Help With Google Redirect Problem [Closed] [Solved]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

2 Pages

1 2 >

Help With Google Redirect Problem [Closed] [Solved]

Options

PA Jeeper View Member Profile	Aug 18 2009, 06:22 PM Post #1
New Member Posts: 9 OS: WinXP	A family friend caught some nasty malware on their PC, below is the HijackThis log. Google's search is useless as it just goes to a page cannot be displayed or sometimes redirects you to coupon mountain for example. They at first tried to go back with a system restore which did not work. Then they tried their macafee antivirus, malware bytes and even spybot search and destroy which nothing worked either. Thanks for taking your time to help! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:04:27 PM, on 8/18/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\McAfee.com\Agent\mcagent.exe C:\WINDOWS\zHotkey.exe C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\svchost.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac O1 - Hosts: 74.125.45.100 4-open-davinci.com O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com O1 - Hosts: 74.125.45.100 privatesecuredpayments.com O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com O1 - Hosts: 74.125.45.100 getantivirusplusnow.com O1 - Hosts: 74.125.45.100 secure-plus-payments.com O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com O1 - Hosts: 74.125.45.100 www.getavplusnow.com O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com O1 - Hosts: 64.86.17.32 google.ae O1 - Hosts: 64.86.17.32 google.as O1 - Hosts: 64.86.17.32 google.at O1 - Hosts: 64.86.17.32 google.az O1 - Hosts: 64.86.17.32 google.ba O1 - Hosts: 64.86.17.32 google.be O1 - Hosts: 64.86.17.32 google.bg O1 - Hosts: 64.86.17.32 google.bs O1 - Hosts: 64.86.17.32 google.ca O1 - Hosts: 64.86.17.32 google.cd O1 - Hosts: 64.86.17.32 google.com.gh O1 - Hosts: 64.86.17.32 google.com.hk O1 - Hosts: 64.86.17.32 google.com.jm O1 - Hosts: 64.86.17.32 google.com.mx O1 - Hosts: 64.86.17.32 google.com.my O1 - Hosts: 64.86.17.32 google.com.na O1 - Hosts: 64.86.17.32 google.com.nf O1 - Hosts: 64.86.17.32 google.com.ng O1 - Hosts: 64.86.17.32 google.ch O1 - Hosts: 64.86.17.32 google.com.np O1 - Hosts: 64.86.17.32 google.com.pr O1 - Hosts: 64.86.17.32 google.com.qa O1 - Hosts: 64.86.17.32 google.com.sg O1 - Hosts: 64.86.17.32 google.com.tj O1 - Hosts: 64.86.17.32 google.com.tw O1 - Hosts: 64.86.17.32 google.dj O1 - Hosts: 64.86.17.32 google.de O1 - Hosts: 64.86.17.32 google.dk O1 - Hosts: 64.86.17.32 google.dm O1 - Hosts: 64.86.17.32 google.ee O1 - Hosts: 64.86.17.32 google.fi O1 - Hosts: 64.86.17.32 google.fm O1 - Hosts: 64.86.17.32 google.fr O1 - Hosts: 64.86.17.32 google.ge O1 - Hosts: 64.86.17.32 google.gg O1 - Hosts: 64.86.17.32 google.gm O1 - Hosts: 64.86.17.32 google.gr O1 - Hosts: 64.86.17.32 google.ht O1 - Hosts: 64.86.17.32 google.ie O1 - Hosts: 64.86.17.32 google.im O1 - Hosts: 64.86.17.32 google.in O1 - Hosts: 64.86.17.32 google.it O1 - Hosts: 64.86.17.32 google.ki O1 - Hosts: 64.86.17.32 google.la O1 - Hosts: 64.86.17.32 google.li O1 - Hosts: 64.86.17.32 google.lv O1 - Hosts: 64.86.17.32 google.ma O1 - Hosts: 64.86.17.32 google.ms O1 - Hosts: 64.86.17.32 google.mu O1 - Hosts: 64.86.17.32 google.mw O1 - Hosts: 64.86.17.32 google.nl O1 - Hosts: 64.86.17.32 google.no O1 - Hosts: 64.86.17.32 google.nr O1 - Hosts: 64.86.17.32 google.nu O1 - Hosts: 64.86.17.32 google.pl O1 - Hosts: 64.86.17.32 google.pn O1 - Hosts: 64.86.17.32 google.pt O1 - Hosts: 64.86.17.32 google.ro O1 - Hosts: 64.86.17.32 google.ru O1 - Hosts: 64.86.17.32 google.rw O1 - Hosts: 64.86.17.32 google.sc O1 - Hosts: 64.86.17.32 google.se O1 - Hosts: 64.86.17.32 google.sh O1 - Hosts: 64.86.17.32 google.si O1 - Hosts: 64.86.17.32 google.sm O1 - Hosts: 64.86.17.32 google.sn O1 - Hosts: 64.86.17.32 google.st O1 - Hosts: 64.86.17.32 google.tl O1 - Hosts: 64.86.17.32 google.tm O1 - Hosts: 64.86.17.32 google.tt O1 - Hosts: 64.86.17.32 google.us O1 - Hosts: 64.86.17.32 google.vu O1 - Hosts: 64.86.17.32 google.ws O1 - Hosts: 64.86.17.32 google.co.ck O1 - Hosts: 64.86.17.32 google.co.id O1 - Hosts: 64.86.17.32 google.co.il O1 - Hosts: 64.86.17.32 google.co.in O1 - Hosts: 64.86.17.32 google.co.jp O1 - Hosts: 64.86.17.32 google.co.kr O1 - Hosts: 64.86.17.32 google.co.ls O1 - Hosts: 64.86.17.32 google.co.ma O1 - Hosts: 64.86.17.32 google.co.nz O1 - Hosts: 64.86.17.32 google.co.tz O1 - Hosts: 64.86.17.32 google.co.ug O1 - Hosts: 64.86.17.32 google.co.uk O1 - Hosts: 64.86.17.32 google.co.za O1 - Hosts: 64.86.17.32 google.co.zm O1 - Hosts: 64.86.17.32 google.com O1 - Hosts: 64.86.17.32 google.com.af O1 - Hosts: 64.86.17.32 google.com.ag O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [CHotkey] zHotkey.exe O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Power2GoExpress] NA O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~4.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; yie8)" -"http://www.freeplaynow.com/online-games/play/1308/kol-off-road.html" O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://co.schuylkill.pa.us/_applets/smsx.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 14176 bytes

handhfan View Member Profile	Aug 18 2009, 08:59 PM Post #2
GeekU Moderator Posts: 8,651 From: Massachusetts OS: Windows XP Pro, Windows 7 Pro 64- and 32-bit; Virtual PC	Hello, PA Jeeper, and welcome to GeeksToGo! Please download SystemLook from one of the links below and save it to your Desktop. Download Mirror #1 Download Mirror #2 Double-click SystemLook.exe to run it. Copy the content of the following codebox into the main textfield: CODE :dir C:\WINDOWS\system32\drivers\etc Click the Look button to start the scan. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. Note: The log can also be found on your Desktop entitled SystemLook.txt

PA Jeeper View Member Profile	Aug 20 2009, 02:34 PM Post #3
New Member Posts: 9 OS: WinXP	SystemLook v1.0 by jpshortstuff (22.05.09) Log created at 16:18 on 20/08/2009 by Administrator (Administrator - Elevation successful) ========== dir ========== C:\WINDOWS\system32\drivers - Parameters: "(none)" ---Files--- 1394bus.sys --a--- 53376 bytes [06:10 04/08/2004] [18:46 13/04/2008] ABP480N5.SYS --a--- 23552 bytes [09:45 21/06/2006] [03:52 18/08/2001] acpi.sys --a--- 187776 bytes [06:07 04/08/2004] [18:36 13/04/2008] acpiec.sys --a--- 11648 bytes [20:57 17/08/2001] [19:00 10/08/2004] adpu160m.sys --a--- 101888 bytes [09:38 21/06/2006] [04:07 18/08/2001] adv01nt5.dll ------ 4255 bytes [23:03 22/08/2008] [00:11 14/04/2008] adv02nt5.dll ------ 3967 bytes [23:03 22/08/2008] [00:11 14/04/2008] adv05nt5.dll ------ 3615 bytes [23:03 22/08/2008] [00:11 14/04/2008] adv07nt5.dll ------ 3647 bytes [23:03 22/08/2008] [00:11 14/04/2008] adv08nt5.dll ------ 3135 bytes [23:03 22/08/2008] [00:11 14/04/2008] adv09nt5.dll ------ 3711 bytes [23:03 22/08/2008] [00:11 14/04/2008] adv11nt5.dll ------ 3775 bytes [23:03 22/08/2008] [00:11 14/04/2008] aec.sys --a--- 142592 bytes [08:06 21/06/2006] [16:39 13/04/2008] afd.sys --a--- 138496 bytes [09:23 17/06/2006] [10:04 14/08/2008] agp440.sys --a--- 42368 bytes [09:33 21/06/2006] [18:36 13/04/2008] agpcpq.sys --a--- 44928 bytes [09:35 21/06/2006] [18:36 13/04/2008] aha154x.sys --a--- 12800 bytes [09:37 21/06/2006] [03:52 18/08/2001] aic78u2.sys --a--- 55168 bytes [09:38 21/06/2006] [04:07 18/08/2001] aic78xx.sys --a--- 56960 bytes [09:39 21/06/2006] [04:07 18/08/2001] aliide.sys --a--- 5248 bytes [09:46 21/06/2006] [03:51 18/08/2001] alim1541.sys --a--- 42752 bytes [09:32 21/06/2006] [18:36 13/04/2008] amdagp.sys --a--- 43008 bytes [09:32 21/06/2006] [18:36 13/04/2008] amdk6.sys --a--- 37376 bytes [05:59 04/08/2004] [18:31 13/04/2008] amdk7.sys --a--- 37760 bytes [05:59 04/08/2004] [18:31 13/04/2008] amsint.sys --a--- 12032 bytes [09:45 21/06/2006] [03:52 18/08/2001] arp1394.sys --a--- 60800 bytes [05:58 04/08/2004] [18:51 13/04/2008] asc.sys --a--- 26496 bytes [09:44 21/06/2006] [03:52 18/08/2001] asc3350p.sys --a--- 22400 bytes [09:45 21/06/2006] [03:52 18/08/2001] asc3550.sys --a--- 14848 bytes [09:44 21/06/2006] [03:51 18/08/2001] asyncmac.sys --a--- 14336 bytes [09:23 17/06/2006] [18:57 13/04/2008] atapi.sys --a--- 96512 bytes [05:59 04/08/2004] [18:40 13/04/2008] ati1btxx.sys ------ 56623 bytes [23:03 22/08/2008] [02:29 04/08/2004] ati1mdxx.sys ------ 11615 bytes [23:03 22/08/2008] [02:29 04/08/2004] ati1pdxx.sys ------ 12047 bytes [23:03 22/08/2008] [02:29 04/08/2004] ati1raxx.sys ------ 30671 bytes [23:03 22/08/2008] [02:29 04/08/2004] ati1rvxx.sys ------ 63663 bytes [23:03 22/08/2008] [02:29 04/08/2004] ati1snxx.sys ------ 26367 bytes [23:03 22/08/2008] [02:29 04/08/2004] ati1ttxx.sys ------ 21343 bytes [23:03 22/08/2008] [02:29 04/08/2004] ati1tuxx.sys ------ 36463 bytes [23:03 22/08/2008] [02:29 04/08/2004] ati1xbxx.sys ------ 29455 bytes [23:03 22/08/2008] [02:29 04/08/2004] ati1xsxx.sys ------ 34735 bytes [23:03 22/08/2008] [02:29 04/08/2004] ati2erec.dll --a--- 49152 bytes [02:37 19/09/2006] [01:15 09/05/2007] ati2mtaa.sys ------ 327040 bytes [23:03 22/08/2008] [02:29 04/08/2004] ati2mtag.sys --a--- 2164736 bytes [02:37 19/09/2006] [01:58 09/05/2007] AtiHdAud.sys --a--- 84992 bytes [16:44 28/12/2006] [16:44 28/12/2006] AtiHdmi.sys --a--- 84992 bytes [23:40 20/07/2007] [23:40 20/07/2007] atinbtxx.sys ------ 57856 bytes [23:03 22/08/2008] [02:29 04/08/2004] atinmdxx.sys ------ 13824 bytes [23:03 22/08/2008] [02:29 04/08/2004] atinpdxx.sys ------ 14336 bytes [23:03 22/08/2008] [02:29 04/08/2004] atinraxx.sys ------ 52224 bytes [23:03 22/08/2008] [02:29 04/08/2004] atinrvxx.sys ------ 104960 bytes [23:03 22/08/2008] [02:29 04/08/2004] atinsnxx.sys ------ 28672 bytes [23:03 22/08/2008] [02:29 04/08/2004] atinttxx.sys ------ 13824 bytes [23:03 22/08/2008] [02:29 04/08/2004] atintuxx.sys ------ 73216 bytes [23:03 22/08/2008] [02:29 04/08/2004] atinxbxx.sys ------ 31744 bytes [23:03 22/08/2008] [02:29 04/08/2004] atinxsxx.sys ------ 63488 bytes [23:03 22/08/2008] [02:29 04/08/2004] ativcaxx.cpa --a--- 1311202 bytes [02:37 19/09/2006] [12:19 18/04/2007] ativcaxx.vp --a--- 929 bytes [02:37 19/09/2006] [12:19 18/04/2007] ativckxx.vp --a--- 2096 bytes [02:37 19/09/2006] [21:26 23/08/2006] ativdkxx.vp --a--- 2096 bytes [12:19 18/04/2007] [12:19 18/04/2007] ativmc20.cod ------ 64352 bytes [23:03 22/08/2008] [15:36 17/07/2004] ativvpxx.vp --a--- 43104 bytes [02:37 19/09/2006] [03:28 09/05/2007] atmarpc.sys --a--- 59904 bytes [09:23 17/06/2006] [18:51 13/04/2008] atmepvc.sys --a--- 31360 bytes [09:23 17/06/2006] [19:00 10/08/2004] atmlane.sys --a--- 55808 bytes [09:23 17/06/2006] [18:51 13/04/2008] atmuni.sys --a--- 352256 bytes [09:23 17/06/2006] [19:00 10/08/2004] atv01nt5.dll ------ 21183 bytes [23:03 22/08/2008] [00:11 14/04/2008] atv02nt5.dll ------ 11359 bytes [23:03 22/08/2008] [00:11 14/04/2008] atv04nt5.dll ------ 25471 bytes [23:03 22/08/2008] [00:11 14/04/2008] atv06nt5.dll ------ 14143 bytes [23:03 22/08/2008] [00:11 14/04/2008] atv10nt5.dll ------ 17279 bytes [23:03 22/08/2008] [00:11 14/04/2008] audstub.sys --a--- 3072 bytes [02:34 17/06/2006] [20:59 17/08/2001] battc.sys --a--- 14208 bytes [02:32 17/06/2006] [18:36 13/04/2008] beep.sys --a--- 4224 bytes [09:23 17/06/2006] [19:00 10/08/2004] bridge.sys --a--- 71552 bytes [09:23 17/06/2006] [18:53 13/04/2008] bthenum.sys ------ 17024 bytes [23:03 22/08/2008] [18:46 13/04/2008] bthmodem.sys ------ 37888 bytes [23:03 22/08/2008] [18:46 13/04/2008] bthpan.sys ------ 101120 bytes [23:03 22/08/2008] [18:51 13/04/2008] bthport.sys ------ 272128 bytes [15:01 11/06/2008] [11:05 13/06/2008] bthprint.sys ------ 36480 bytes [23:03 22/08/2008] [18:46 13/04/2008] bthusb.sys ------ 18944 bytes [23:03 22/08/2008] [18:46 13/04/2008] cbidf2k.sys --a--- 13952 bytes [20:52 17/08/2001] [03:52 18/08/2001] cd20xrnt.sys --a--- 7680 bytes [09:44 21/06/2006] [03:52 18/08/2001] cdaudio.sys --a--- 18688 bytes [20:52 17/08/2001] [19:00 10/08/2004] cdfs.sys --a--- 63744 bytes [09:23 17/06/2006] [19:14 13/04/2008] cdr4_xp.sys --a--- 2432 bytes [07:00 24/07/2006] [07:00 24/07/2006] cdralw2k.sys --a--- 2560 bytes [07:00 24/07/2006] [07:00 24/07/2006] cdrom.sys --a--- 62976 bytes [05:59 04/08/2004] [18:40 13/04/2008] ch7xxnt5.dll ------ 15423 bytes [23:03 22/08/2008] [00:11 14/04/2008] cinemst2.sys --a--- 262528 bytes [21:02 17/08/2001] [19:00 10/08/2004] classpnp.sys --a--- 49536 bytes [09:23 17/06/2006] [19:16 13/04/2008] cmbatt.sys --a--- 13952 bytes [02:32 17/06/2006] [18:36 13/04/2008] cmdide.sys --a--- 6656 bytes [09:46 21/06/2006] [03:51 18/08/2001] compbatt.sys --a--- 10240 bytes [02:32 17/06/2006] [18:36 13/04/2008] cpqarray.sys --a--- 14976 bytes [09:40 21/06/2006] [03:52 18/08/2001] cpqdap01.sys --a--- 11776 bytes [20:24 17/08/2001] [19:00 10/08/2004] crusoe.sys --a--- 36736 bytes [05:59 04/08/2004] [18:31 13/04/2008] cxthsfs2.cty ------ 129045 bytes [23:04 22/08/2008] [02:55 18/07/2004] dac2w2k.sys --a--- 179584 bytes [09:44 21/06/2006] [03:52 18/08/2001] dac960nt.sys --a--- 14720 bytes [09:44 21/06/2006] [03:52 18/08/2001] disk.sys --a--- 36352 bytes [05:59 04/08/2004] [18:40 13/04/2008] diskdump.sys --a--- 14208 bytes [09:23 17/06/2006] [18:40 13/04/2008] DLACDBHM.SYS --a--- 12920 bytes [01:19 25/06/2008] [13:45 15/09/2006] DLARTL_M.SYS --a--- 28184 bytes [01:19 25/06/2008] [13:45 15/09/2006] dmboot.sys --a--- 799744 bytes [09:23 17/06/2006] [18:44 13/04/2008] dmio.sys --a--- 153344 bytes [09:23 17/06/2006] [18:44 13/04/2008] dmload.sys --a--- 5888 bytes [09:23 17/06/2006] [19:00 10/08/2004] dmusic.sys --a--- 52864 bytes [03:26 19/09/2006] [18:45 13/04/2008] dpti2o.sys --a--- 20192 bytes [09:39 21/06/2006] [04:07 18/08/2001] drmk.sys --a--- 60160 bytes [03:26 19/09/2006] [18:45 13/04/2008] drmkaud.sys --a--- 2944 bytes [03:26 19/09/2006] [18:45 13/04/2008] DRVMCDB.SYS --a--- 99816 bytes [01:19 25/06/2008] [12:22 25/10/2006] DRVNDDM.SYS --a--- 51768 bytes [01:19 25/06/2008] [13:42 15/09/2006] dxapi.sys --a--- 10496 bytes [09:23 17/06/2006] [19:00 10/08/2004] dxg.sys --a--- 71168 bytes [06:00 04/08/2004] [18:38 13/04/2008] dxgthk.sys --a--- 3328 bytes [09:23 17/06/2006] [19:00 10/08/2004] enum1394.sys --a--- 6400 bytes [02:33 17/06/2006] [20:46 17/08/2001] fastfat.sys --a--- 143744 bytes [09:23 17/06/2006] [19:14 13/04/2008] fdc.sys --a--- 27392 bytes [05:59 04/08/2004] [18:40 13/04/2008] fips.sys --a--- 44544 bytes [09:23 17/06/2006] [18:33 13/04/2008] flpydisk.sys --a--- 20480 bytes [05:59 04/08/2004] [18:40 13/04/2008] fltmgr.sys --a--- 129792 bytes [09:38 17/06/2006] [18:32 13/04/2008] fsvga.sys --a--- 12160 bytes [20:57 17/08/2001] [19:00 10/08/2004] fs_rec.sys --a--- 7936 bytes [09:23 17/06/2006] [19:00 10/08/2004] ftdisk.sys --a--- 125056 bytes [20:52 17/08/2001] [03:52 18/08/2001] gagp30kx.sys ------ 46464 bytes [23:04 22/08/2008] [18:36 13/04/2008] GEARAspiWDM.sys --a--- 15464 bytes [01:18 15/11/2008] [18:12 17/04/2008] gm.dls --a--- 3440660 bytes [09:23 17/06/2006] [19:00 10/08/2004] gmreadme.txt --a--- 646 bytes [09:23 17/06/2006] [19:00 10/08/2004] hdaudbus.sys --a--- 144384 bytes [00:07 08/01/2005] [16:36 13/04/2008] Hdaudio.sys --a--- 145920 bytes [00:07 08/01/2005] [00:07 08/01/2005] hidbth.sys ------ 25600 bytes [23:04 22/08/2008] [18:46 13/04/2008] hidclass.sys --a--- 36864 bytes [06:08 04/08/2004] [18:45 13/04/2008] hidir.sys ------ 19200 bytes [04:34 19/06/2006] [18:45 13/04/2008] hidparse.sys --a--- 24960 bytes [06:08 04/08/2004] [18:45 13/04/2008] hidusb.sys --a--- 10368 bytes [07:57 21/06/2006] [18:45 13/04/2008] hpn.sys --a--- 25952 bytes [09:41 21/06/2006] [04:07 18/08/2001] HPZid412.sys -ra--- 49664 bytes [01:09 26/02/2008] [00:04 13/04/2006] HPZipr12.sys -ra--- 16496 bytes [01:09 26/02/2008] [00:04 13/04/2006] HPZius12.sys --a--- 21568 bytes [00:04 13/04/2006] [00:04 13/04/2006] hsfbs2s2.sys ------ 220032 bytes [23:04 22/08/2008] [02:41 04/08/2004] hsfcxts2.sys ------ 685056 bytes [23:04 22/08/2008] [02:41 04/08/2004] hsfdpsp2.sys ------ 1041536 bytes [23:04 22/08/2008] [02:41 04/08/2004] HSFHWBS2.sys --a--- 221440 bytes [02:55 19/09/2006] [16:50 17/03/2005] HSFProf.cty --a--- 133221 bytes [02:55 19/09/2006] [03:29 17/03/2005] HSF_CNXT.sys --a--- 705280 bytes [02:55 19/09/2006] [16:50 17/03/2005] HSF_DPV.sys --a--- 1033600 bytes [02:55 19/09/2006] [16:51 17/03/2005] http.sys --a--- 264832 bytes [06:00 04/08/2004] [18:53 13/04/2008] i2omgmt.sys --a--- 8576 bytes [09:43 21/06/2006] [18:41 13/04/2008] i2omp.sys --a--- 18560 bytes [09:43 21/06/2006] [18:41 13/04/2008] i8042prt.sys --a--- 52480 bytes [06:14 04/08/2004] [19:18 13/04/2008] imapi.sys --a--- 42112 bytes [06:00 04/08/2004] [18:40 13/04/2008] ini910u.sys --a--- 16000 bytes [09:45 21/06/2006] [03:52 18/08/2001] intelide.sys --a--- 5504 bytes [02:33 17/06/2006] [18:40 13/04/2008] intelppm.sys --a--- 36352 bytes [05:59 04/08/2004] [18:31 13/04/2008] ip6fw.sys --a--- 36608 bytes [09:23 17/06/2006] [18:53 13/04/2008] ipfltdrv.sys --a--- 32896 bytes [09:23 17/06/2006] [19:00 10/08/2004] ipinip.sys --a--- 20864 bytes [09:23 17/06/2006] [18:57 13/04/2008] ipnat.sys --a--- 152832 bytes [09:23 17/06/2006] [18:57 13/04/2008] ipsec.sys --a--- 75264 bytes [09:23 17/06/2006] [19:19 13/04/2008] irbus.sys ------ 46592 bytes [04:34 19/06/2006] [18:45 13/04/2008] irenum.sys --a--- 11264 bytes [02:31 17/06/2006] [18:54 13/04/2008] isapnp.sys --a--- 37248 bytes [20:58 17/08/2001] [18:36 13/04/2008] kbdclass.sys --a--- 24576 bytes [05:58 04/08/2004] [18:39 13/04/2008] kbdhid.sys --a--- 14592 bytes [07:57 21/06/2006] [18:39 13/04/2008] kmixer.sys --a--- 172416 bytes [03:26 19/09/2006] [18:45 13/04/2008] ks.sys --a--- 141056 bytes [06:15 04/08/2004] [19:16 13/04/2008] ksecdd.sys --a--- 92928 bytes [09:23 17/06/2006] [11:18 24/06/2009] mbam.sys --a--- 19096 bytes [01:54 13/08/2009] [17:36 03/08/2009] mbamswissarmy.sys --a--- 38160 bytes [01:54 13/08/2009] [17:36 03/08/2009] mcd.sys --a--- 7680 bytes [09:23 17/06/2006] [19:00 10/08/2004] mdmxsdk.sys --a--- 13059 bytes [02:55 19/09/2006] [19:04 17/03/2004] mf.sys --a--- 63744 bytes [06:07 04/08/2004] [18:36 13/04/2008] mfeavfk.sys --a--- 79880 bytes [23:16 07/02/2007] [15:06 25/03/2009] mfebopk.sys --a--- 35272 bytes [23:16 07/02/2007] [15:06 25/03/2009] mfehidk.sys --a--- 214024 bytes [23:16 07/02/2007] [15:06 25/03/2009] mferkdk.sys --a--- 34216 bytes [23:16 07/02/2007] [15:05 25/03/2009] mfesmfk.sys --a--- 40552 bytes [23:16 07/02/2007] [15:06 25/03/2009] mhndrv.sys --a--- 11008 bytes [09:36 17/06/2006] [17:45 10/08/2004] mnmdd.sys --a--- 4224 bytes [09:24 17/06/2006] [19:00 10/08/2004] modem.sys --a--- 30080 bytes [06:08 04/08/2004] [19:00 13/04/2008] mouclass.sys --a--- 23040 bytes [05:58 04/08/2004] [18:39 13/04/2008] mouhid.sys --a--- 12160 bytes [07:57 21/06/2006] [03:48 18/08/2001] mountmgr.sys --a--- 42368 bytes [09:23 17/06/2006] [18:39 13/04/2008] Mpfp.sys --a--- 120136 bytes [23:16 07/02/2007] [17:08 23/10/2008] mqac.sys --a--- 92544 bytes [09:23 17/06/2006] [18:39 13/04/2008] mraid35x.sys --a--- 17280 bytes [09:40 21/06/2006] [03:52 18/08/2001] mrxdav.sys --a--- 180608 bytes [09:23 17/06/2006] [18:32 13/04/2008] mrxsmb.sys --a--- 455296 bytes [09:23 17/06/2006] [11:21 24/10/2008] msfs.sys --a--- 19072 bytes [09:23 17/06/2006] [18:32 13/04/2008] msgpc.sys --a--- 35072 bytes [09:23 17/06/2006] [18:56 13/04/2008] mskssrv.sys --a--- 7552 bytes [03:26 19/09/2006] [18:39 13/04/2008] mspclock.sys --a--- 5376 bytes [03:26 19/09/2006] [18:39 13/04/2008] mspqm.sys --a--- 4992 bytes [03:26 19/09/2006] [18:39 13/04/2008] mssmbios.sys --a--- 15488 bytes [06:07 04/08/2004] [18:36 13/04/2008] mtlmnt5.sys ------ 126686 bytes [23:04 22/08/2008] [02:41 04/08/2004] mtlstrm.sys ------ 1309184 bytes [23:04 22/08/2008] [02:41 04/08/2004] mtxparhm.sys ------ 452736 bytes [23:04 22/08/2008] [02:29 04/08/2004] mup.sys --a--- 105344 bytes [09:23 17/06/2006] [19:17 13/04/2008] mutohpen.sys ------ 12672 bytes [23:04 22/08/2008] [18:43 13/04/2008] ndis.sys --a--- 182656 bytes [09:23 17/06/2006] [19:20 13/04/2008] ndistapi.sys --a--- 10112 bytes [09:23 17/06/2006] [18:57 13/04/2008] ndisuio.sys --a--- 14592 bytes [06:03 04/08/2004] [18:55 13/04/2008] ndiswan.sys --a--- 91520 bytes [09:23 17/06/2006] [19:20 13/04/2008] ndproxy.sys --a--- 40576 bytes [09:23 17/06/2006] [18:57 13/04/2008] netbios.sys --a--- 34688 bytes [09:23 17/06/2006] [18:56 13/04/2008] netbt.sys --a--- 162816 bytes [09:23 17/06/2006] [19:21 13/04/2008] netwlan5.img ------ 67866 bytes [23:04 22/08/2008] [15:35 17/07/2004] nic1394.sys --a--- 61824 bytes [05:58 04/08/2004] [18:51 13/04/2008] nikedrv.sys --a--- 12032 bytes [20:24 17/08/2001] [19:00 10/08/2004] nmnt.sys --a--- 40320 bytes [09:23 17/06/2006] [18:53 13/04/2008] npfs.sys --a--- 30848 bytes [09:23 17/06/2006] [18:32 13/04/2008] ntfs.sys --a--- 574976 bytes [09:23 17/06/2006] [19:15 13/04/2008] ntmtlfax.sys ------ 180360 bytes [23:04 22/08/2008] [02:41 04/08/2004] null.sys --a--- 2944 bytes [09:23 17/06/2006] [19:00 10/08/2004] nv4_mini.sys ------ 1897408 bytes [23:04 22/08/2008] [02:29 04/08/2004] nwlnkflt.sys --a--- 12416 bytes [09:23 17/06/2006] [19:00 10/08/2004] nwlnkfwd.sys --a--- 32512 bytes [09:23 17/06/2006] [19:00 10/08/2004] nwlnkipx.sys --a--- 88320 bytes [09:23 17/06/2006] [18:56 13/04/2008] nwlnknb.sys --a--- 63232 bytes [09:23 17/06/2006] [19:00 10/08/2004] nwlnkspx.sys --a--- 55936 bytes [09:23 17/06/2006] [19:00 10/08/2004] nwrdr.sys --a--- 163584 bytes [09:23 17/06/2006] [18:34 13/04/2008] ohci1394.sys --a--- 61696 bytes [06:10 04/08/2004] [18:46 13/04/2008] oprghdlr.sys --a--- 3456 bytes [20:57 17/08/2001] [19:00 10/08/2004] p3.sys --a--- 42752 bytes [05:59 04/08/2004] [18:31 13/04/2008] parport.sys --a--- 80128 bytes [05:59 04/08/2004] [18:40 13/04/2008] partmgr.sys --a--- 19712 bytes [09:23 17/06/2006] [18:40 13/04/2008] parvdm.sys --a--- 6784 bytes [09:23 17/06/2006] [19:00 10/08/2004] pci.sys --a--- 68224 bytes [06:07 04/08/2004] [18:36 13/04/2008] pciide.sys --a--- 3328 bytes [20:51 17/08/2001] [17:51 17/08/2001] pciidex.sys --a--- 24960 bytes [05:59 04/08/2004] [18:40 13/04/2008] pcmcia.sys --a--- 120192 bytes [06:07 04/08/2004] [18:36 13/04/2008] perc2.sys --a--- 27296 bytes [09:40 21/06/2006] [04:07 18/08/2001] perc2hib.sys --a--- 5504 bytes [09:41 21/06/2006] [04:07 18/08/2001] portcls.sys --a--- 136960 bytes [17:58 16/03/2004] [17:58 16/03/2004] processr.sys --a--- 35840 bytes [05:59 04/08/2004] [18:31 13/04/2008] psched.sys --a--- 69120 bytes [09:23 17/06/2006] [18:56 13/04/2008] ptilink.sys --a--- 17792 bytes [09:23 17/06/2006] [19:00 10/08/2004] pxhelp20.sys --a--- 36560 bytes [07:00 09/08/2006] [07:00 09/08/2006] ql1080.sys --a--- 40320 bytes [09:42 21/06/2006] [03:52 18/08/2001] ql10wnt.sys --a--- 33152 bytes [09:42 21/06/2006] [03:52 18/08/2001] ql12160.sys --a--- 45312 bytes [09:42 21/06/2006] [03:52 18/08/2001] ql1240.sys --a--- 40448 bytes [09:42 21/06/2006] [03:52 18/08/2001] ql1280.sys --a--- 49024 bytes [09:42 21/06/2006] [03:52 18/08/2001] rasacd.sys --a--- 8832 bytes [09:23 17/06/2006] [19:00 10/08/2004] rasl2tp.sys --a--- 51328 bytes [09:23 17/06/2006] [19:19 13/04/2008] raspppoe.sys --a--- 41472 bytes [09:23 17/06/2006] [18:57 13/04/2008] raspptp.sys --a--- 48384 bytes [09:23 17/06/2006] [19:19 13/04/2008] raspti.sys --a--- 16512 bytes [09:23 17/06/2006] [19:00 10/08/2004] rawwan.sys --a--- 34432 bytes [09:23 17/06/2006] [19:00 10/08/2004] rdbss.sys --a--- 175744 bytes [09:23 17/06/2006] [19:28 13/04/2008] rdpcdd.sys --a--- 4224 bytes [09:23 17/06/2006] [19:00 10/08/2004] rdpdr.sys --a--- 196224 bytes [09:35 17/06/2006] [18:32 13/04/2008] rdpwd.sys --a--- 139656 bytes [09:35 17/06/2006] [00:13 14/04/2008] recagent.sys ------ 13776 bytes [23:04 22/08/2008] [02:41 04/08/2004] redbook.sys --a--- 57600 bytes [02:33 17/06/2006] [18:40 13/04/2008] rfcomm.sys ------ 59136 bytes [23:04 22/08/2008] [18:46 13/04/2008] rio8drv.sys --a--- 12032 bytes [20:24 17/08/2001] [19:00 10/08/2004] riodrv.sys --a--- 12032 bytes [20:24 17/08/2001] [19:00 10/08/2004] rmcast.sys --a--- 203136 bytes [09:23 17/06/2006] [14:02 08/05/2008] rndismp.sys --a--- 30592 bytes [09:23 17/06/2006] [18:56 13/04/2008] rndismpx.sys ------ 30592 bytes [23:04 22/08/2008] [18:56 13/04/2008] rootmdm.sys --a--- 5888 bytes [09:23 17/06/2006] [19:00 10/08/2004] RtkHDAud.Sys --a--- 4137984 bytes [03:25 19/09/2006] [01:13 14/01/2006] Rtlnicxp.sys --a--- 70144 bytes [02:55 19/09/2006] [04:14 14/04/2004] RxFilter.sys --a--- 50688 bytes [16:19 02/12/2006] [16:19 02/12/2006] s3gnbm.sys ------ 166912 bytes [23:04 22/08/2008] [02:29 04/08/2004] scsiport.sys --a--- 96384 bytes [05:59 04/08/2004] [18:40 13/04/2008] sdbus.sys --a--- 79232 bytes [06:07 04/08/2004] [18:36 13/04/2008] secdrv.sys --a--- 20480 bytes [09:23 17/06/2006] [10:25 13/11/2007] serenum.sys --a--- 15744 bytes [05:59 04/08/2004] [18:40 13/04/2008] serial.sys --a--- 64512 bytes [06:15 04/08/2004] [19:15 13/04/2008] sffdisk.sys --a--- 11904 bytes [05:59 04/08/2004] [18:40 13/04/2008] sffp_mmc.sys ------ 10240 bytes [23:04 22/08/2008] [18:40 13/04/2008] sffp_sd.sys --a--- 11008 bytes [05:59 04/08/2004] [18:40 13/04/2008] sfloppy.sys --a--- 11392 bytes [05:59 04/08/2004] [18:40 13/04/2008] siint5.dll ------ 3901 bytes [23:04 22/08/2008] [00:12 14/04/2008] sisagp.sys --a--- 40960 bytes [09:36 21/06/2006] [18:36 13/04/2008] slnt7554.sys ------ 129535 bytes [23:04 22/08/2008] [02:41 04/08/2004] slntamr.sys ------ 404990 bytes [23:04 22/08/2008] [02:41 04/08/2004] slnthal.sys ------ 95424 bytes [23:04 22/08/2008] [02:41 04/08/2004] slwdmsup.sys ------ 13240 bytes [23:04 22/08/2008] [02:41 04/08/2004] smbali.sys ------ 5888 bytes [23:04 22/08/2008] [18:36 13/04/2008] smclib.sys --a--- 14592 bytes [09:23 17/06/2006] [19:00 10/08/2004] sonydcam.sys --a--- 25344 bytes [06:09 04/08/2004] [18:46 13/04/2008] sparrow.sys --a--- 19072 bytes [09:37 21/06/2006] [04:07 18/08/2001] splitter.sys --a--- 6272 bytes [03:26 19/09/2006] [18:45 13/04/2008] sr.sys --a--- 73472 bytes [09:38 17/06/2006] [18:36 13/04/2008] srv.sys --a--- 333952 bytes [09:23 17/06/2006] [10:57 11/12/2008] stream.sys --a--- 49408 bytes [06:08 04/08/2004] [18:45 13/04/2008] swenum.sys --a--- 4352 bytes [05:58 04/08/2004] [18:39 13/04/2008] swmidi.sys --a--- 56576 bytes [03:26 19/09/2006] [18:45 13/04/2008] symc810.sys --a--- 16256 bytes [09:42 21/06/2006] [04:07 18/08/2001] symc8xx.sys --a--- 32640 bytes [09:41 21/06/2006] [04:07 18/08/2001] sym_hi.sys --a--- 28384 bytes [09:40 21/06/2006] [04:07 18/08/2001] sym_u3.sys --a--- 30688 bytes [09:42 21/06/2006] [04:07 18/08/2001] sysaudio.sys --a--- 60800 bytes [03:26 19/09/2006] [19:15 13/04/2008] tape.sys --a--- 14976 bytes [09:23 17/06/2006] [18:40 13/04/2008] tcpip.sys --a--- 361600 bytes [09:23 17/06/2006] [11:51 20/06/2008] tcpip6.sys --a--- 225856 bytes [09:23 17/06/2006] [11:08 20/06/2008] tdi.sys --a--- 19072 bytes [09:23 17/06/2006] [19:00 13/04/2008] tdpipe.sys --a--- 12040 bytes [09:35 17/06/2006] [00:13 14/04/2008] tdtcp.sys --a--- 21896 bytes [09:35 17/06/2006] [00:13 14/04/2008] termdd.sys --a--- 40840 bytes [09:35 17/06/2006] [00:13 14/04/2008] tosdvd.sys --a--- 51712 bytes [21:01 17/08/2001] [19:00 10/08/2004] toside.sys --a--- 4992 bytes [09:48 21/06/2006] [03:51 18/08/2001] tsbvcap.sys --a--- 21376 bytes [21:06 17/08/2001] [19:00 10/08/2004] tunmp.sys --a--- 12288 bytes [06:03 04/08/2004] [18:56 13/04/2008] uagp35.sys ------ 44672 bytes [23:05 22/08/2008] [18:36 13/04/2008] udfs.sys --a--- 66048 bytes [09:23 17/06/2006] [18:32 13/04/2008] ultra.sys --a--- 36736 bytes [09:45 21/06/2006] [03:52 18/08/2001] update.sys --a--- 384768 bytes [09:24 17/06/2006] [18:39 13/04/2008] usb8023.sys --a--- 12800 bytes [09:23 17/06/2006] [18:56 13/04/2008] usb8023x.sys ------ 12800 bytes [23:05 22/08/2008] [18:56 13/04/2008] usbcamd.sys --a--- 25600 bytes [21:03 17/08/2001] [18:45 13/04/2008] usbcamd2.sys --a--- 25728 bytes [21:03 17/08/2001] [18:45 13/04/2008] usbccgp.sys --a--- 32128 bytes [07:57 21/06/2006] [18:45 13/04/2008] usbd.sys --a--- 4736 bytes [21:03 17/08/2001] [19:00 10/08/2004] usbehci.sys --a--- 30208 bytes [06:08 04/08/2004] [18:45 13/04/2008] usbhub.sys --a--- 59520 bytes [06:08 04/08/2004] [18:45 13/04/2008] usbintel.sys --a--- 15872 bytes [06:08 04/08/2004] [18:45 13/04/2008] usbohci.sys --a--- 17152 bytes [02:58 19/09/2006] [18:45 13/04/2008] usbport.sys --a--- 143872 bytes [06:08 04/08/2004] [18:45 13/04/2008] usbprint.sys --a--- 25856 bytes [23:18 30/09/2006] [18:47 13/04/2008] usbscan.sys --a--- 15104 bytes [23:23 30/09/2006] [18:45 13/04/2008] usbstor.sys --a--- 26368 bytes [06:08 04/08/2004] [18:45 13/04/2008] usbuhci.sys --a--- 20608 bytes [06:08 04/08/2004] [18:45 13/04/2008] usbvideo.sys ------ 121984 bytes [23:05 22/08/2008] [18:46 13/04/2008] vchnt5.dll ------ 11325 bytes [23:05 22/08/2008] [00:12 14/04/2008] vdmindvd.sys --a--- 58112 bytes [21:02 17/08/2001] [19:00 10/08/2004] vga.sys --a--- 20992 bytes [09:23 17/06/2006] [18:44 13/04/2008] viaagp.sys --a--- 42240 bytes [09:37 21/06/2006] [18:36 13/04/2008] viaide.sys --a--- 5376 bytes [09:47 21/06/2006] [18:40 13/04/2008] videoprt.sys --a--- 81664 bytes [09:23 17/06/2006] [18:44 13/04/2008] volsnap.sys --a--- 52352 bytes [09:23 17/06/2006] [18:41 13/04/2008] wacompen.sys ------ 14208 bytes [23:05 22/08/2008] [18:43 13/04/2008] wadv07nt.sys ------ 11807 bytes [23:05 22/08/2008] [02:29 04/08/2004] wadv08nt.sys ------ 11295 bytes [23:05 22/08/2008] [02:29 04/08/2004] wadv09nt.sys ------ 11871 bytes [23:05 22/08/2008] [02:29 04/08/2004] wadv11nt.sys ------ 11935 bytes [23:05 22/08/2008] [02:29 04/08/2004] wanarp.sys --a--- 34560 bytes [09:23 17/06/2006] [18:57 13/04/2008] watv06nt.sys ------ 22271 bytes [23:05 22/08/2008] [02:29 04/08/2004] watv10nt.sys ------ 25471 bytes [23:05 22/08/2008] [02:29 04/08/2004] wdmaud.sys --a--- 83072 bytes [03:26 19/09/2006] [19:17 13/04/2008] wmilib.sys --a--- 4352 bytes [09:23 17/06/2006] [19:00 10/08/2004] wpdusb.sys --a--- 38528 bytes [09:23 17/06/2006] [01:00 19/10/2006] ws2ifsl.sys --a--- 12032 bytes [09:23 17/06/2006] [19:00 10/08/2004] WudfPf.sys ------ 77568 bytes [23:55 28/09/2006] [23:55 28/09/2006] WudfRd.sys ------ 82944 bytes [00:00 29/09/2006] [00:00 29/09/2006] ---Folders--- disdn d----- [02:26 17/06/2006] etc d----- [02:26 17/06/2006] NSS d----- [22:01 17/07/2009] UMDF d----- [17:39 09/01/2007] -=End Of File=-

handhfan View Member Profile	Aug 20 2009, 03:48 PM Post #4
GeekU Moderator Posts: 8,651 From: Massachusetts OS: Windows XP Pro, Windows 7 Pro 64- and 32-bit; Virtual PC	Make sure you copy everything in the box. It looks like you only did C:\WINDOWS\system32\drivers instead of C:\Windows\system32\drivers\etc . Let's try it again, as I need to see what's in this folder. Double-click SystemLook.exe to run it. Copy the content of the following codebox into the main textfield: CODE :dir C:\WINDOWS\system32\drivers\etc Click the Look button to start the scan. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

PA Jeeper View Member Profile	Aug 20 2009, 04:21 PM Post #5
New Member Posts: 9 OS: WinXP	SystemLook v1.0 by jpshortstuff (22.05.09) Log created at 16:21 on 20/08/2009 by Administrator (Administrator - Elevation successful) ========== dir ========== C:\WINDOWS\system32\drivers\etc - Parameters: "(none)" ---Files--- hosts -rahs- 6946 bytes [09:23 17/06/2006] [20:38 11/08/2009] lmhosts.sam --a--- 3683 bytes [09:23 17/06/2006] [19:00 10/08/2004] networks --a--- 407 bytes [09:23 17/06/2006] [19:00 10/08/2004] protocol --a--- 799 bytes [09:23 17/06/2006] [19:00 10/08/2004] services --a--- 7116 bytes [09:23 17/06/2006] [19:00 10/08/2004] ---Folders--- None found. -=End Of File=-

handhfan View Member Profile	Aug 20 2009, 04:24 PM Post #6
GeekU Moderator Posts: 8,651 From: Massachusetts OS: Windows XP Pro, Windows 7 Pro 64- and 32-bit; Virtual PC	Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. O1 - Hosts: 74.125.45.100 4-open-davinci.com O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com O1 - Hosts: 74.125.45.100 privatesecuredpayments.com O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com O1 - Hosts: 74.125.45.100 getantivirusplusnow.com O1 - Hosts: 74.125.45.100 secure-plus-payments.com O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com O1 - Hosts: 74.125.45.100 www.getavplusnow.com O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com O1 - Hosts: 64.86.17.32 google.ae O1 - Hosts: 64.86.17.32 google.as O1 - Hosts: 64.86.17.32 google.at O1 - Hosts: 64.86.17.32 google.az O1 - Hosts: 64.86.17.32 google.ba O1 - Hosts: 64.86.17.32 google.be O1 - Hosts: 64.86.17.32 google.bg O1 - Hosts: 64.86.17.32 google.bs O1 - Hosts: 64.86.17.32 google.ca O1 - Hosts: 64.86.17.32 google.cd O1 - Hosts: 64.86.17.32 google.com.gh O1 - Hosts: 64.86.17.32 google.com.hk O1 - Hosts: 64.86.17.32 google.com.jm O1 - Hosts: 64.86.17.32 google.com.mx O1 - Hosts: 64.86.17.32 google.com.my O1 - Hosts: 64.86.17.32 google.com.na O1 - Hosts: 64.86.17.32 google.com.nf O1 - Hosts: 64.86.17.32 google.com.ng O1 - Hosts: 64.86.17.32 google.ch O1 - Hosts: 64.86.17.32 google.com.np O1 - Hosts: 64.86.17.32 google.com.pr O1 - Hosts: 64.86.17.32 google.com.qa O1 - Hosts: 64.86.17.32 google.com.sg O1 - Hosts: 64.86.17.32 google.com.tj O1 - Hosts: 64.86.17.32 google.com.tw O1 - Hosts: 64.86.17.32 google.dj O1 - Hosts: 64.86.17.32 google.de O1 - Hosts: 64.86.17.32 google.dk O1 - Hosts: 64.86.17.32 google.dm O1 - Hosts: 64.86.17.32 google.ee O1 - Hosts: 64.86.17.32 google.fi O1 - Hosts: 64.86.17.32 google.fm O1 - Hosts: 64.86.17.32 google.fr O1 - Hosts: 64.86.17.32 google.ge O1 - Hosts: 64.86.17.32 google.gg O1 - Hosts: 64.86.17.32 google.gm O1 - Hosts: 64.86.17.32 google.gr O1 - Hosts: 64.86.17.32 google.ht O1 - Hosts: 64.86.17.32 google.ie O1 - Hosts: 64.86.17.32 google.im O1 - Hosts: 64.86.17.32 google.in O1 - Hosts: 64.86.17.32 google.it O1 - Hosts: 64.86.17.32 google.ki O1 - Hosts: 64.86.17.32 google.la O1 - Hosts: 64.86.17.32 google.li O1 - Hosts: 64.86.17.32 google.lv O1 - Hosts: 64.86.17.32 google.ma O1 - Hosts: 64.86.17.32 google.ms O1 - Hosts: 64.86.17.32 google.mu O1 - Hosts: 64.86.17.32 google.mw O1 - Hosts: 64.86.17.32 google.nl O1 - Hosts: 64.86.17.32 google.no O1 - Hosts: 64.86.17.32 google.nr O1 - Hosts: 64.86.17.32 google.nu O1 - Hosts: 64.86.17.32 google.pl O1 - Hosts: 64.86.17.32 google.pn O1 - Hosts: 64.86.17.32 google.pt O1 - Hosts: 64.86.17.32 google.ro O1 - Hosts: 64.86.17.32 google.ru O1 - Hosts: 64.86.17.32 google.rw O1 - Hosts: 64.86.17.32 google.sc O1 - Hosts: 64.86.17.32 google.se O1 - Hosts: 64.86.17.32 google.sh O1 - Hosts: 64.86.17.32 google.si O1 - Hosts: 64.86.17.32 google.sm O1 - Hosts: 64.86.17.32 google.sn O1 - Hosts: 64.86.17.32 google.st O1 - Hosts: 64.86.17.32 google.tl O1 - Hosts: 64.86.17.32 google.tm O1 - Hosts: 64.86.17.32 google.tt O1 - Hosts: 64.86.17.32 google.us O1 - Hosts: 64.86.17.32 google.vu O1 - Hosts: 64.86.17.32 google.ws O1 - Hosts: 64.86.17.32 google.co.ck O1 - Hosts: 64.86.17.32 google.co.id O1 - Hosts: 64.86.17.32 google.co.il O1 - Hosts: 64.86.17.32 google.co.in O1 - Hosts: 64.86.17.32 google.co.jp O1 - Hosts: 64.86.17.32 google.co.kr O1 - Hosts: 64.86.17.32 google.co.ls O1 - Hosts: 64.86.17.32 google.co.ma O1 - Hosts: 64.86.17.32 google.co.nz O1 - Hosts: 64.86.17.32 google.co.tz O1 - Hosts: 64.86.17.32 google.co.ug O1 - Hosts: 64.86.17.32 google.co.uk O1 - Hosts: 64.86.17.32 google.co.za O1 - Hosts: 64.86.17.32 google.co.zm O1 - Hosts: 64.86.17.32 google.com O1 - Hosts: 64.86.17.32 google.com.af O1 - Hosts: 64.86.17.32 google.com.ag O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Download OTL to your desktop. Open OTL. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Change the Standard Registry and Extra Registry options to Use Safelist. Check the boxes beside LOP Check and Purity Check. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

handhfan View Member Profile	Aug 24 2009, 07:24 AM Post #7
GeekU Moderator Posts: 8,651 From: Massachusetts OS: Windows XP Pro, Windows 7 Pro 64- and 32-bit; Virtual PC	Due to lack of feedback, this topic has been closed. If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

handhfan View Member Profile	Sep 29 2009, 07:58 PM Post #8
GeekU Moderator Posts: 8,651 From: Massachusetts OS: Windows XP Pro, Windows 7 Pro 64- and 32-bit; Virtual PC	Topic reopened at the user's request. Please post the OTL log in your next reply.

handhfan View Member Profile	Sep 30 2009, 09:12 PM Post #10
GeekU Moderator Posts: 8,651 From: Massachusetts OS: Windows XP Pro, Windows 7 Pro 64- and 32-bit; Virtual PC	Download the HostsXpert 3.7 - Hosts File Manager. Unzip HostsXpert 3.7 - Hosts File Manager to a convenient folder such as C:\HostsXpert Click HostsXpert.exe to Run HostsXpert 3.7 - Hosts File Manager from its new home Click "Make Hosts Writable?" in the upper right corner (If available). Click Restore Microsoft's Hosts file and then click OK. Click the X to exit the program. Note: If you were using a custom Hosts file you will need to replace any of those entries yourself. Please scan with OTL again and post the log here. Are you still being redirected?

PA Jeeper

Oct 2 2009, 11:51 PM

Post #11

New Member

Posts: 9
OS: WinXP

I got some time after work tonight and did as instructed with HostsXpert but received a critical error when OTL was close to finishing the scan, I uploaded a screenshot below of the error. I also just uploaded the OTL and OTL Extras log files as well as after all was done I ran HijackThis again (uploaded its new log too). I then surfed the internet for roughly 20-30 minutes, using Googles search and did not get redirected once.

OTL.Txt ( 77.15K ) Number of downloads: 6

Extras.Txt ( 40.38K ) Number of downloads: 6

New_HijackThis.txt ( 9.4K ) Number of downloads: 6

handhfan View Member Profile	Oct 3 2009, 04:32 AM Post #12
GeekU Moderator Posts: 8,651 From: Massachusetts OS: Windows XP Pro, Windows 7 Pro 64- and 32-bit; Virtual PC	Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems Upgrading Java: Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 16. Click the "Download" button to the right. Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.". Click on Continue. Click on the link to download Windows Offline Installation (jre-6u16-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager.. Close any programs you may have running - especially your web browser. Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java version. Reboot your computer once all Java components are removed. Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u16-windows-i586.exe and select "Run as an Administrator.") Using Internet Explorer or Firefox, visit Kaspersky Online Scanner 1. Click Accept, when prompted to download and install the program files and database of malware definitions. 2. To optimize scanning time and produce a more sensible report for review: Close any open programs Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs. 3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take quite a long time to download. Once the update is complete, click on Settings. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, adware, dialers, and other riskware Archives E-mail databases Click on My Computer under the green Scan bar to the left to start the scan. Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined. Click View report... at the bottom. Click the Save report... button. Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply along with a new OTL log.

PA Jeeper View Member Profile	Oct 4 2009, 06:52 PM Post #13
New Member Posts: 9 OS: WinXP	KasReport.txt ( 861bytes ) Number of downloads: 7 OTL.Txt ( 79.13K ) Number of downloads: 36 Extras.Txt ( 39.04K ) Number of downloads: 6

handhfan View Member Profile	Oct 5 2009, 11:11 AM Post #14
GeekU Moderator Posts: 8,651 From: Massachusetts OS: Windows XP Pro, Windows 7 Pro 64- and 32-bit; Virtual PC	Is your computer running better now?

PA Jeeper View Member Profile	Oct 5 2009, 04:48 PM Post #15
New Member Posts: 9 OS: WinXP	I did surf the net the other day for a while on that pc and did not notice any redirects. Now from this report from the Kaspersky online scanner I believe that its virus free. After I cycle System Restores, I will most likely I will put on either Avast or AVG free edition for them as their McAfee subscription ran out. They had a few different anti-spyware on here, so I will most likely keep just the Spybot S&D along with the Malwarebytes. Then put on the free ZoneAlarm personal firewall too. Out of the two free antiviruses which one is better? Lastly, is there anything else I am missing? Thank you so much for all your help!

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

2 Pages

1 2 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Need help with google redirect virus [Closed]	8 / 611	30th April 2009 - 09:24 AM 94SupraTT started - last by Rorschach112
Virus, Spyware and Trojan Removal Please help, Google redirect virus [Closed] [Solved]	9 / 394	6th July 2009 - 03:31 PM Akari666 started - last by Rorschach112
Virus, Spyware and Trojan Removal Need help with a google redirect virus among others [Closed]	3 / 269	15th July 2009 - 04:43 PM Shadowguy started - last by Rorschach112
Virus, Spyware and Trojan Removal Hi need help with google redirect virus [Closed]	7 / 372	15th July 2009 - 04:45 PM rikaard started - last by Rorschach112