Google redirect

View previous topic View next topic Go down

Google redirect

Post by bluebird on Fri 14 Jan 2011, 5:02 am

Recently I had the bankerfox.a which I managed by Malwarebytes to almost completely eliminate.
There is still the problem of a browser redirect. I manually tried renewing and flushing the DNS, however it only worked briefly. I have a desktop OTL and tried attaching a .txt file scan with this post, but came back as invalid. I also have Combo on hand, but obviously need direction. I am able (though inconsistently and patiently) to get an intended site through FF or Chrome.
Java is updated. Your help is appreciated.

bluebird

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2011-01-13
Operating System : xp professional v.2002 sp2

View user profile

Back to top Go down

Re: Google redirect

Post by Belahzur on Fri 14 Jan 2011, 12:19 pm

Can you post the OTL logs? if not, please upload them both to [You must be registered and logged in to see this link.] and post the share URL.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Google redirect

Post by bluebird on Fri 14 Jan 2011, 1:17 pm

OTL:
[You must be registered and logged in to see this link.]
OTL extra:
[You must be registered and logged in to see this link.]


Last edited by bluebird on Fri 14 Jan 2011, 11:59 pm; edited 2 times in total

bluebird

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2011-01-13
Operating System : xp professional v.2002 sp2

View user profile

Back to top Go down

Re: Google redirect

Post by bluebird on Fri 14 Jan 2011, 2:02 pm

[You must be registered and logged in to see this link.]

bluebird

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2011-01-13
Operating System : xp professional v.2002 sp2

View user profile

Back to top Go down

Re: Google redirect

Post by Belahzur on Sat 15 Jan 2011, 11:33 am

I see you already have MBAM installed on the system.

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan.

Post the new log when done.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Google redirect

Post by bluebird on Sat 15 Jan 2011, 12:36 pm

Sorry for the delay, but I need to transfer the files to another pc since I can't access the internet reliably. Malwarebytes is updated and the files are posted:
[You must be registered and logged in to see this link.]

bluebird

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2011-01-13
Operating System : xp professional v.2002 sp2

View user profile

Back to top Go down

Re: Google redirect

Post by bluebird on Sat 15 Jan 2011, 1:39 pm

scan:
[You must be registered and logged in to see this link.]

removal:
[You must be registered and logged in to see this link.]

bluebird

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2011-01-13
Operating System : xp professional v.2002 sp2

View user profile

Back to top Go down

Re: Google redirect

Post by Belahzur on Sun 16 Jan 2011, 12:41 pm

Hello.

  • Download combofix from here
    Link 1

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Google redirect

Post by bluebird on Sun 16 Jan 2011, 4:24 pm

Before I run Combo-Fix do I need to use the quarantine tab on MBAM to "permanently delete threats"?
It lists 34 items that it holds as "found and removed". Also, is it necessary to suspend MBAM in some way?

bluebird

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2011-01-13
Operating System : xp professional v.2002 sp2

View user profile

Back to top Go down

Re: Google redirect

Post by Belahzur on Mon 17 Jan 2011, 12:05 pm

You can delete the stuff in quarantine if you want, they are just dead backups.

Unless you have the paid for version of MBAM, it's fine to leave open while running Combofix,


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Google redirect

Post by bluebird on Mon 17 Jan 2011, 12:43 pm

Problem...before I signed on to GP I had combo on the desktop. Is there an option to remove it and put the changed name .exe in its place?

bluebird

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2011-01-13
Operating System : xp professional v.2002 sp2

View user profile

Back to top Go down

Re: Google redirect

Post by Belahzur on Tue 18 Jan 2011, 12:06 pm

Just delete it and re-download it.

  • Download combofix from here
    Link 1

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Google redirect

Post by bluebird on Tue 18 Jan 2011, 12:42 pm

Combo-Fix isn't installing due to (cyclic redundancy) so.. apparently it hasn't been deleted. I did "delete" the original from the desktop to the recycle bin and dumped the bin. Also, I'm working thru another pc and transferring via cds as I cannot get any other site but Infomash with the affected pc. I have disabled its internet connection a coupled days ago as well as disabling the AV (McAfee and ThreatFire).

bluebird

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2011-01-13
Operating System : xp professional v.2002 sp2

View user profile

Back to top Go down

Re: Google redirect

Post by Belahzur on Wed 19 Jan 2011, 12:59 pm

Hello.

Download MBRCheck to your desktop.

  • Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  • It will show a black screen with some data on it.
  • A report called MBRcheckxxxx.txt will be on your desktop
  • Open this report and post its content in your next reply.


Next,

Please download TDSSKiller from here and save it to your Desktop.

  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.

Please post both logs.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Google redirect

Post by Belahzur on Wed 19 Jan 2011, 12:59 pm

Hello.

Download MBRCheck to your desktop.

  • Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  • It will show a black screen with some data on it.
  • A report called MBRcheckxxxx.txt will be on your desktop
  • Open this report and post its content in your next reply.


Next,

Please download TDSSKiller from here and save it to your Desktop.

  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.

Please post both logs.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Google redirect

Post by bluebird on Wed 19 Jan 2011, 2:17 pm

Third time's the charm...TDSSKiller log follows:
2009/11/18 22:27:16.0148 TDSS rootkit removing tool 2.4.14.0 Jan 18 2011 09:33:51
2009/11/18 22:27:16.0148 ================================================================================
2009/11/18 22:27:16.0148 SystemInfo:
2009/11/18 22:27:16.0148
2009/11/18 22:27:16.0148 OS Version: 5.1.2600 ServicePack: 2.0
2009/11/18 22:27:16.0148 Product type: Workstation
2009/11/18 22:27:16.0148 ComputerName: IBM-BLUE
2009/11/18 22:27:16.0148 UserName: Robbin
2009/11/18 22:27:16.0148 Windows directory: C:\WINDOWS
2009/11/18 22:27:16.0148 System windows directory: C:\WINDOWS
2009/11/18 22:27:16.0148 Processor architecture: Intel x86
2009/11/18 22:27:16.0148 Number of processors: 1
2009/11/18 22:27:16.0148 Page size: 0x1000
2009/11/18 22:27:16.0148 Boot type: Normal boot
2009/11/18 22:27:16.0148 ================================================================================
2009/11/18 22:27:17.0039 Initialize success
2009/11/18 22:27:27.0244 ================================================================================
2009/11/18 22:27:27.0244 Scan started
2009/11/18 22:27:27.0244 Mode: Manual;
2009/11/18 22:27:27.0244 ================================================================================
2009/11/18 22:27:27.0824 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
2009/11/18 22:27:27.0955 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2009/11/18 22:27:28.0095 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2009/11/18 22:27:28.0235 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2009/11/18 22:27:28.0375 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
2009/11/18 22:27:28.0525 aeaudio (9f59ae2de835641fbb0c6afd80d8fa9b) C:\WINDOWS\system32\drivers\aeaudio.sys
2009/11/18 22:27:28.0706 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2009/11/18 22:27:28.0856 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2009/11/18 22:27:28.0986 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2009/11/18 22:27:29.0126 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\System32\DRIVERS\agp440.sys
2009/11/18 22:27:29.0267 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
2009/11/18 22:27:29.0387 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
2009/11/18 22:27:29.0537 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
2009/11/18 22:27:29.0687 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
2009/11/18 22:27:29.0877 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
2009/11/18 22:27:29.0998 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\System32\DRIVERS\alim1541.sys
2009/11/18 22:27:30.0138 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\System32\DRIVERS\amdagp.sys
2009/11/18 22:27:30.0248 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
2009/11/18 22:27:30.0318 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
2009/11/18 22:27:30.0468 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
2009/11/18 22:27:30.0628 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
2009/11/18 22:27:30.0759 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
2009/11/18 22:27:30.0829 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2009/11/18 22:27:30.0989 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2009/11/18 22:27:31.0159 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2009/11/18 22:27:31.0289 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2009/11/18 22:27:31.0370 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2009/11/18 22:27:31.0480 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
2009/11/18 22:27:31.0670 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2009/11/18 22:27:31.0840 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
2009/11/18 22:27:31.0970 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2009/11/18 22:27:32.0081 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2009/11/18 22:27:32.0241 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2009/11/18 22:27:32.0461 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2009/11/18 22:27:32.0611 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
2009/11/18 22:27:32.0742 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2009/11/18 22:27:32.0892 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
2009/11/18 22:27:33.0052 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
2009/11/18 22:27:33.0182 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
2009/11/18 22:27:33.0292 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2009/11/18 22:27:33.0483 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2009/11/18 22:27:33.0673 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2009/11/18 22:27:33.0823 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2009/11/18 22:27:33.0973 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2009/11/18 22:27:34.0134 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
2009/11/18 22:27:34.0254 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2009/11/18 22:27:34.0314 drvmcdb (f41619ae216b51d68dda163805eefaa9) C:\WINDOWS\system32\drivers\drvmcdb.sys
2009/11/18 22:27:34.0484 drvnddm (b295700e684ed1984db1d6be40354421) C:\WINDOWS\system32\drivers\drvnddm.sys
2009/11/18 22:27:34.0744 E100B (afee15c5b16317ebf17f79cc1843465a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2009/11/18 22:27:34.0875 EGATHDRV (7f220875288944c9c7856e2bc8613b1f) C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
2009/11/18 22:27:35.0035 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2009/11/18 22:27:35.0195 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2009/11/18 22:27:35.0325 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2009/11/18 22:27:35.0445 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2009/11/18 22:27:35.0636 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys
2009/11/18 22:27:35.0766 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2009/11/18 22:27:35.0826 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2009/11/18 22:27:35.0966 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2009/11/18 22:27:36.0086 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2009/11/18 22:27:36.0277 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2009/11/18 22:27:36.0407 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
2009/11/18 22:27:36.0557 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2009/11/18 22:27:36.0707 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2009/11/18 22:27:36.0857 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2009/11/18 22:27:36.0998 HSFHWICH (62003dbef083dc07e5399f44fb4e22bc) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2009/11/18 22:27:37.0188 HSF_DP (f41cd40b94d91edf9443a527053ec549) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2009/11/18 22:27:37.0358 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
2009/11/18 22:27:37.0498 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2009/11/18 22:27:37.0558 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\System32\DRIVERS\i2omp.sys
2009/11/18 22:27:37.0689 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2009/11/18 22:27:37.0789 ialm (45a59e73868cc93fd74b5be4d6707762) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2009/11/18 22:27:37.0989 ibmfilter (7726f73a57f854e19a7fe2905c873edb) C:\WINDOWS\system32\drivers\ibmfilter.sys
2009/11/18 22:27:38.0119 IBMPMDRV (067a88764593b1f46a6cfb00c69c11eb) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
2009/11/18 22:27:38.0199 IBMTPCHK (df674a176eb71300c4e01720a4cbfc57) C:\WINDOWS\system32\drivers\IBMBLDID.SYS
2009/11/18 22:27:38.0340 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2009/11/18 22:27:38.0500 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
2009/11/18 22:27:38.0670 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\System32\DRIVERS\intelide.sys
2009/11/18 22:27:38.0760 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2009/11/18 22:27:38.0930 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2009/11/18 22:27:39.0071 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2009/11/18 22:27:39.0211 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2009/11/18 22:27:39.0351 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2009/11/18 22:27:39.0501 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2009/11/18 22:27:39.0641 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
2009/11/18 22:27:39.0772 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2009/11/18 22:27:39.0862 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2009/11/18 22:27:39.0992 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2009/11/18 22:27:40.0142 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2009/11/18 22:27:40.0292 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2009/11/18 22:27:40.0563 ltmodem5 (9ee18a5a45552673a67532ea37370377) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
2009/11/18 22:27:40.0783 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2009/11/18 22:27:40.0943 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2009/11/18 22:27:41.0064 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2009/11/18 22:27:41.0234 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2009/11/18 22:27:41.0354 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2009/11/18 22:27:41.0494 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2009/11/18 22:27:41.0574 MPFIREWL (21c87da3df00838f5ded19437b8a1213) C:\WINDOWS\system32\Drivers\MpFirewall.sys
2009/11/18 22:27:41.0704 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
2009/11/18 22:27:41.0795 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2009/11/18 22:27:41.0955 MRxSmb (025af03ce51645c62f3b6907a7e2be5e) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2009/11/18 22:27:42.0165 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2009/11/18 22:27:42.0295 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2009/11/18 22:27:42.0425 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2009/11/18 22:27:42.0576 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2009/11/18 22:27:42.0796 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2009/11/18 22:27:42.0946 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2009/11/18 22:27:43.0066 NaiAvFilter1 (affd46144d763d9046673dd2d012cff9) C:\WINDOWS\system32\drivers\naiavf5x.sys
2009/11/18 22:27:43.0197 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2009/11/18 22:27:43.0357 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2009/11/18 22:27:43.0487 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2009/11/18 22:27:43.0637 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2009/11/18 22:27:43.0777 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2009/11/18 22:27:43.0908 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2009/11/18 22:27:44.0048 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2009/11/18 22:27:44.0208 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2009/11/18 22:27:44.0358 NSCIRDA (6216798d29c3ba9d0d6f40bbbab694a5) C:\WINDOWS\system32\DRIVERS\nscirda.sys
2009/11/18 22:27:44.0528 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2009/11/18 22:27:44.0869 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2009/11/18 22:27:44.0999 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2009/11/18 22:27:45.0129 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2009/11/18 22:27:45.0290 P3 (3e16eff2a6fed2d8d7f5a66dfe65d183) C:\WINDOWS\system32\DRIVERS\p3.sys
2009/11/18 22:27:45.0430 PalmUSBD (240c0d4049a833b16b63b636acf01672) C:\WINDOWS\system32\drivers\PalmUSBD.sys
2009/11/18 22:27:45.0580 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2009/11/18 22:27:45.0750 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2009/11/18 22:27:45.0890 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2009/11/18 22:27:46.0051 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2009/11/18 22:27:46.0241 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2009/11/18 22:27:46.0391 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2009/11/18 22:27:46.0531 PCTCore (d9f8e37834eff27442e384d495ee5232) C:\WINDOWS\system32\drivers\PCTCore.sys
2009/11/18 22:27:46.0882 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
2009/11/18 22:27:47.0032 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
2009/11/18 22:27:47.0222 PMEM (fa292805788528c083f416e151b60ab6) C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS
2009/11/18 22:27:47.0363 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2009/11/18 22:27:47.0513 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2009/11/18 22:27:47.0623 psadd (dc23b0d9a0282cb0d8281dbda431ac14) C:\WINDOWS\system32\Drivers\psadd.sys
2009/11/18 22:27:47.0803 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2009/11/18 22:27:47.0953 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2009/11/18 22:27:48.0074 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2009/11/18 22:27:48.0214 QCNDISIF (c854eb3a54aae73046d187a77f54efc5) C:\WINDOWS\system32\drivers\qcndisif.SYS
2009/11/18 22:27:48.0384 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
2009/11/18 22:27:48.0514 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
2009/11/18 22:27:48.0644 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
2009/11/18 22:27:48.0805 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
2009/11/18 22:27:48.0945 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
2009/11/18 22:27:49.0085 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2009/11/18 22:27:49.0185 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2009/11/18 22:27:49.0265 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2009/11/18 22:27:49.0426 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2009/11/18 22:27:49.0556 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2009/11/18 22:27:49.0726 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2009/11/18 22:27:49.0866 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2009/11/18 22:27:49.0996 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2009/11/18 22:27:50.0177 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2009/11/18 22:27:50.0317 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2009/11/18 22:27:50.0537 s24trans (123f270a7f89c1a826ff8a1ae7dc41e5) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2009/11/18 22:27:50.0737 S3SSavage (a94aa8161dd4711bc6f732f21d6407d6) C:\WINDOWS\system32\DRIVERS\s3ssavm.sys
2009/11/18 22:27:50.0958 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2009/11/18 22:27:51.0058 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2009/11/18 22:27:51.0198 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2009/11/18 22:27:51.0318 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2009/11/18 22:27:51.0478 ShockMgr (482ddb9f0f6d88f0503910e1b9728042) C:\WINDOWS\system32\drivers\ShockMgr.sys
2009/11/18 22:27:51.0619 Shockprf (3d593b089133f134f52d6de29b0d058b) C:\WINDOWS\system32\drivers\Shockprf.sys
2009/11/18 22:27:51.0809 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2009/11/18 22:27:51.0969 Smapint (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys
2009/11/18 22:27:52.0129 smwdm (1319ea66a96250d59665d133c0ff7cd0) C:\WINDOWS\system32\drivers\smwdm.sys
2009/11/18 22:27:52.0310 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
2009/11/18 22:27:52.0440 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2009/11/18 22:27:52.0600 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2009/11/18 22:27:52.0780 Srv (e03b4ea274c9e509cca7f9f0cec24232) C:\WINDOWS\system32\DRIVERS\srv.sys
2009/11/18 22:27:52.0931 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2009/11/18 22:27:53.0081 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2009/11/18 22:27:53.0221 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2009/11/18 22:27:53.0281 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2009/11/18 22:27:53.0451 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
2009/11/18 22:27:53.0612 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
2009/11/18 22:27:53.0772 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
2009/11/18 22:27:53.0932 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
2009/11/18 22:27:54.0082 SynTP (9f21fcb5a5bbc7d730018f6b61f638cb) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2009/11/18 22:27:54.0232 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2009/11/18 22:27:54.0433 Tcpip (021415ad071ef3944c27dc9597ed2214) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2009/11/18 22:27:54.0613 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2009/11/18 22:27:54.0753 TDSMAPI (139b4d397d51cf60d6585597b1cf2f51) C:\WINDOWS\system32\drivers\TDSMAPI.SYS
2009/11/18 22:27:54.0873 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2009/11/18 22:27:55.0014 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2009/11/18 22:27:55.0124 TfFsMon (95746e5b1473432f3d9458940dba6e3a) C:\WINDOWS\system32\drivers\TfFsMon.sys
2009/11/18 22:27:55.0284 TfNetMon (02ffdd873e31c5c2d57ca87d11ec36af) C:\WINDOWS\system32\drivers\TfNetMon.sys
2009/11/18 22:27:55.0394 tfsnboio (1797f3375b4bf20e81d69ac8b11445b5) C:\WINDOWS\system32\dla\tfsnboio.sys
2009/11/18 22:27:55.0484 tfsncofs (019ba601cb71a71143aed94f2db26250) C:\WINDOWS\system32\dla\tfsncofs.sys
2009/11/18 22:27:55.0554 tfsndrct (87269d7fa6df7ef84b83bf5b0d2e031c) C:\WINDOWS\system32\dla\tfsndrct.sys
2009/11/18 22:27:55.0664 tfsndres (c435768c370f35a5abf22bd6ca272014) C:\WINDOWS\system32\dla\tfsndres.sys
2009/11/18 22:27:55.0745 tfsnifs (2a144ec7557efb9758d1c121688ebaf5) C:\WINDOWS\system32\dla\tfsnifs.sys
2009/11/18 22:27:55.0885 tfsnopio (1aa2c61a846efbc200703e8dc250297f) C:\WINDOWS\system32\dla\tfsnopio.sys
2009/11/18 22:27:56.0045 tfsnpool (b3b0b6616cae23ab1a4a5898ca6d5552) C:\WINDOWS\system32\dla\tfsnpool.sys
2009/11/18 22:27:56.0205 tfsnudf (1614a1e396f296138d3fb1728f385e0b) C:\WINDOWS\system32\dla\tfsnudf.sys
2009/11/18 22:27:56.0376 tfsnudfa (e5d5b8dde8c221fedc88680631294155) C:\WINDOWS\system32\dla\tfsnudfa.sys
2009/11/18 22:27:56.0516 TfSysMon (f8bd92251ab439383c051ce907d78cce) C:\WINDOWS\system32\drivers\TfSysMon.sys
2009/11/18 22:27:56.0696 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
2009/11/18 22:27:56.0906 TPHKDRV (a7c9656b3cac47a9f786aae88259d8b9) C:\WINDOWS\system32\drivers\TPHKDRV.sys
2009/11/18 22:27:57.0067 TPPWR (dc5c49a5f38d377f7c9a99a5b0c4d1a0) C:\WINDOWS\system32\drivers\Tppwr.sys
2009/11/18 22:27:57.0227 TSMAPIP (f2aba3066d7921d7fcdbd66dea88be11) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
2009/11/18 22:27:57.0367 TwoTrack (17687545f77a648af7f9f1064eb61191) C:\WINDOWS\system32\DRIVERS\TwoTrack.sys
2009/11/18 22:27:57.0527 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2009/11/18 22:27:57.0687 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
2009/11/18 22:27:57.0848 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2009/11/18 22:27:58.0048 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2009/11/18 22:27:58.0178 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2009/11/18 22:27:58.0308 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2009/11/18 22:27:58.0449 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2009/11/18 22:27:58.0609 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2009/11/18 22:27:58.0689 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2009/11/18 22:27:58.0839 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2009/11/18 22:27:58.0979 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2009/11/18 22:27:59.0119 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\System32\DRIVERS\viaagp.sys
2009/11/18 22:27:59.0270 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\System32\DRIVERS\viaide.sys
2009/11/18 22:27:59.0420 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2009/11/18 22:27:59.0800 w29n51 (7a4a198462fe786ee3ce80721a16f5a9) C:\WINDOWS\system32\DRIVERS\w29n51.sys
2009/11/18 22:28:00.0161 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2009/11/18 22:28:00.0361 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2009/11/18 22:28:00.0562 winachsf (542a5f528a6cfebb4487b09538596d78) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2009/11/18 22:28:00.0892 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2009/11/18 22:28:00.0982 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2009/11/18 22:28:01.0152 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2009/11/18 22:28:01.0513 ================================================================================
2009/11/18 22:28:01.0513 Scan finished
2009/11/18 22:28:01.0513 ================================================================================


The MBRcheck log follows:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 162):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EC000 \WINDOWS\system32\hal.dll
0xF8AC3000 \WINDOWS\system32\KDCOM.DLL
0xF89D3000 \WINDOWS\system32\BOOTVID.dll
0xF8583000 fltmgr.sys
0xF8555000 ACPI.sys
0xF8AC5000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF8544000 pci.sys
0xF85C3000 isapnp.sys
0xF89D7000 compbatt.sys
0xF89DB000 \WINDOWS\System32\DRIVERS\BATTC.SYS
0xF8B8B000 pciide.sys
0xF8843000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF8526000 pcmcia.sys
0xF85D3000 MountMgr.sys
0xF8507000 ftdisk.sys
0xF89DF000 ACPIEC.sys
0xF8B8C000 \WINDOWS\System32\DRIVERS\OPRGHDLR.SYS
0xF884B000 PartMgr.sys
0xF85E3000 Shockprf.sys
0xF85F3000 VolSnap.sys
0xF84EF000 atapi.sys
0xF8603000 disk.sys
0xF8613000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF84DD000 sr.sys
0xF84A5000 PCTCore.sys
0xF8623000 PxHelp20.sys
0xF8490000 drvmcdb.sys
0xF847F000 TfFsMon.sys
0xF846E000 TfSysMon.sys
0xF8457000 KSecDD.sys
0xF83CA000 Ntfs.sys
0xF839D000 NDIS.sys
0xF8382000 Mup.sys
0xF87F3000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF7B8D000 \SystemRoot\System32\DRIVERS\ialmnt5.sys
0xF7B79000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF892B000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF7B56000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF8933000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF782A000 \SystemRoot\system32\DRIVERS\w29n51.sys
0xF7806000 \SystemRoot\System32\DRIVERS\e100b325.sys
0xF8803000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF893B000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF77C3000 \SystemRoot\System32\DRIVERS\SynTP.sys
0xF8AF5000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF8943000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF894B000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF8813000 \SystemRoot\System32\DRIVERS\serial.sys
0xF8349000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF77AF000 \SystemRoot\System32\DRIVERS\parport.sys
0xF8953000 \SystemRoot\System32\DRIVERS\nscirda.sys
0xF8345000 \SystemRoot\System32\DRIVERS\irenum.sys
0xF833D000 \SystemRoot\System32\DRIVERS\CmBatt.sys
0xF8339000 \SystemRoot\System32\DRIVERS\ibmpmdrv.sys
0xF8823000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF8AF7000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF8833000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF8653000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF778C000 \SystemRoot\System32\DRIVERS\ks.sys
0xF8335000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF7756000 \SystemRoot\system32\drivers\smwdm.sys
0xF7732000 \SystemRoot\system32\drivers\portcls.sys
0xF8663000 \SystemRoot\system32\drivers\drmk.sys
0xF7712000 \SystemRoot\system32\drivers\aeaudio.sys
0xF76E1000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xF75E2000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF753C000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF895B000 \SystemRoot\System32\Drivers\Modem.SYS
0xF8D03000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF8963000 \SystemRoot\System32\DRIVERS\rasirda.sys
0xF896B000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF8673000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF8329000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF7525000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF8683000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF8693000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF7514000 \SystemRoot\System32\DRIVERS\psched.sys
0xF86A3000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF897B000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF8983000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF74E3000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xF86B3000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF8AFF000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF73E7000 \SystemRoot\System32\DRIVERS\update.sys
0xF7C4E000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF86C3000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF86F3000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF8B0F000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF8B17000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8C14000 \SystemRoot\System32\Drivers\Null.SYS
0xF8B19000 \SystemRoot\System32\Drivers\Beep.SYS
0xF89CB000 \SystemRoot\system32\drivers\ssrtln.sys
0xF8863000 \SystemRoot\System32\drivers\vga.sys
0xF8B1B000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8B1D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF886B000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF8873000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8A97000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xEF057000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xEEFFF000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xEEFEC000 \SystemRoot\System32\Drivers\MpFirewall.sys
0xEEFAB000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xEEF83000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF8A9B000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xEEF61000 \SystemRoot\System32\drivers\afd.sys
0xF8723000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF887B000 \SystemRoot\System32\drivers\TSMAPIP.SYS
0xF8883000 \SystemRoot\System32\drivers\Tppwr.sys
0xF8A9F000 \SystemRoot\System32\Drivers\TPHKDRV.SYS
0xF888B000 \SystemRoot\System32\drivers\TDSMAPI.SYS
0xF8893000 \SystemRoot\System32\drivers\Smapint.sys
0xF8B23000 \SystemRoot\System32\Drivers\ShockMgr.SYS
0xEEF16000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xEEE7F000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF8C46000 \SystemRoot\System32\drivers\IBMBLDID.SYS
0xF8753000 \SystemRoot\System32\Drivers\Fips.SYS
0xF8763000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF8ABF000 \SystemRoot\System32\drivers\ANC.SYS
0xF8743000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEE50A000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8B7B000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xEEF02000 \SystemRoot\System32\drivers\Dxapi.sys
0xF891B000 \SystemRoot\System32\watchdog.sys
0xBF9C2000 \SystemRoot\System32\drivers\dxg.sys
0xF8BB4000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF9E2000 \SystemRoot\System32\ialmdnt5.dll
0xBF9D4000 \SystemRoot\System32\ialmrnt5.dll
0xBFA00000 \SystemRoot\System32\ialmdev5.DLL
0xBFA25000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF8793000 \SystemRoot\system32\drivers\drvnddm.sys
0xF8BDD000 \SystemRoot\system32\dla\tfsndres.sys
0xEE47C000 \SystemRoot\system32\dla\tfsnifs.sys
0xEEEFA000 \SystemRoot\system32\dla\tfsnopio.sys
0xF8AE5000 \SystemRoot\system32\dla\tfsnpool.sys
0xF89A3000 \SystemRoot\system32\dla\tfsnboio.sys
0xF87B3000 \SystemRoot\system32\dla\tfsncofs.sys
0xF8C5F000 \SystemRoot\system32\dla\tfsndrct.sys
0xEE463000 \SystemRoot\system32\dla\tfsnudf.sys
0xEE44A000 \SystemRoot\system32\dla\tfsnudfa.sys
0xEE4A2000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xEE3BC000 \SystemRoot\System32\DRIVERS\irda.sys
0xEE49E000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xEE412000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xEE0AF000 \SystemRoot\system32\drivers\wdmaud.sys
0xEEE1C000 \SystemRoot\system32\drivers\sysaudio.sys
0xEDE75000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF8B01000 \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
0xEEDDC000 \??\C:\WINDOWS\system32\drivers\ibmfilter.sys
0xEDD83000 \SystemRoot\System32\DRIVERS\srv.sys
0xEDBD7000 \SystemRoot\system32\drivers\naiavf5x.sys
0xEDBFB000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xF8B61000 \??\C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS
0xED8FF000 \SystemRoot\System32\DRIVERS\ipfltdrv.sys
0xEDD53000 \??\C:\WINDOWS\system32\drivers\TfNetMon.sys
0xED646000 \SystemRoot\System32\Drivers\HTTP.sys
0xED9A3000 \SystemRoot\System32\DRIVERS\asyncmac.sys
0xF889B000 \??\C:\DOCUME~1\Robbin\LOCALS~1\Temp\mbr.sys
0xECCDE000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 69):
0 System Idle Process
4 System
816 C:\WINDOWS\system32\smss.exe
864 C:\WINDOWS\system32\csrss.exe
888 C:\WINDOWS\system32\winlogon.exe
944 C:\WINDOWS\system32\services.exe
956 C:\WINDOWS\system32\lsass.exe
1116 C:\WINDOWS\system32\ibmpmsvc.exe
1144 C:\WINDOWS\system32\svchost.exe
1212 C:\WINDOWS\system32\svchost.exe
1252 C:\WINDOWS\system32\svchost.exe
1320 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
1436 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
1508 C:\WINDOWS\system32\svchost.exe
1640 C:\WINDOWS\system32\svchost.exe
1844 C:\WINDOWS\explorer.exe
296 C:\WINDOWS\system32\spoolsv.exe
200 C:\Program Files\Bonjour\mDNSResponder.exe
392 C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
516 C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
628 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
696 C:\Program Files\McAfee.com\Agent\Mcdetect.exe
740 C:\PROGRA~1\McAfee.com\VSO\McShield.exe
140 C:\PROGRA~1\McAfee.com\Agent\McTskshd.exe
1560 C:\Program Files\McAfee.com\VSO\oasclnt.exe
1676 C:\Program Files\McAfee.com\VSO\mcvsshld.exe
1828 C:\PROGRA~1\McAfee.com\VSO\McVSEscn.exe
1924 C:\WINDOWS\system32\HPZipm12.exe
2032 C:\WINDOWS\system32\QCONSVC.EXE
2168 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
2232 C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
2276 C:\WINDOWS\system32\svchost.exe
2300 C:\Program Files\ThreatFire\TFService.exe
2372 C:\WINDOWS\system32\TpKmpSvc.exe
3088 C:\WINDOWS\system32\alg.exe
3328 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
3396 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3496 C:\WINDOWS\system32\igfxtray.exe
3640 C:\WINDOWS\system32\hkcmd.exe
3844 C:\WINDOWS\system32\TpShocks.exe
3884 C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
1468 C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
1864 C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
2480 C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.exe
2492 C:\WINDOWS\system32\dla\tfswctrl.exe
2588 C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
2192 C:\IBMTOOLS\utils\ibmprc.exe
2728 C:\WINDOWS\system32\rundll32.exe
2472 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
2184 C:\Program Files\IBM\Updater\jre\bin\javaw.exe
3024 C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
3284 C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
2684 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
456 C:\Program Files\Winamp\winampa.exe
856 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
1636 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I2L1.EXE
3168 C:\Program Files\Carbonite\CarbonitePreinstaller.exe
3740 C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
1696 C:\Program Files\ThreatFire\TFTray.exe
3324 C:\Program Files\RitzPix E-Z Print & Share\OurPictures.exe
440 C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
3908 C:\Program Files\Digital Line Detect\DLG.exe
3004 C:\Program Files\palmOne\Hotsync.exe
1052 C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
3612 C:\Program Files\WinZip\WZQKPICK.EXE
4064 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
2992 C:\WINDOWS\system32\wuauclt.exe
1724 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
368 C:\Documents and Settings\Robbin\Desktop\MBRCheck(2).exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HTS424030M9AT00, Rev: MAAIA75A

Size Device Name MBR Status
--------------------------------------------
27 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 44EDC2AF0E03306DDAE5703769799E7ADABCDD5E


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

bluebird

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2011-01-13
Operating System : xp professional v.2002 sp2

View user profile

Back to top Go down

Re: Google redirect

Post by Belahzur on Thu 20 Jan 2011, 12:55 pm

Re-Run MBRCheck.exe


  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Please push the 'Y' key and then press Enter
  • When program ask you Enter your choice: enter
    [1] Dump the MBR of a physical disk to file.
    and press the Enter key
  • Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes:, followed by a list of operating systems. Please enter
    [ 0] Default (Windows XP)
    [ 1] Windows XP
    [ 2] Windows Server 2003
    [ 3] Windows Vista
    [ 4] Windows 2008
    [ 5] Windows 7
    and then press Enter.
  • The program will ask for the file name to dump to, type dump.dat and Press Enter. You should see Dumped successfully.
  • Next, type -1 and press Enter. Next press Enter again, and the program will exit.
  • Save it to your desktop then attach the resultant output in your next reply


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Google redirect

Post by bluebird on Thu 20 Jan 2011, 3:41 pm

I somehow managed to screw that up...as it doesn't follow the prompts you're indicating. I re-ran it couple times, but after entering
...exit: Y
...choice: 1
...exit>: .
there's no further prompt only
"Done! Press ENTER to exit..."

The file follows:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 162):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EC000 \WINDOWS\system32\hal.dll
0xF8AC3000 \WINDOWS\system32\KDCOM.DLL
0xF89D3000 \WINDOWS\system32\BOOTVID.dll
0xF8583000 fltmgr.sys
0xF8555000 ACPI.sys
0xF8AC5000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF8544000 pci.sys
0xF85C3000 isapnp.sys
0xF89D7000 compbatt.sys
0xF89DB000 \WINDOWS\System32\DRIVERS\BATTC.SYS
0xF8B8B000 pciide.sys
0xF8843000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF8526000 pcmcia.sys
0xF85D3000 MountMgr.sys
0xF8507000 ftdisk.sys
0xF89DF000 ACPIEC.sys
0xF8B8C000 \WINDOWS\System32\DRIVERS\OPRGHDLR.SYS
0xF884B000 PartMgr.sys
0xF85E3000 Shockprf.sys
0xF85F3000 VolSnap.sys
0xF84EF000 atapi.sys
0xF8603000 disk.sys
0xF8613000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF84DD000 sr.sys
0xF84A5000 PCTCore.sys
0xF8623000 PxHelp20.sys
0xF8490000 drvmcdb.sys
0xF847F000 TfFsMon.sys
0xF846E000 TfSysMon.sys
0xF8457000 KSecDD.sys
0xF83CA000 Ntfs.sys
0xF839D000 NDIS.sys
0xF8382000 Mup.sys
0xF87F3000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF7B8D000 \SystemRoot\System32\DRIVERS\ialmnt5.sys
0xF7B79000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF892B000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF7B56000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF8933000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF782A000 \SystemRoot\system32\DRIVERS\w29n51.sys
0xF7806000 \SystemRoot\System32\DRIVERS\e100b325.sys
0xF8803000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF893B000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF77C3000 \SystemRoot\System32\DRIVERS\SynTP.sys
0xF8AF5000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF8943000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF894B000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF8813000 \SystemRoot\System32\DRIVERS\serial.sys
0xF8349000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF77AF000 \SystemRoot\System32\DRIVERS\parport.sys
0xF8953000 \SystemRoot\System32\DRIVERS\nscirda.sys
0xF8345000 \SystemRoot\System32\DRIVERS\irenum.sys
0xF833D000 \SystemRoot\System32\DRIVERS\CmBatt.sys
0xF8339000 \SystemRoot\System32\DRIVERS\ibmpmdrv.sys
0xF8823000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF8AF7000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF8833000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF8653000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF778C000 \SystemRoot\System32\DRIVERS\ks.sys
0xF8335000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF7756000 \SystemRoot\system32\drivers\smwdm.sys
0xF7732000 \SystemRoot\system32\drivers\portcls.sys
0xF8663000 \SystemRoot\system32\drivers\drmk.sys
0xF7712000 \SystemRoot\system32\drivers\aeaudio.sys
0xF76E1000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xF75E2000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF753C000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF895B000 \SystemRoot\System32\Drivers\Modem.SYS
0xF8D03000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF8963000 \SystemRoot\System32\DRIVERS\rasirda.sys
0xF896B000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF8673000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF8329000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF7525000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF8683000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF8693000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF7514000 \SystemRoot\System32\DRIVERS\psched.sys
0xF86A3000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF897B000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF8983000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF74E3000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xF86B3000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF8AFF000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF73E7000 \SystemRoot\System32\DRIVERS\update.sys
0xF7C4E000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF86C3000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF86F3000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF8B0F000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF8B17000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8C14000 \SystemRoot\System32\Drivers\Null.SYS
0xF8B19000 \SystemRoot\System32\Drivers\Beep.SYS
0xF89CB000 \SystemRoot\system32\drivers\ssrtln.sys
0xF8863000 \SystemRoot\System32\drivers\vga.sys
0xF8B1B000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8B1D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF886B000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF8873000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8A97000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xEF057000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xEEFFF000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xEEFEC000 \SystemRoot\System32\Drivers\MpFirewall.sys
0xEEFAB000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xEEF83000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF8A9B000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xEEF61000 \SystemRoot\System32\drivers\afd.sys
0xF8723000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF887B000 \SystemRoot\System32\drivers\TSMAPIP.SYS
0xF8883000 \SystemRoot\System32\drivers\Tppwr.sys
0xF8A9F000 \SystemRoot\System32\Drivers\TPHKDRV.SYS
0xF888B000 \SystemRoot\System32\drivers\TDSMAPI.SYS
0xF8893000 \SystemRoot\System32\drivers\Smapint.sys
0xF8B23000 \SystemRoot\System32\Drivers\ShockMgr.SYS
0xEEF16000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xEEE7F000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF8C46000 \SystemRoot\System32\drivers\IBMBLDID.SYS
0xF8753000 \SystemRoot\System32\Drivers\Fips.SYS
0xF8763000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF8ABF000 \SystemRoot\System32\drivers\ANC.SYS
0xF8743000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEE50A000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8B7B000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xEEF02000 \SystemRoot\System32\drivers\Dxapi.sys
0xF891B000 \SystemRoot\System32\watchdog.sys
0xBF9C2000 \SystemRoot\System32\drivers\dxg.sys
0xF8BB4000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF9E2000 \SystemRoot\System32\ialmdnt5.dll
0xBF9D4000 \SystemRoot\System32\ialmrnt5.dll
0xBFA00000 \SystemRoot\System32\ialmdev5.DLL
0xBFA25000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF8793000 \SystemRoot\system32\drivers\drvnddm.sys
0xF8BDD000 \SystemRoot\system32\dla\tfsndres.sys
0xEE47C000 \SystemRoot\system32\dla\tfsnifs.sys
0xEEEFA000 \SystemRoot\system32\dla\tfsnopio.sys
0xF8AE5000 \SystemRoot\system32\dla\tfsnpool.sys
0xF89A3000 \SystemRoot\system32\dla\tfsnboio.sys
0xF87B3000 \SystemRoot\system32\dla\tfsncofs.sys
0xF8C5F000 \SystemRoot\system32\dla\tfsndrct.sys
0xEE463000 \SystemRoot\system32\dla\tfsnudf.sys
0xEE44A000 \SystemRoot\system32\dla\tfsnudfa.sys
0xEE4A2000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xEE3BC000 \SystemRoot\System32\DRIVERS\irda.sys
0xEE49E000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xEE412000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xEE0AF000 \SystemRoot\system32\drivers\wdmaud.sys
0xEEE1C000 \SystemRoot\system32\drivers\sysaudio.sys
0xEDE75000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF8B01000 \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
0xEEDDC000 \??\C:\WINDOWS\system32\drivers\ibmfilter.sys
0xEDD83000 \SystemRoot\System32\DRIVERS\srv.sys
0xEDBD7000 \SystemRoot\system32\drivers\naiavf5x.sys
0xEDBFB000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xF8B61000 \??\C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS
0xED8FF000 \SystemRoot\System32\DRIVERS\ipfltdrv.sys
0xEDD53000 \??\C:\WINDOWS\system32\drivers\TfNetMon.sys
0xED646000 \SystemRoot\System32\Drivers\HTTP.sys
0xED9A3000 \SystemRoot\System32\DRIVERS\asyncmac.sys
0xF889B000 \??\C:\DOCUME~1\Robbin\LOCALS~1\Temp\mbr.sys
0xECCDE000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 69):
0 System Idle Process
4 System
816 C:\WINDOWS\system32\smss.exe
864 C:\WINDOWS\system32\csrss.exe
888 C:\WINDOWS\system32\winlogon.exe
944 C:\WINDOWS\system32\services.exe
956 C:\WINDOWS\system32\lsass.exe
1116 C:\WINDOWS\system32\ibmpmsvc.exe
1144 C:\WINDOWS\system32\svchost.exe
1212 C:\WINDOWS\system32\svchost.exe
1252 C:\WINDOWS\system32\svchost.exe
1320 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
1436 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
1508 C:\WINDOWS\system32\svchost.exe
1640 C:\WINDOWS\system32\svchost.exe
1844 C:\WINDOWS\explorer.exe
296 C:\WINDOWS\system32\spoolsv.exe
200 C:\Program Files\Bonjour\mDNSResponder.exe
392 C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
516 C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
628 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
696 C:\Program Files\McAfee.com\Agent\Mcdetect.exe
740 C:\PROGRA~1\McAfee.com\VSO\McShield.exe
140 C:\PROGRA~1\McAfee.com\Agent\McTskshd.exe
1560 C:\Program Files\McAfee.com\VSO\oasclnt.exe
1676 C:\Program Files\McAfee.com\VSO\mcvsshld.exe
1828 C:\PROGRA~1\McAfee.com\VSO\McVSEscn.exe
1924 C:\WINDOWS\system32\HPZipm12.exe
2032 C:\WINDOWS\system32\QCONSVC.EXE
2168 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
2232 C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
2276 C:\WINDOWS\system32\svchost.exe
2300 C:\Program Files\ThreatFire\TFService.exe
2372 C:\WINDOWS\system32\TpKmpSvc.exe
3088 C:\WINDOWS\system32\alg.exe
3328 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
3396 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3496 C:\WINDOWS\system32\igfxtray.exe
3640 C:\WINDOWS\system32\hkcmd.exe
3844 C:\WINDOWS\system32\TpShocks.exe
3884 C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
1468 C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
1864 C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
2480 C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.exe
2492 C:\WINDOWS\system32\dla\tfswctrl.exe
2588 C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
2192 C:\IBMTOOLS\utils\ibmprc.exe
2728 C:\WINDOWS\system32\rundll32.exe
2472 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
2184 C:\Program Files\IBM\Updater\jre\bin\javaw.exe
3024 C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
3284 C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
2684 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
456 C:\Program Files\Winamp\winampa.exe
856 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
1636 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I2L1.EXE
3168 C:\Program Files\Carbonite\CarbonitePreinstaller.exe
3740 C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
1696 C:\Program Files\ThreatFire\TFTray.exe
3324 C:\Program Files\RitzPix E-Z Print & Share\OurPictures.exe
440 C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
3908 C:\Program Files\Digital Line Detect\DLG.exe
3004 C:\Program Files\palmOne\Hotsync.exe
1052 C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
3612 C:\Program Files\WinZip\WZQKPICK.EXE
4064 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
2992 C:\WINDOWS\system32\wuauclt.exe
1724 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
368 C:\Documents and Settings\Robbin\Desktop\MBRCheck(2).exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HTS424030M9AT00, Rev: MAAIA75A

Size Device Name MBR Status
--------------------------------------------
27 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 44EDC2AF0E03306DDAE5703769799E7ADABCDD5E


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

bluebird

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2011-01-13
Operating System : xp professional v.2002 sp2

View user profile

Back to top Go down

Re: Google redirect

Post by Belahzur on Fri 21 Jan 2011, 12:33 pm

Hello.
Did you follow my instructions? if so it should of made a dump.dat file. Please zip that file and attach it in your next post.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Google redirect

Post by bluebird on Fri 21 Jan 2011, 12:42 pm

I tried repeating it several times, but it doesn't get me to a prompt where I can type "dump.dat". Whatever "Done!" means is the only answer I get.

I admittedly have no idea what this refers to, but after the : at

"Enter the physical disk number to dump <0-99, -1 to exit:"

when I enter . it just returns--- "Done!"

Is there something else I can enter at that point???
----------------------------
BTW why does ComboFix (or CommyFix or Combo-Fix) begin to run---as I've tried it again--- then open with a window heading
C:\32788R22FWJFW\License\iexplore.exe ??

------------------------------

One additional question:

If I upgrade the OS to Windows 7 would it eliminate the remnants of the virus??

bluebird

Newbie Surfer
Newbie Surfer

Posts : 11
Joined : 2011-01-13
Operating System : xp professional v.2002 sp2

View user profile

Back to top Go down

Re: Google redirect

Post by Belahzur on Sat 22 Jan 2011, 11:51 am

More than likely yes as that would be installing another OS.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Google redirect

Post by Sponsored content Today at 11:18 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum