 2008 WinPerProgramHelp

TurboTax 2008 WinPerReleaseEngine

TurboTax 2008 WinPerTaxSupport

TurboTax 2008 WinPerUserEducation

TurboTax 2008 wnciper

TurboTax 2008 wrapper

TurboTax 2009

TurboTax 2009 WinPerFedFormset

TurboTax 2009 WinPerReleaseEngine

TurboTax 2009 WinPerTaxSupport

TurboTax 2009 wnciper

TurboTax 2009 wrapper

TurboTax 2010

TurboTax 2010 WinPerFedFormset

TurboTax 2010 WinPerReleaseEngine

TurboTax 2010 WinPerTaxSupport

TurboTax 2010 wnciper

TurboTax 2010 wrapper

TurboTax Home & Business 2007

Universal Document Converter

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

URL Assistant

User's Guides

WebEx

Windows Media Player Firefox Plugin

.

==== Event Viewer Messages From Past Week ========

.

11/8/2011 12:05:36 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

11/8/2011 1:16:01 PM, Error: Service Control Manager [7005] - The LoadUserProfile call failed with the following error: Access is denied.

11/8/2011 1:15:21 PM, Error: EventLog [6008] - The previous system shutdown at 1:13:38 PM on 11/8/2011 was unexpected.

11/2/2011 8:11:19 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{E26935B5-BFB8-492B-97B5-3E2E8CC40305} because another computer on the network has the same name. The server could not start.

11/2/2011 8:11:07 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 001676BA9597 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

11/1/2011 11:35:18 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

11/1/2011 11:32:05 AM, Error: EventLog [6008] - The previous system shutdown at 11:30:17 AM on 11/1/2011 was unexpected.

.

==== End Of File ===========================

Wanted to add the last MW run from just before the above info. Did not fix the issue. Thanks ...

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8115

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

11/8/2011 12:41:36 PM

mbam-log-2011-11-08 (12-41-36).txt

Scan type: Quick scan

Objects scanned: 200057

Time elapsed: 8 minute(s), 4 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Backdoor.Agent) -> Value: Shell -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

LDTate · November 10, 2011

:welcome:

Whether you wish to continue with cleaning or not, you should be aware that you may have been infected by a backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
Consider what other private information could possibly have been taken from your computer and take appropriate steps

This infection can also disable access to the internet when it's been removed.

It will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

Please post back to let me know how you wish to proceed.

MBfan2 · November 10, 2011

Thanks - lets proceed. We use a different machine for secure banking - Let me see if we can get this machine back and I can reformat later.

LDTate · November 10, 2011

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs from these scans, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
When prompted to run the scan, click Yes.
It doesn't take long to run, once it is finished move onto the next step

Next:

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Also please describe how your computer behaves at the moment.

MBfan2 · November 10, 2011

TDSSK log below. PC seems unchanged. Still redirects on search items to "coolsystems" etc.

Thanks again for your help ...

11:21:02.0508 5072 TDSS rootkit removing tool 2.6.17.0 Nov 9 2011 16:48:26

11:21:02.0648 5072 ============================================================

11:21:02.0648 5072 Current date / time: 2011/11/10 11:21:02.0648

11:21:02.0648 5072 SystemInfo:

11:21:02.0648 5072

11:21:02.0648 5072 OS Version: 6.0.6002 ServicePack: 2.0

11:21:02.0648 5072 Product type: Workstation

11:21:02.0648 5072 ComputerName: FRANKCATENA-PC

11:21:02.0664 5072 UserName: Frank Catena

11:21:02.0664 5072 Windows directory: C:\Windows

11:21:02.0664 5072 System windows directory: C:\Windows

11:21:02.0664 5072 Processor architecture: Intel x86

11:21:02.0664 5072 Number of processors: 2

11:21:02.0664 5072 Page size: 0x1000

11:21:02.0664 5072 Boot type: Normal boot

11:21:02.0664 5072 ============================================================

11:21:03.0818 5072 Initialize success

11:21:13.0865 4224 ============================================================

11:21:13.0865 4224 Scan started

11:21:13.0865 4224 Mode: Manual;

11:21:13.0865 4224 ============================================================

11:21:14.0816 4224 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

11:21:14.0816 4224 ACPI - ok

11:21:14.0957 4224 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

11:21:14.0972 4224 adp94xx - ok

11:21:15.0004 4224 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

11:21:15.0004 4224 adpahci - ok

11:21:15.0050 4224 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

11:21:15.0066 4224 adpu160m - ok

11:21:15.0097 4224 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

11:21:15.0097 4224 adpu320 - ok

11:21:15.0160 4224 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

11:21:15.0175 4224 AFD - ok

11:21:15.0222 4224 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys

11:21:15.0222 4224 agp440 - ok

11:21:15.0238 4224 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

11:21:15.0253 4224 aic78xx - ok

11:21:15.0316 4224 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys

11:21:15.0316 4224 aliide - ok

11:21:15.0347 4224 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys

11:21:15.0347 4224 amdagp - ok

11:21:15.0394 4224 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys

11:21:15.0394 4224 amdide - ok

11:21:15.0440 4224 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

11:21:15.0440 4224 AmdK7 - ok

11:21:15.0472 4224 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

11:21:15.0487 4224 AmdK8 - ok

11:21:15.0534 4224 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

11:21:15.0534 4224 arc - ok

11:21:15.0581 4224 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

11:21:15.0581 4224 arcsas - ok

11:21:15.0706 4224 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

11:21:15.0706 4224 AsyncMac - ok

11:21:15.0737 4224 atapi (a779ca2c76da4fcb595e692c05e8e4eb) C:\Windows\system32\drivers\atapi.sys

11:21:15.0737 4224 atapi - ok

11:21:15.0893 4224 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

11:21:15.0893 4224 Beep - ok

11:21:15.0924 4224 blbdrive - ok

11:21:15.0971 4224 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

11:21:15.0971 4224 bowser - ok

11:21:16.0018 4224 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

11:21:16.0018 4224 BrFiltLo - ok

11:21:16.0049 4224 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

11:21:16.0049 4224 BrFiltUp - ok

11:21:16.0096 4224 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

11:21:16.0096 4224 Brserid - ok

11:21:16.0174 4224 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

11:21:16.0189 4224 BrSerWdm - ok

11:21:16.0220 4224 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

11:21:16.0220 4224 BrUsbMdm - ok

11:21:16.0236 4224 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

11:21:16.0236 4224 BrUsbSer - ok

11:21:16.0283 4224 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

11:21:16.0283 4224 BTHMODEM - ok

11:21:16.0486 4224 catchme - ok

11:21:16.0642 4224 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

11:21:16.0657 4224 cdfs - ok

11:21:16.0720 4224 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

11:21:16.0720 4224 cdrom - ok

11:21:16.0766 4224 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

11:21:16.0766 4224 circlass - ok

11:21:16.0829 4224 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

11:21:16.0844 4224 CLFS - ok

11:21:16.0922 4224 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys

11:21:16.0922 4224 cmdide - ok

11:21:16.0985 4224 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys

11:21:16.0985 4224 Compbatt - ok

11:21:17.0219 4224 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

11:21:17.0219 4224 crcdisk - ok

11:21:17.0266 4224 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

11:21:17.0266 4224 Crusoe - ok

11:21:17.0359 4224 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

11:21:17.0359 4224 DfsC - ok

11:21:17.0515 4224 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

11:21:17.0531 4224 disk - ok

11:21:17.0578 4224 DLABMFSM (a53723176d0002feb486eff8e17812f2) C:\Windows\system32\DLA\DLABMFSM.SYS

11:21:17.0578 4224 DLABMFSM - ok

11:21:17.0593 4224 DLABOIOM (d4587063acea776699251e177d719586) C:\Windows\system32\DLA\DLABOIOM.SYS

11:21:17.0593 4224 DLABOIOM - ok

11:21:17.0640 4224 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS

11:21:17.0640 4224 DLACDBHM - ok

11:21:17.0687 4224 DLADResM (c950c2e7b9ed1a4fc4a2ac7ec044f1d6) C:\Windows\system32\DLA\DLADResM.SYS

11:21:17.0702 4224 DLADResM - ok

11:21:17.0749 4224 DLAIFS_M (24400137e387a24410c52a591f3cfb4d) C:\Windows\system32\DLA\DLAIFS_M.SYS

11:21:17.0749 4224 DLAIFS_M - ok

11:21:17.0780 4224 DLAOPIOM (29a303feceb28641ecebdae89eb71c63) C:\Windows\system32\DLA\DLAOPIOM.SYS

11:21:17.0780 4224 DLAOPIOM - ok

11:21:17.0843 4224 DLAPoolM (c93e33a22a1ae0c5508f3fb1f6d0a50c) C:\Windows\system32\DLA\DLAPoolM.SYS

11:21:17.0843 4224 DLAPoolM - ok

11:21:17.0890 4224 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS

11:21:17.0890 4224 DLARTL_M - ok

11:21:17.0936 4224 DLAUDFAM (b953498c35a31e5ac98f49adbcf3e627) C:\Windows\system32\DLA\DLAUDFAM.SYS

11:21:17.0936 4224 DLAUDFAM - ok

11:21:18.0014 4224 DLAUDF_M (4897704c093c1f59ce58fc65e1e1ef1e) C:\Windows\system32\DLA\DLAUDF_M.SYS

11:21:18.0030 4224 DLAUDF_M - ok

11:21:18.0108 4224 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

11:21:18.0108 4224 drmkaud - ok

11:21:18.0155 4224 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\Windows\system32\Drivers\DRVMCDB.SYS

11:21:18.0170 4224 DRVMCDB - ok

11:21:18.0217 4224 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS

11:21:18.0217 4224 DRVNDDM - ok

11:21:18.0280 4224 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys

11:21:18.0280 4224 DSproct - ok

11:21:18.0295 4224 dsunidrv (64fa28c15dd71a80bef3527e1ef07df6) C:\Program Files\DellSupport\Drivers\dsunidrv.sys

11:21:18.0295 4224 dsunidrv - ok

11:21:18.0389 4224 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

11:21:18.0389 4224 DXGKrnl - ok

11:21:18.0451 4224 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys

11:21:18.0451 4224 e1express - ok

11:21:18.0498 4224 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

11:21:18.0498 4224 E1G60 - ok

11:21:18.0545 4224 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

11:21:18.0545 4224 Ecache - ok

11:21:18.0576 4224 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

11:21:18.0592 4224 elxstor - ok

11:21:18.0638 4224 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

11:21:18.0638 4224 exfat - ok

11:21:18.0701 4224 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

11:21:18.0701 4224 fastfat - ok

11:21:18.0748 4224 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

11:21:18.0748 4224 fdc - ok

11:21:18.0794 4224 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

11:21:18.0794 4224 FileInfo - ok

11:21:18.0826 4224 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

11:21:18.0826 4224 Filetrace - ok

11:21:18.0888 4224 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

11:21:18.0888 4224 flpydisk - ok

11:21:18.0966 4224 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

11:21:18.0966 4224 FltMgr - ok

11:21:19.0044 4224 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

11:21:19.0044 4224 Fs_Rec - ok

11:21:19.0091 4224 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

11:21:19.0091 4224 gagp30kx - ok

11:21:19.0247 4224 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

11:21:19.0247 4224 HdAudAddService - ok

11:21:19.0356 4224 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

11:21:19.0372 4224 HDAudBus - ok

11:21:19.0434 4224 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

11:21:19.0434 4224 HidBth - ok

11:21:19.0450 4224 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

11:21:19.0465 4224 HidIr - ok

11:21:19.0512 4224 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

11:21:19.0512 4224 HidUsb - ok

11:21:19.0559 4224 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

11:21:19.0559 4224 HpCISSs - ok

11:21:19.0793 4224 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys

11:21:19.0824 4224 HSF_DPV - ok

11:21:19.0855 4224 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys

11:21:19.0855 4224 HSXHWAZL - ok

11:21:19.0886 4224 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

11:21:19.0902 4224 HTTP - ok

11:21:19.0949 4224 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

11:21:19.0949 4224 i2omp - ok

11:21:20.0011 4224 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

11:21:20.0011 4224 i8042prt - ok

11:21:20.0276 4224 iaStor (e9f704ca833bd24bfaa3b4a59707633a) C:\Windows\system32\drivers\iastor.sys

11:21:20.0276 4224 iaStor - ok

11:21:20.0432 4224 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

11:21:20.0432 4224 iaStorV - ok

11:21:20.0620 4224 igfx (5f43e40c46d98e5e1e7d8a77d7bbf738) C:\Windows\system32\DRIVERS\igdkmd32.sys

11:21:20.0620 4224 igfx - ok

11:21:20.0791 4224 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

11:21:20.0791 4224 iirsp - ok

11:21:20.0885 4224 IntelDH (b7a420e4b137176234272d5ca9d51a49) C:\Windows\system32\Drivers\IntelDH.sys

11:21:20.0885 4224 IntelDH - ok

11:21:20.0963 4224 intelide (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys

11:21:20.0963 4224 intelide - ok

11:21:21.0010 4224 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

11:21:21.0010 4224 intelppm - ok

11:21:21.0228 4224 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

11:21:21.0228 4224 IpFilterDriver - ok

11:21:21.0275 4224 IpInIp - ok

11:21:21.0384 4224 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

11:21:21.0384 4224 IPMIDRV - ok

11:21:21.0446 4224 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

11:21:21.0446 4224 IPNAT - ok

11:21:21.0524 4224 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

11:21:21.0524 4224 IRENUM - ok

11:21:21.0571 4224 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys

11:21:21.0571 4224 isapnp - ok

11:21:21.0618 4224 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

11:21:21.0618 4224 iScsiPrt - ok

11:21:21.0680 4224 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

11:21:21.0680 4224 iteatapi - ok

11:21:21.0743 4224 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

11:21:21.0743 4224 iteraid - ok

11:21:21.0805 4224 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

11:21:21.0805 4224 kbdclass - ok

11:21:21.0852 4224 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

11:21:21.0868 4224 kbdhid - ok

11:21:21.0992 4224 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

11:21:22.0055 4224 KSecDD - ok

11:21:22.0102 4224 lbnojx - ok

11:21:22.0164 4224 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

11:21:22.0164 4224 lltdio - ok

11:21:22.0195 4224 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

11:21:22.0195 4224 LSI_FC - ok

11:21:22.0211 4224 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

11:21:22.0211 4224 LSI_SAS - ok

11:21:22.0414 4224 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

11:21:22.0414 4224 LSI_SCSI - ok

11:21:22.0460 4224 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

11:21:22.0460 4224 luafv - ok

11:21:22.0538 4224 MBAMSwissArmy (0905dc0814d738cff53577a59ccd81e0) C:\Windows\system32\drivers\mbamswissarmy.sys

11:21:22.0554 4224 MBAMSwissArmy - ok

11:21:22.0632 4224 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

11:21:22.0632 4224 mdmxsdk - ok

11:21:22.0663 4224 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

11:21:22.0663 4224 megasas - ok

11:21:22.0710 4224 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

11:21:22.0710 4224 Modem - ok

11:21:22.0772 4224 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

11:21:22.0772 4224 monitor - ok

11:21:22.0804 4224 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

11:21:22.0835 4224 mouclass - ok

11:21:22.0850 4224 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

11:21:22.0850 4224 mouhid - ok

11:21:22.0866 4224 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

11:21:22.0882 4224 MountMgr - ok

11:21:22.0960 4224 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

11:21:22.0960 4224 mpio - ok

11:21:23.0022 4224 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

11:21:23.0022 4224 mpsdrv - ok

11:21:23.0069 4224 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

11:21:23.0069 4224 Mraid35x - ok

11:21:23.0116 4224 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

11:21:23.0116 4224 MRxDAV - ok

11:21:23.0162 4224 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

11:21:23.0162 4224 mrxsmb - ok

11:21:23.0194 4224 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

11:21:23.0209 4224 mrxsmb10 - ok

11:21:23.0225 4224 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

11:21:23.0225 4224 mrxsmb20 - ok

11:21:23.0256 4224 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys

11:21:23.0272 4224 msahci - ok

11:21:23.0287 4224 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

11:21:23.0287 4224 msdsm - ok

11:21:23.0318 4224 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

11:21:23.0318 4224 Msfs - ok

11:21:23.0365 4224 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

11:21:23.0365 4224 msisadrv - ok

11:21:23.0459 4224 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

11:21:23.0459 4224 MSKSSRV - ok

11:21:23.0506 4224 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

11:21:23.0506 4224 MSPCLOCK - ok

11:21:23.0552 4224 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

11:21:23.0552 4224 MSPQM - ok

11:21:23.0584 4224 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

11:21:23.0615 4224 MsRPC - ok

11:21:23.0708 4224 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

11:21:23.0708 4224 mssmbios - ok

11:21:23.0755 4224 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

11:21:23.0771 4224 MSTEE - ok

11:21:23.0786 4224 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

11:21:23.0786 4224 Mup - ok

11:21:23.0864 4224 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

11:21:23.0864 4224 NativeWifiP - ok

11:21:23.0911 4224 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

11:21:23.0911 4224 NDIS - ok

11:21:23.0974 4224 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

11:21:24.0005 4224 NdisTapi - ok

11:21:24.0052 4224 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

11:21:24.0052 4224 Ndisuio - ok

11:21:24.0161 4224 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

11:21:24.0176 4224 NdisWan - ok

11:21:24.0223 4224 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

11:21:24.0223 4224 NDProxy - ok

11:21:24.0254 4224 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

11:21:24.0254 4224 NetBIOS - ok

11:21:24.0395 4224 netbt (99b52b701dcd36c429eec813187bae36) C:\Windows\system32\DRIVERS\netbt.sys

11:21:24.0395 4224 netbt ( Rootkit.Win32.ZAccess.g ) - infected

11:21:24.0395 4224 netbt - detected Rootkit.Win32.ZAccess.g (0)

11:21:24.0457 4224 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

11:21:24.0457 4224 nfrd960 - ok

11:21:24.0566 4224 nmsgopro (acc8d7fc0da793450f5f257d9ce4ff75) C:\Windows\system32\DRIVERS\nmsgopro.sys

11:21:24.0566 4224 nmsgopro - ok

11:21:24.0598 4224 nmsunidr (64fa28c15dd71a80bef3527e1ef07df6) C:\Windows\system32\DRIVERS\nmsunidr.sys

11:21:24.0598 4224 nmsunidr - ok

11:21:24.0629 4224 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

11:21:24.0629 4224 Npfs - ok

11:21:24.0676 4224 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

11:21:24.0676 4224 nsiproxy - ok

11:21:24.0738 4224 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

11:21:24.0785 4224 Ntfs - ok

11:21:24.0800 4224 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

11:21:24.0800 4224 ntrigdigi - ok

11:21:24.0832 4224 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

11:21:24.0847 4224 Null - ok

11:21:24.0894 4224 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

11:21:24.0894 4224 nvraid - ok

11:21:24.0941 4224 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

11:21:24.0941 4224 nvstor - ok

11:21:25.0050 4224 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys

11:21:25.0050 4224 nv_agp - ok

11:21:25.0081 4224 NwlnkFlt - ok

11:21:25.0112 4224 NwlnkFwd - ok

11:21:25.0159 4224 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

11:21:25.0159 4224 ohci1394 - ok

11:21:25.0190 4224 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

11:21:25.0190 4224 Parport - ok

11:21:25.0237 4224 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

11:21:25.0237 4224 partmgr - ok

11:21:25.0284 4224 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

11:21:25.0284 4224 Parvdm - ok

11:21:25.0362 4224 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

11:21:25.0378 4224 pci - ok

11:21:25.0456 4224 pciide (20b869152448f80ac49cf10264e91f5e) C:\Windows\system32\drivers\pciide.sys

11:21:25.0456 4224 pciide - ok

11:21:25.0549 4224 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

11:21:25.0565 4224 pcmcia - ok

11:21:25.0752 4224 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

11:21:25.0814 4224 PEAUTH - ok

11:21:25.0924 4224 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

11:21:25.0924 4224 PptpMiniport - ok

11:21:26.0017 4224 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

11:21:26.0017 4224 Processor - ok

11:21:26.0080 4224 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

11:21:26.0080 4224 PSched - ok

11:21:26.0220 4224 PSINAflt (18b347125d597751b69ce8c6c03a4ba2) C:\Windows\system32\DRIVERS\PSINAflt.sys

11:21:26.0251 4224 PSINAflt - ok

11:21:26.0298 4224 PSINFile (072a5c1983b85504239c307d41d741be) C:\Windows\system32\DRIVERS\PSINFile.sys

11:21:26.0298 4224 PSINFile - ok

11:21:26.0345 4224 PSINKNC (f778579e0b47f0027cce47da1a64ef88) C:\Windows\system32\DRIVERS\psinknc.sys

11:21:26.0345 4224 PSINKNC - ok

11:21:26.0392 4224 PSINProc (0fb3436762e672800eb1c0578ac379c8) C:\Windows\system32\DRIVERS\PSINProc.sys

11:21:26.0392 4224 PSINProc - ok

11:21:26.0423 4224 PSINProt (7534273ca15900cdd1c3b392dd6b595b) C:\Windows\system32\DRIVERS\PSINProt.sys

11:21:26.0438 4224 PSINProt - ok

11:21:26.0485 4224 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys

11:21:26.0485 4224 PxHelp20 - ok

11:21:26.0548 4224 PzWDM (36cf3653d367cbc72a38625543f3d4d1) C:\Windows\system32\Drivers\PzWDM.sys

11:21:26.0548 4224 PzWDM - ok

11:21:26.0719 4224 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

11:21:26.0750 4224 ql2300 - ok

11:21:26.0922 4224 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

11:21:26.0922 4224 ql40xx - ok

11:21:27.0094 4224 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

11:21:27.0094 4224 QWAVEdrv - ok

11:21:27.0343 4224 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys

11:21:27.0390 4224 R300 - ok

11:21:27.0499 4224 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

11:21:27.0499 4224 RasAcd - ok

11:21:27.0546 4224 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

11:21:27.0546 4224 Rasl2tp - ok

11:21:27.0577 4224 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

11:21:27.0577 4224 RasPppoe - ok

11:21:27.0624 4224 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

11:21:27.0624 4224 RasSstp - ok

11:21:27.0655 4224 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

11:21:27.0655 4224 rdbss - ok

11:21:27.0733 4224 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

11:21:27.0733 4224 RDPCDD - ok

11:21:27.0796 4224 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys

11:21:27.0796 4224 rdpdr - ok

11:21:27.0842 4224 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

11:21:27.0842 4224 RDPENCDD - ok

11:21:27.0889 4224 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

11:21:27.0889 4224 RDPWD - ok

11:21:27.0952 4224 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

11:21:27.0952 4224 rspndr - ok

11:21:27.0983 4224 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

11:21:27.0983 4224 sbp2port - ok

11:21:28.0030 4224 SDDMI2 - ok

11:21:28.0061 4224 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

11:21:28.0061 4224 secdrv - ok

11:21:28.0076 4224 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

11:21:28.0076 4224 Serenum - ok

11:21:28.0123 4224 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

11:21:28.0123 4224 Serial - ok

11:21:28.0154 4224 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

11:21:28.0154 4224 sermouse - ok

11:21:28.0201 4224 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

11:21:28.0201 4224 sffdisk - ok

11:21:28.0264 4224 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

11:21:28.0264 4224 sffp_mmc - ok

11:21:28.0279 4224 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

11:21:28.0279 4224 sffp_sd - ok

11:21:28.0310 4224 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

11:21:28.0310 4224 sfloppy - ok

11:21:28.0529 4224 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys

11:21:28.0529 4224 sisagp - ok

11:21:28.0622 4224 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

11:21:28.0622 4224 SiSRaid2 - ok

11:21:28.0669 4224 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

11:21:28.0669 4224 SiSRaid4 - ok

11:21:28.0716 4224 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

11:21:28.0716 4224 Smb - ok

11:21:28.0747 4224 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

11:21:28.0747 4224 spldr - ok

11:21:28.0825 4224 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

11:21:28.0825 4224 srv - ok

11:21:28.0872 4224 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

11:21:28.0888 4224 srv2 - ok

11:21:28.0919 4224 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

11:21:28.0919 4224 srvnet - ok

11:21:28.0966 4224 STHDA (9cea131b5eb0ea653f6b3ea80b54956d) C:\Windows\system32\drivers\stwrt.sys

11:21:28.0997 4224 STHDA - ok

11:21:29.0044 4224 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

11:21:29.0044 4224 swenum - ok

11:21:29.0090 4224 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

11:21:29.0090 4224 Symc8xx - ok

11:21:29.0122 4224 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

11:21:29.0122 4224 Sym_hi - ok

11:21:29.0168 4224 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

11:21:29.0168 4224 Sym_u3 - ok

11:21:29.0309 4224 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys

11:21:29.0356 4224 Tcpip - ok

11:21:29.0496 4224 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys

11:21:29.0496 4224 Tcpip6 - ok

11:21:29.0621 4224 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys

11:21:29.0621 4224 tcpipreg - ok

11:21:29.0652 4224 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

11:21:29.0652 4224 TDPIPE - ok

11:21:29.0730 4224 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

11:21:29.0730 4224 TDTCP - ok

11:21:29.0777 4224 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

11:21:29.0777 4224 tdx - ok

11:21:29.0824 4224 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

11:21:29.0824 4224 TermDD - ok

11:21:29.0948 4224 TSHWMDTCP (3f6dc449398b21c213dcdd18f460df72) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys

11:21:29.0964 4224 TSHWMDTCP - ok

11:21:30.0073 4224 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

11:21:30.0073 4224 tssecsrv - ok

11:21:30.0120 4224 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

11:21:30.0136 4224 tunmp - ok

11:21:30.0167 4224 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

11:21:30.0167 4224 tunnel - ok

11:21:30.0229 4224 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

11:21:30.0229 4224 uagp35 - ok

11:21:30.0292 4224 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

11:21:30.0307 4224 udfs - ok

11:21:30.0541 4224 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys

11:21:30.0541 4224 uliagpkx - ok

11:21:30.0604 4224 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

11:21:30.0619 4224 uliahci - ok

11:21:30.0666 4224 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

11:21:30.0666 4224 UlSata - ok

11:21:30.0806 4224 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

11:21:30.0806 4224 ulsata2 - ok

11:21:30.0838 4224 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

11:21:30.0838 4224 umbus - ok

11:21:30.0884 4224 usbbus (9419faac6552a51542dbba02971c841c) C:\Windows\system32\DRIVERS\lgusbbus.sys

11:21:30.0884 4224 usbbus - ok

11:21:30.0931 4224 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

11:21:30.0947 4224 usbccgp - ok

11:21:30.0978 4224 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

11:21:30.0978 4224 usbcir - ok

11:21:31.0040 4224 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\Windows\system32\DRIVERS\lgusbdiag.sys

11:21:31.0040 4224 UsbDiag - ok

11:21:31.0150 4224 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

11:21:31.0150 4224 usbehci - ok

11:21:31.0181 4224 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

11:21:31.0181 4224 usbhub - ok

11:21:31.0212 4224 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\Windows\system32\DRIVERS\lgusbmodem.sys

11:21:31.0212 4224 USBModem - ok

11:21:31.0259 4224 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

11:21:31.0259 4224 usbohci - ok

11:21:31.0306 4224 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

11:21:31.0321 4224 usbprint - ok

11:21:31.0352 4224 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

11:21:31.0352 4224 usbscan - ok

11:21:31.0384 4224 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

11:21:31.0384 4224 USBSTOR - ok

11:21:31.0430 4224 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

11:21:31.0446 4224 usbuhci - ok

11:21:31.0493 4224 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

11:21:31.0493 4224 vga - ok

11:21:31.0524 4224 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

11:21:31.0524 4224 VgaSave - ok

11:21:31.0571 4224 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys

11:21:31.0571 4224 viaagp - ok

11:21:31.0633 4224 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

11:21:31.0633 4224 ViaC7 - ok

11:21:31.0680 4224 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys

11:21:31.0680 4224 viaide - ok

11:21:31.0727 4224 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

11:21:31.0742 4224 volmgr - ok

11:21:31.0774 4224 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

11:21:31.0789 4224 volmgrx - ok

11:21:31.0836 4224 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

11:21:31.0852 4224 volsnap - ok

11:21:31.0883 4224 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

11:21:31.0883 4224 vsmraid - ok

11:21:31.0930 4224 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

11:21:31.0945 4224 WacomPen - ok

11:21:31.0976 4224 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

11:21:31.0976 4224 Wanarp - ok

11:21:31.0992 4224 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

11:21:31.0992 4224 Wanarpv6 - ok

11:21:32.0008 4224 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

11:21:32.0008 4224 Wd - ok

11:21:32.0054 4224 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

11:21:32.0070 4224 Wdf01000 - ok

11:21:32.0335 4224 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

11:21:32.0351 4224 winachsf - ok

11:21:32.0507 4224 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

11:21:32.0507 4224 WmiAcpi - ok

11:21:32.0554 4224 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

11:21:32.0569 4224 WpdUsb - ok

11:21:32.0616 4224 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

11:21:32.0616 4224 ws2ifsl - ok

11:21:32.0663 4224 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

11:21:32.0663 4224 WUDFRd - ok

11:21:32.0694 4224 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys

11:21:32.0694 4224 XAudio - ok

11:21:32.0741 4224 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

11:21:32.0756 4224 \Device\Harddisk0\DR0 - ok

11:21:32.0772 4224 Boot (0x1200) (c91a89ad6d781c51898a11818323f073) \Device\Harddisk0\DR0\Partition0

11:21:32.0772 4224 \Device\Harddisk0\DR0\Partition0 - ok

11:21:32.0772 4224 Boot (0x1200) (fa0216b005036c9d0192877771dcaef2) \Device\Harddisk0\DR0\Partition1

11:21:32.0772 4224 \Device\Harddisk0\DR0\Partition1 - ok

11:21:32.0772 4224 ============================================================

11:21:32.0772 4224 Scan finished

11:21:32.0772 4224 ============================================================

11:21:32.0788 0712 Detected object count: 1

11:21:32.0788 0712 Actual detected object count: 1

11:21:46.0344 0712 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\netbt.sys) error 1813

11:21:51.0274 0712 Backup copy found, using it..

11:21:51.0305 0712 C:\Windows\system32\DRIVERS\netbt.sys - will be cured on reboot

11:21:51.0305 0712 netbt ( Rootkit.Win32.ZAccess.g ) - User select action: Cure

11:22:02.0022 5328 Deinitialize success

LDTate · November 10, 2011

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
Double click on ComboFix.exe & follow the prompts.
Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
Note: If you have XP SP3, use the XP SP2 package.
If Vista or Windows 7, skip the Recovery Console part
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

MBfan2 · November 10, 2011

Machine did reboot, log below ... same behavior with search redirects. Thanks ...

ComboFix 11-08-03.03 - Frank Catena 08/04/2011 8:02.4.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1183 [GMT -4:00]

Running from: c:\users\Frank Catena\Desktop\ComboFix.exe

AV: Panda Cloud Antivirus *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}

SP: Panda Cloud Antivirus *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_72731489

.

((((((((((((((((((((((((( Files Created from 2011-07-04 to 2011-08-04 )))))))))))))))))))))))))))))))

.

2011-08-04 12:09 . 2011-08-04 12:09 -------- d-----w- c:\users\TEMP\AppData\Local\temp

2011-08-04 12:09 . 2011-08-04 12:09 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp

2011-08-04 12:09 . 2011-08-04 12:09 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-02 12:21 . 2011-07-20 13:44 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AA7F00FB-844F-4EDC-89FE-8A758BE3FCEC}\mpengine.dll

2011-07-27 14:24 . 2011-07-27 14:24 -------- d-----w- c:\users\Frank Catena\AppData\Roaming\Panda Security

2011-07-27 14:23 . 2011-07-27 14:23 -------- d-----w- c:\users\Frank Catena\AppData\Local\panda2_0dn

2011-07-27 14:23 . 2011-08-04 11:57 -------- d-----w- c:\programdata\Panda Security URL Filtering

2011-07-27 14:22 . 2011-07-27 14:22 -------- d-----w- c:\programdata\Panda Security

2011-07-27 14:22 . 2011-08-03 11:52 -------- d-----w- c:\program files\Panda Security

2011-07-23 16:06 . 2011-07-26 12:16 0 ----a-w- c:\users\Frank Catena\AppData\Local\Blonohofafahi.bin

2011-07-21 01:12 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys

2011-07-13 12:38 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys

2011-07-13 12:38 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll

2011-07-13 12:38 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll

2011-07-05 16:12 . 2011-07-05 16:12 143624 ----a-w- c:\windows\system32\drivers\PSINAflt.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-27 17:00 . 2010-05-18 14:40 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-07-06 23:52 . 2011-03-04 19:08 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 23:52 . 2011-03-04 19:08 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-22 13:00 . 2011-05-26 12:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-24 23:14 . 2010-03-18 12:28 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-06-22 12:57 . 2011-03-28 14:16 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2010-07-31 17:55 . 2009-11-16 22:12 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

2011-04-14 18:01 . 2010-07-05 21:11 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2011-05-17 17:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2006-11-12 446976]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-02-09 98304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-09 106496]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-02-09 81920]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]

"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-11-18 182744]

"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-09-26 423424]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-31 30192]

"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2006-11-17 17920]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

"MBBalloon"="c:\program files\HOTALBUMMyBOX\MBBalloon.exe" [2007-11-30 789144]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]

"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]

"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616]

"Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2011-05-17 231592]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-3-12 50688]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-31 30192]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S0 PzWDM;PzWDM;c:\windows\system32\Drivers\PzWDM.sys [2008-08-25 15172]

S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2011-04-28 126024]

S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-08-03 43912]

S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-10-29 208896]

S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2011-04-28 140608]

S2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\system32\DRIVERS\nmsgopro.sys [2006-09-27 28672]

S2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2006-10-19 7424]

S2 NPWService;NPWService;c:\program files\Generic\Network Printer Wizard\NPWService.exe [2009-01-15 462848]

S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2011-07-05 143624]

S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2011-04-28 99400]

S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2011-04-28 111176]

S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2011-04-28 112712]

S3 IntelDH;IntelDH Driver;c:\windows\system32\Drivers\IntelDH.sys [2007-03-12 5504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2627265198-3619167298-3848510191-1001Core.job

- c:\users\Frank Catena\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-18 01:40]

.

2011-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2627265198-3619167298-3848510191-1001UA.job

- c:\users\Frank Catena\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-18 01:40]

.

2011-08-03 c:\windows\Tasks\User_Feed_Synchronization-{B68EAEE2-B409-448E-8067-96E6B3FF8C8D}.job

- c:\windows\system32\msfeedssync.exe [2008-09-20 07:33]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070312

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

Trusted Zone: internet

Trusted Zone: intuit.com\ttlc

Trusted Zone: mcafee.com

Trusted Zone: turbotax.com

TCP: DhcpNameServer = 192.168.1.1

DPF: {7FA319FB-FFB9-4089-87EB-63179244E6E6} - hxxps://ssl.verizonbusiness.com/nortel_cacheable/NetDirect.cab

FF - ProfilePath - c:\users\Frank Catena\AppData\Roaming\Mozilla\Firefox\Profiles\ko4ujyl7.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=PCAFSI1190&p=

FF - user.js: yahoo.homepage.dontask - true

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-08-04 08:09

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(3704)

c:\programdata\Panda Security URL Filtering\panda_url_filtering.dll

.

Completion time: 2011-08-04 08:11:44

ComboFix-quarantined-files.txt 2011-08-04 12:11

ComboFix2.txt 2011-08-03 12:21

ComboFix3.txt 2011-08-02 13:26

.

Pre-Run: 150,529,662,976 bytes free

Post-Run: 150,504,095,744 bytes free

.

- - End Of File - - 3578B4C2D8D74097F0DD0AE0C733BDDE

MBfan2 · November 10, 2011

Sorry - my bad - above report from August - not this run. Report from this attempt not found? Should I run CF again? I did see it go through Stage1, Stage2, etc... Thanks

LDTate · November 10, 2011

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

File::
c:\users\Frank Catena\AppData\Local\Blonohofafahi.bin


Folder::
c:\program files\Ask.com

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Also let me know if you have a Router

MBfan2 · November 10, 2011

Combofix reran and created this log . Search behavior appears to have returned to normal. PC is connected to a router.

Wow, its looking better ... thanks !

ComboFix 11-11-10.02 - Frank Catena 11/10/2011 14:31:07.6.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.903 [GMT -5:00]

Running from: c:\users\Frank Catena\Desktop\ComboFix.exe

Command switches used :: c:\users\Frank Catena\Desktop\CFScript.txt

AV: Panda Cloud Antivirus *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}

SP: Panda Cloud Antivirus *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\users\Frank Catena\AppData\Local\Blonohofafahi.bin"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Ask.com

c:\program files\Ask.com\btn_search.png

c:\program files\Ask.com\limewire_logo.png

c:\users\Frank Catena\AppData\Local\12fa1b61\U

c:\users\Frank Catena\AppData\Local\12fa1b61\U\80000000.@

c:\users\Frank Catena\AppData\Local\12fa1b61\U\800000cb.@

c:\users\Frank Catena\AppData\Local\12fa1b61\U\800000cf.@

c:\users\Frank Catena\AppData\Local\12fa1b61\X

c:\users\Frank Catena\AppData\Local\Blonohofafahi.bin

c:\windows\$NtUninstallKB63076$

c:\windows\$NtUninstallKB63076$\318380897\@

c:\windows\$NtUninstallKB63076$\318380897\L\qnbwvoto

c:\windows\$NtUninstallKB63076$\318380897\loader.tlb

c:\windows\$NtUninstallKB63076$\318380897\U\@00000001

c:\windows\$NtUninstallKB63076$\318380897\U\@000000c0

c:\windows\$NtUninstallKB63076$\318380897\U\@000000cb

c:\windows\$NtUninstallKB63076$\318380897\U\@000000cf

c:\windows\$NtUninstallKB63076$\318380897\U\@80000000

c:\windows\$NtUninstallKB63076$\318380897\U\@800000c0

c:\windows\$NtUninstallKB63076$\318380897\U\@800000cb

c:\windows\$NtUninstallKB63076$\318380897\U\@800000cf

c:\windows\$NtUninstallKB63076$\485490152

c:\windows\system32\

c:\windows\system32\c_41702.nl_

c:\windows\system32\c_41702.nls

c:\windows\system32\drivers\

.

Infected copy of c:\program files\Intel\IntelDH\CCU\AlertService.exe was found and disinfected

Restored copy from - c:\program files\Intel\IntelDH\CCU\

.

c:\windows\system32\atashost.exe . . . is infected!!

c:\windows\system32\atashost.exe . . . was deleted!! You should re-install the program it pertains to

.

Infected copy of c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe was found and disinfected

Restored copy from - c:\program files\Common Files\Intuit\Update Service\

.

Infected copy of c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe was found and disinfected

Restored copy from - c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\

.

Infected copy of c:\program files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe was found and disinfected

Restored copy from - c:\program files\Intel\IntelDH\Intel Media Server\Shells\

.

Infected copy of c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe was found and disinfected

Restored copy from - c:\program files\Panda Security\Panda Cloud Antivirus\

.

Infected copy of c:\program files\Generic\Network Printer Wizard\NPWService.exe was found and disinfected

Restored copy from - c:\program files\Generic\Network Printer Wizard\

.

c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe . . . is infected!!

c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe . . . was deleted!! You should re-install the program it pertains to

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_12fa1b61

.

((((((((((((((((((((((((( Files Created from 2011-10-10 to 2011-11-10 )))))))))))))))))))))))))))))))

.

2011-11-10 19:46 . 2011-11-10 19:46 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{18F0BAF7-8B57-4153-825E-631F5F702CCD}\offreg.dll

2011-11-10 19:44 . 2011-11-10 19:44 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp

2011-11-10 19:44 . 2011-11-10 19:44 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-09 23:27 . 2011-11-09 23:27 -------- d-----w- C:\0b2388dc2a2e85d4600c5cf6

2011-11-09 13:46 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-11-09 13:46 . 2011-09-20 21:02 913280 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-09 13:46 . 2011-09-20 13:44 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2011-11-09 13:46 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll

2011-11-08 18:10 . 2011-11-10 16:36 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-11-08 16:44 . 2011-11-10 19:41 -------- d-sh--w- c:\users\Frank Catena\AppData\Local\12fa1b61

2011-11-08 13:21 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{18F0BAF7-8B57-4153-825E-631F5F702CCD}\mpengine.dll

2011-10-18 13:03 . 2011-10-18 13:12 -------- d-----w- c:\users\Frank Catena\Tracing

2011-10-18 13:02 . 2011-05-12 21:32 82696 ----a-w- c:\windows\system32\lmdimon8.dll

2011-10-18 13:02 . 2011-05-12 21:32 82184 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lmdippr8.dll

2011-10-18 13:01 . 2011-10-18 13:01 -------- d-----w- c:\programdata\Applications

2011-10-13 00:31 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-13 00:31 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-13 00:31 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax

2011-10-13 00:31 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax

2011-10-13 00:31 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys

2011-10-13 00:31 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll

2011-10-13 00:31 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2011-10-13 00:31 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-13 00:31 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-10 21:24 . 2009-10-20 18:56 35328 ----a-w- c:\windows\system32\drivers\npfs.sys

2011-11-10 16:22 . 2009-10-20 18:56 185856 ----a-w- c:\windows\system32\drivers\netbt.sys

2011-11-08 17:03 . 2007-03-12 16:30 386560 ----a-w- c:\windows\system32\drivers\XAudio.exe

2011-11-08 16:55 . 2011-05-26 12:37 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-31 21:00 . 2011-03-04 19:08 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-10 13:45 . 2011-03-28 14:16 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll