Author Topic: [Inactive] Hijacking mtc.makemesearch.com  (Read 2890 times)

0 Members and 1 Guest are viewing this topic.

Offline DonkeyDragon

  • Bronze Member
  • Posts: 16
[Inactive] Hijacking mtc.makemesearch.com
« on: February 12, 2012, 12:18:34 pm »
Spybot S&D found Huntbar.stoolbar and mtc.makemesearch.com. It shows that it can fix Huntbar.stoolbar but not mtc.makemesearch.com. After spybot is finished I can run it again and it shows that there are no items found. I know there is still something nasty in there because if i leave the computer alone weird things will happen: volume control will disappear and norton anti virus will uninstall on its own. I then do a system restore and volume control will return and I can reinstall norton but if i run spybot after the restore it will find Huntbar.stoolbar and mtc.makemesearch.com just like it did before.

I have been reading forums for days to try to find a solution.
i need help. i have hijackthis if a log would be helpful.
« Last Edit: February 12, 2012, 02:07:09 pm by Hoov »



Offline Bear

  • Malware Removal Mentors
  • Global Moderator
  • Gold Member
  • Posts: 2698
Re: hijacking program found, i am having trouble getting rid of it
« Reply #1 on: February 12, 2012, 01:20:37 pm »
Hi Dragon

Malware is very difficult to remove and can severely compromise your data.  We know you are anxious to deal with it so please read this:  http://spywarehammer.com/simplemachinesforum/index.php?topic=12262.0 and follow those instructions.  As soon as you post the requested information, a malware removal specialist will help you. 
Never interrupt your enemy when he is making a mistake.
- Napoleon Bonaparte

Offline DonkeyDragon

  • Bronze Member
  • Posts: 16
Hijacking mtc.makemesearch.com
« Reply #2 on: February 12, 2012, 01:41:32 pm »
Spybot S&D found Huntbar.stoolbar and mtc.makemesearch.com. It shows that it can fix Huntbar.stoolbar but not mtc.makemesearch.com. After spybot is finished I can run it again and it shows that there are no items found. I know there is still something nasty in there because if i leave the computer alone weird things will happen: volume control will disappear and norton anti virus will uninstall on its own. I then do a system restore and volume control will return and I can reinstall norton but if i run spybot after the restore it will find Huntbar.stoolbar and mtc.makemesearch.com just like it did before.

I have been reading forums for days to try to find a solution.
i need help. i have hijackthis if a log would be helpful.


first dds log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
3DMark06
Acrobat.com
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Belkin Setup and Router Monitor
Belkin Wireless Utility
Bonjour
CCleaner
Diablo II
DivX Setup
Download Manager 2.3.7
EverQuest II
EverQuest II Extended
FFLM version 11.00
Futuremark Measurement Services Client
Google Chrome
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB981793)
iTunes
Java(TM) 6 Update 17
Lexmark Photo Center
Lexmark Z700-P700 Series
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox (3.6.24)
Music Manager
Norton AntiVirus
NVIDIA Control Panel 260.99
NVIDIA Graphics Driver 260.99
NVIDIA Install Application
NVIDIA nView 135.36
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
OverDrive Media Console
PrimoPDF -- brought to you by Nitro PDF Software
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
ScenePD 5
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Sid Meier's Civilization 4
Sid Meier's Civilization V
Sid Meier's Pirates!
Spybot - Search & Destroy
SpywareBlaster 4.6
Steam
System Requirements Lab
System Requirements Lab for Intel
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
VideoLAN VLC media player 0.8.6f
Warhammer Online: Age of Reckoning Beta
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live ID Sign-in Assistant
Windows XP Service Pack 3
WinPatrol
X-Lite 3.0
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
.
==== End Of File ===========================



2nd dds log

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13  BrowserJavaVersion: 1.6.0_17
Run by STOUT at 14:32:26 on 2012-02-12
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3070.746 [GMT -5:00]
.
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\19.1.1.3\ips\IPSBHO.DLL
BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [DriverUpdaterPro] c:\program files\ixi tools\driver updater pro\DriverUpdaterPro.exe -t
uRun: [Google Update] "c:\documents and settings\stout\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [MusicManager] "c:\documents and settings\stout\local settings\application data\programs\google\musicmanager\MusicManager.exe"
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
mRun: [GEST]
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [wltray.exe] c:\windows\system32\wltray.exe
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0417.0\mswinext.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - c:\program files\yahoo!\search protection\ysp.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220045636656
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://www.yougamers.com/systeminfo/MSC3.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B1205748-A0BE-455D-93A1-9C5BD2E96CF1} : DhcpNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\stout\application data\mozilla\firefox\profiles\2iqes1ho.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z129&form=ZGAADF&install_date=20110902&q=
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\stout\application data\mozilla\firefox\profiles\2iqes1ho.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-02-12 18:12:33   388216   ----a-w-   c:\windows\system32\drivers\nav\1305000.091\symtdi.sys
2012-02-12 18:12:33   345208   ----a-w-   c:\windows\system32\drivers\nav\1305000.091\symtdiv.sys
2012-02-12 18:12:33   318584   ----a-w-   c:\windows\system32\drivers\nav\1305000.091\symnets.sys
2012-02-12 18:12:32   905336   ----a-w-   c:\windows\system32\drivers\nav\1305000.091\symefa.sys
2012-02-12 18:12:32   574584   ----a-w-   c:\windows\system32\drivers\nav\1305000.091\srtsp.sys
2012-02-12 18:12:32   340088   ----a-r-   c:\windows\system32\drivers\nav\1305000.091\symds.sys
2012-02-12 18:12:32   32888   ----a-w-   c:\windows\system32\drivers\nav\1305000.091\srtspx.sys
2012-02-12 18:12:32   149624   ----a-w-   c:\windows\system32\drivers\nav\1305000.091\ironx86.sys
2012-02-12 18:12:31   132744   ----a-w-   c:\windows\system32\drivers\nav\1305000.091\ccsetx86.sys
2012-02-12 18:12:06   4782   ----a-w-   c:\windows\system32\drivers\nav\1305000.091\symvtcer.dat
2012-02-12 18:12:06   --------   d-----w-   c:\windows\system32\drivers\nav\1305000.091
2012-02-12 04:29:46   60872   ----a-w-   c:\windows\system32\S32EVNT1.DLL
2012-02-12 04:29:46   141944   ----a-w-   c:\windows\system32\drivers\SYMEVENT.SYS
2012-02-12 04:29:46   --------   d-----w-   c:\program files\Symantec
2012-02-12 04:29:46   --------   d-----w-   c:\program files\common files\Symantec Shared
2012-02-12 04:04:31   --------   d-----w-   c:\program files\SpywareBlaster
2012-02-12 04:03:55   --------   d-----w-   c:\program files\NortonInstaller
2012-02-12 03:40:15   --------   d-----w-   c:\documents and settings\stout\application data\WinPatrol
2012-02-12 03:40:04   --------   d-----w-   c:\program files\BillP Studios
2012-02-12 03:40:03   --------   d-----w-   c:\documents and settings\all users\application data\InstallMate
2012-02-12 02:34:58   --------   d-----w-   c:\documents and settings\stout\application data\Malwarebytes
2012-02-12 02:34:53   --------   d-----w-   c:\documents and settings\all users\application data\Malwarebytes
2012-02-12 02:34:52   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-02-12 02:34:52   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2012-02-12 02:26:37   --------   d-----w-   c:\program files\CCleaner
2012-02-12 01:40:58   --------   d-----w-   c:\windows\system32\wbem\repository\FS
2012-02-12 01:40:58   --------   d-----w-   c:\windows\system32\wbem\Repository
2012-02-10 02:52:07   388096   ----a-r-   c:\documents and settings\stout\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-02-10 02:52:06   --------   d-----w-   c:\program files\Trend Micro
2012-02-08 06:05:36   --------   d-----w-   c:\documents and settings\all users\application data\PCSettings
2012-02-08 05:37:12   --------   d-----w-   c:\documents and settings\stout\local settings\application data\LogMeIn Rescue Applet
2012-01-28 17:36:31   --------   d-----w-   c:\program files\Maxis
.
==================== Find3M  ====================
.
2012-02-11 03:32:20   12464   ----a-w-   c:\windows\system32\drivers\secdrv.sys
2011-12-20 03:32:27   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57:19   293376   ----a-w-   c:\windows\system32\winsrv.dll
2011-11-23 13:25:32   1859584   ----a-w-   c:\windows\system32\win32k.sys
2011-11-18 12:35:08   60416   ----a-w-   c:\windows\system32\packager.exe
.
=================== ROOTKIT  ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Maxtor_6L200R0 rev.BAH41G10 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89B9949F]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89ba0738]; MOV EAX, [0x89ba08ac]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX;  }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8ADACAB8]
3 CLASSPNP[0xB80E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000077[0x8ADB3A98]
5 ACPI[0xB7F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8ADB5238]
\Driver\atapi[0x8A5B2030] -> IRP_MJ_CREATE -> 0x89B9949F
error: Read  A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a;  }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x89B992C6
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 14:34:06.70 ===============

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25344
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Hijacking mtc.makemesearch.com
« Reply #3 on: February 12, 2012, 02:13:35 pm »
Hello, welcome to SpywareHammer.

I go by Hoov, and I will be helping you with your problem. I must ask you to do a few things for me.

First, tell me everything that you have done, if anything, to try and fix this problem.Also tell me any other problems you are having, no matter how small or long you have been dealing with them.

Second, please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

Third, follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go.

Fourth, Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

Fifth, if we start this fix, I need you to stick with me until the end. Just because your computer is running better does not mean it is fixed.

Before we start trying to fix your computer, you need to make sure your data is backed up. Also let me know of any software you have running that encrypts your harddrive.

One last thing, I need you to tell me if this computer belongs to a school or to a company or orginization of some kind. If it does, please let me know. Also tell me if there is an IT department responsible for this computer.

Now onto trying to fix your computer.


 'Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may \"make changes to your registry\" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot''s Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes'' Anti-Malware
    • Launch Malwarebytes'' Anti-Malware
    • Then click Finish.
    MBAM will automatically start and you will be asked to update the program before performing a scan.
    • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
    On the Scanner tab:
    • Make sure the \"Perform Quick Scan\" option is selected.
    • Then click on the Scan button.
    • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
    • The scan will begin and \"Scan in progress\" will show at the top. It may take some time to complete so please be patient.
    • When the scan is finished, a message box will say \"The scan completed successfully. Click ''Show Results'' to display all objects found\".
    • Click OK to close the message box and continue with the removal process.
    Back at the main Scanner screen:
    • Click on the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked, and click Remove Selected.
    • When removal is completed, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM''s database version and your operating system.
    • Exit MBAM when done.
    Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.');


      Download TDSSKiller and save it to your Desktop.   

      Doubleclick on TDSSKiller.exe to run the application. Now click Start Scan.

      Click on Change parameters and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

      If an infected file is detected, the default action will be Cure, click on Continue.  If a suspicious file is detected, the default action will be Skip, click on Continue.

    Click on Reboot Now if you are asked to reboot the computer.

     If reboot is NOT required, click on Report.   Please copy that file.  If a reboot IS required, the report can also be found in your root directory (usually C:\ folder).   It's file name will take the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt]". Please copy that file.

    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

    Offline DonkeyDragon

    • Bronze Member
    • Posts: 16
    Re: [In Progress] Hijacking mtc.makemesearch.com
    « Reply #4 on: February 12, 2012, 03:14:12 pm »
    1. things i have done: Searched through registry and system files for items that other forums said might be associated with this problem. none were found. I downloaded hijack this, malware bytes, winpatrol and spyware blaster. i used them all a little bit to see if they could fix problem. i got the latest updates for norton and spybot s&D and reran them.

    The symptoms of the problem are not crippling, more annoying. like i said before if i just use the computer normally the volume controls and norton will uninstall on their own. I think other windows programs may be uninstalling as it seems that there are spaces where icons should be in places like control panel. also computer seems to be running slow.

    new updates of norton found and killed a virus last night that it said was high risk during a scan. it did see the virus before the latest update.

    I believe i may have gotten this problem when attempting to watch a streaming video at surfthechannel.com

    malwarebytes report

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.12.05

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 7.0.5730.13
    STOUT :: STOUT [administrator]

    2/12/2012 3:37:49 PM
    mbam-log-2012-02-12 (15-37-49).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 237788
    Time elapsed: 12 minute(s), 45 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    TDS Killer logs: reboot was necessary. having trouble finding log.
    can find C:\TDSSKiller_Quarantine\12.02.2012_15.46.55\mbr0000
    then ther are 2 folders: mbr0000, and tdlfs0000 both contain configuration settings and DTA files, also there is a DTA file:
    [InfectedObject]
    Verdict: Rootkit.Boot.Pihar.b

    Offline Hoov

    • Malware Removal Mentors
    • Global Moderator
    • Diamond Member
    • Posts: 25344
    • Unwilling part owner of Gov't. Motors and Chrysler
      • Hoov's Personal Site
    Re: [In Progress] Hijacking mtc.makemesearch.com
    « Reply #5 on: February 12, 2012, 03:22:18 pm »
    Try running TDSSKiller again.

    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

    Offline DonkeyDragon

    • Bronze Member
    • Posts: 16
    Re: [In Progress] Hijacking mtc.makemesearch.com
    « Reply #6 on: February 12, 2012, 03:45:54 pm »
    tdsskiller report

    15:59:29.0593 0568   TDSS rootkit removing tool 2.7.11.0 Feb  9 2012 10:12:57
    15:59:29.0906 0568   ============================================================
    15:59:29.0906 0568   Current date / time: 2012/02/12 15:59:29.0906
    15:59:29.0906 0568   SystemInfo:
    15:59:29.0906 0568   
    15:59:29.0906 0568   OS Version: 5.1.2600 ServicePack: 3.0
    15:59:29.0906 0568   Product type: Workstation
    15:59:29.0906 0568   ComputerName: STOUT
    15:59:29.0906 0568   UserName: STOUT
    15:59:29.0906 0568   Windows directory: C:\WINDOWS
    15:59:29.0906 0568   System windows directory: C:\WINDOWS
    15:59:29.0906 0568   Processor architecture: Intel x86
    15:59:29.0906 0568   Number of processors: 2
    15:59:29.0906 0568   Page size: 0x1000
    15:59:29.0906 0568   Boot type: Normal boot
    15:59:29.0906 0568   ============================================================
    15:59:33.0140 0568   Drive \Device\Harddisk0\DR0 - Size: 0x2F7AFF7E00 (189.92 Gb), SectorSize: 0x200, Cylinders: 0x60D8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    15:59:33.0140 0568   \Device\Harddisk0\DR0:
    15:59:33.0140 0568   MBR used
    15:59:33.0140 0568   \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x17BD13D8
    15:59:33.0140 0568   Initialize success
    15:59:33.0140 0568   ============================================================
    16:44:09.0187 1736   ============================================================
    16:44:09.0187 1736   Scan started
    16:44:09.0187 1736   Mode: Manual;
    16:44:09.0187 1736   ============================================================
    16:44:09.0703 1736   Abiosdsk - ok
    16:44:09.0734 1736   abp480n5 - ok
    16:44:09.0812 1736   ACPI            (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    16:44:09.0828 1736   ACPI - ok
    16:44:09.0890 1736   ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    16:44:09.0906 1736   ACPIEC - ok
    16:44:09.0937 1736   adpu160m - ok
    16:44:09.0984 1736   aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    16:44:10.0015 1736   aec - ok
    16:44:10.0078 1736   AegisP          (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
    16:44:10.0078 1736   AegisP - ok
    16:44:10.0109 1736   AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    16:44:10.0125 1736   AFD - ok
    16:44:10.0156 1736   AFGMp50 - ok
    16:44:10.0218 1736   AFGSp50         (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\AFGSp50.sys
    16:44:10.0218 1736   AFGSp50 - ok
    16:44:10.0250 1736   Aha154x - ok
    16:44:10.0281 1736   aic78u2 - ok
    16:44:10.0328 1736   aic78xx - ok
    16:44:10.0359 1736   AliIde - ok
    16:44:10.0390 1736   amsint - ok
    16:44:10.0421 1736   asc - ok
    16:44:10.0453 1736   asc3350p - ok
    16:44:10.0484 1736   asc3550 - ok
    16:44:10.0546 1736   AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    16:44:10.0546 1736   AsyncMac - ok
    16:44:10.0609 1736   atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    16:44:10.0609 1736   atapi - ok
    16:44:10.0640 1736   Atdisk - ok
    16:44:10.0687 1736   Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    16:44:10.0687 1736   Atmarpc - ok
    16:44:10.0765 1736   audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    16:44:10.0781 1736   audstub - ok
    16:44:10.0828 1736   BCM43XX         (30f4485f9e9ad79c2dfa1e579b2f90c6) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
    16:44:10.0828 1736   BCM43XX - ok
    16:44:10.0859 1736   Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    16:44:10.0859 1736   Beep - ok
    16:44:11.0046 1736   BHDrvx86        (e685ba3267c5a4ec4ce9e2b4a1481725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\BASHDefs\20120207.003\BHDrvx86.sys
    16:44:11.0062 1736   BHDrvx86 - ok
    16:44:11.0171 1736   cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    16:44:11.0171 1736   cbidf2k - ok
    16:44:11.0250 1736   ccSet_NAV       (599e7f6259a127c174c49938d2aa6a60) C:\WINDOWS\system32\drivers\NAV\1305000.091\ccSetx86.sys
    16:44:11.0265 1736   ccSet_NAV - ok
    16:44:11.0281 1736   cd20xrnt - ok
    16:44:11.0328 1736   Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    16:44:11.0328 1736   Cdaudio - ok
    16:44:11.0406 1736   Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    16:44:11.0406 1736   Cdfs - ok
    16:44:11.0453 1736   Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    16:44:11.0453 1736   Cdrom - ok
    16:44:11.0484 1736   Changer - ok
    16:44:11.0546 1736   CmdIde - ok
    16:44:11.0656 1736   Cpqarray - ok
    16:44:11.0734 1736   cpudrv          (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
    16:44:11.0750 1736   cpudrv - ok
    16:44:11.0781 1736   dac2w2k - ok
    16:44:11.0812 1736   dac960nt - ok
    16:44:11.0859 1736   Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    16:44:11.0875 1736   Disk - ok
    16:44:11.0953 1736   dmboot          (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    16:44:11.0984 1736   dmboot - ok
    16:44:12.0015 1736   dmio            (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    16:44:12.0031 1736   dmio - ok
    16:44:12.0046 1736   dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    16:44:12.0062 1736   dmload - ok
    16:44:12.0093 1736   DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    16:44:12.0093 1736   DMusic - ok
    16:44:12.0140 1736   dpti2o - ok
    16:44:12.0171 1736   drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    16:44:12.0171 1736   drmkaud - ok
    16:44:12.0218 1736   eeCtrl          (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    16:44:12.0250 1736   eeCtrl - ok
    16:44:12.0296 1736   ENTECH          (16ebd8bf1d5090923694cc972c7ce1b4) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
    16:44:12.0296 1736   ENTECH - ok
    16:44:12.0328 1736   EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    16:44:12.0328 1736   EraserUtilRebootDrv - ok
    16:44:12.0421 1736   Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    16:44:12.0437 1736   Fastfat - ok
    16:44:12.0500 1736   Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    16:44:12.0515 1736   Fdc - ok
    16:44:12.0593 1736   Fips            (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    16:44:12.0609 1736   Fips - ok
    16:44:12.0656 1736   Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    16:44:12.0656 1736   Flpydisk - ok
    16:44:12.0671 1736   FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    16:44:12.0703 1736   FltMgr - ok
    16:44:12.0734 1736   Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    16:44:12.0750 1736   Fs_Rec - ok
    16:44:12.0765 1736   Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    16:44:12.0781 1736   Ftdisk - ok
    16:44:12.0812 1736   gdrv            (5c230948dd6652228f88ca7ae6cb276c) C:\WINDOWS\gdrv.sys
    16:44:13.0171 1736   gdrv - ok
    16:44:13.0281 1736   GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    16:44:13.0281 1736   GEARAspiWDM - ok
    16:44:13.0343 1736   Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    16:44:13.0343 1736   Gpc - ok
    16:44:13.0390 1736   HDAudBus        (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    16:44:13.0406 1736   HDAudBus - ok
    16:44:13.0437 1736   hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    16:44:13.0453 1736   hidusb - ok
    16:44:13.0484 1736   hpn - ok
    16:44:13.0562 1736   HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    16:44:13.0593 1736   HTTP - ok
    16:44:13.0640 1736   i2omgmt - ok
    16:44:13.0671 1736   i2omp - ok
    16:44:13.0718 1736   i8042prt        (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    16:44:13.0718 1736   i8042prt - ok
    16:44:13.0843 1736   IDSxpx86        (cfbc1ce72e5353d428704659199147b1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\IPSDefs\20120210.002\IDSxpx86.sys
    16:44:13.0875 1736   IDSxpx86 - ok
    16:44:13.0906 1736   Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    16:44:13.0906 1736   Imapi - ok
    16:44:13.0937 1736   ini910u - ok
    16:44:14.0140 1736   IntcAzAudAddService (053517d1bcadf00bedb21fb7218c8f33) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    16:44:14.0281 1736   IntcAzAudAddService - ok
    16:44:14.0312 1736   IntelIde - ok
    16:44:14.0343 1736   intelppm        (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    16:44:14.0343 1736   intelppm - ok
    16:44:14.0468 1736   ip6fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    16:44:14.0468 1736   ip6fw - ok
    16:44:14.0531 1736   IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    16:44:14.0531 1736   IpFilterDriver - ok
    16:44:14.0640 1736   IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    16:44:14.0640 1736   IpInIp - ok
    16:44:14.0671 1736   IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    16:44:14.0687 1736   IpNat - ok
    16:44:14.0718 1736   IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    16:44:14.0718 1736   IPSec - ok
    16:44:14.0765 1736   IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    16:44:14.0765 1736   IRENUM - ok
    16:44:14.0812 1736   isapnp          (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    16:44:14.0812 1736   isapnp - ok
    16:44:14.0859 1736   Kbdclass        (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    16:44:14.0859 1736   Kbdclass - ok
    16:44:14.0906 1736   kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    16:44:14.0921 1736   kmixer - ok
    16:44:14.0968 1736   KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    16:44:14.0968 1736   KSecDD - ok
    16:44:15.0015 1736   lbrtfdc - ok
    16:44:15.0078 1736   MBAMSwissArmy   (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    16:44:15.0078 1736   MBAMSwissArmy - ok
    16:44:15.0140 1736   mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    16:44:15.0156 1736   mnmdd - ok
    16:44:15.0203 1736   Modem           (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    16:44:15.0203 1736   Modem - ok
    16:44:15.0312 1736   Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    16:44:15.0312 1736   Mouclass - ok
    16:44:15.0390 1736   mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    16:44:15.0390 1736   mouhid - ok
    16:44:15.0421 1736   MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    16:44:15.0421 1736   MountMgr - ok
    16:44:15.0453 1736   mraid35x - ok
    16:44:15.0484 1736   MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    16:44:15.0500 1736   MRxDAV - ok
    16:44:15.0593 1736   MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    16:44:15.0609 1736   MRxSmb - ok
    16:44:15.0656 1736   Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    16:44:15.0656 1736   Msfs - ok
    16:44:15.0703 1736   MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    16:44:15.0703 1736   MSKSSRV - ok
    16:44:15.0750 1736   MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    16:44:15.0750 1736   MSPCLOCK - ok
    16:44:15.0812 1736   MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    16:44:15.0812 1736   MSPQM - ok
    16:44:15.0890 1736   mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    16:44:15.0890 1736   mssmbios - ok
    16:44:15.0937 1736   Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    16:44:15.0953 1736   Mup - ok
    16:44:16.0125 1736   NAVENG          (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20120211.006\NAVENG.SYS
    16:44:16.0125 1736   NAVENG - ok
    16:44:16.0187 1736   NAVEX15         (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20120211.006\NAVEX15.SYS
    16:44:16.0203 1736   NAVEX15 - ok
    16:44:16.0281 1736   NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    16:44:16.0296 1736   NDIS - ok
    16:44:16.0343 1736   NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    16:44:16.0343 1736   NdisTapi - ok
    16:44:16.0390 1736   Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    16:44:16.0390 1736   Ndisuio - ok
    16:44:16.0421 1736   NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    16:44:16.0437 1736   NdisWan - ok
    16:44:16.0468 1736   NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    16:44:16.0468 1736   NDProxy - ok
    16:44:16.0531 1736   NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    16:44:16.0531 1736   NetBIOS - ok
    16:44:16.0625 1736   NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    16:44:16.0640 1736   NetBT - ok
    16:44:16.0687 1736   Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    16:44:16.0687 1736   Npfs - ok
    16:44:16.0734 1736   Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    16:44:16.0765 1736   Ntfs - ok
    16:44:16.0796 1736   Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    16:44:16.0796 1736   Null - ok
    16:44:17.0125 1736   nv              (b9b1bb146eb9a83dcf0f5635b09d3d43) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    16:44:17.0375 1736   nv - ok
    16:44:17.0421 1736   NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    16:44:17.0437 1736   NwlnkFlt - ok
    16:44:17.0484 1736   NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    16:44:17.0484 1736   NwlnkFwd - ok
    16:44:17.0562 1736   Parport         (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    16:44:17.0578 1736   Parport - ok
    16:44:17.0656 1736   PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    16:44:17.0656 1736   PartMgr - ok
    16:44:17.0703 1736   ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    16:44:17.0703 1736   ParVdm - ok
    16:44:17.0734 1736   PCI             (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    16:44:17.0734 1736   PCI - ok
    16:44:17.0765 1736   PCIDump - ok
    16:44:17.0812 1736   PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    16:44:17.0828 1736   PCIIde - ok
    16:44:17.0875 1736   Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    16:44:17.0906 1736   Pcmcia - ok
    16:44:17.0921 1736   PDCOMP - ok
    16:44:17.0953 1736   PDFRAME - ok
    16:44:17.0984 1736   PDRELI - ok
    16:44:18.0031 1736   PDRFRAME - ok
    16:44:18.0062 1736   perc2 - ok
    16:44:18.0093 1736   perc2hib - ok
    16:44:18.0171 1736   PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    16:44:18.0171 1736   PptpMiniport - ok
    16:44:18.0203 1736   Processor       (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    16:44:18.0203 1736   Processor - ok
    16:44:18.0250 1736   PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    16:44:18.0250 1736   PSched - ok
    16:44:18.0281 1736   Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    16:44:18.0281 1736   Ptilink - ok
    16:44:18.0328 1736   PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    16:44:18.0343 1736   PxHelp20 - ok
    16:44:18.0359 1736   ql1080 - ok
    16:44:18.0406 1736   Ql10wnt - ok
    16:44:18.0437 1736   ql12160 - ok
    16:44:18.0468 1736   ql1240 - ok
    16:44:18.0500 1736   ql1280 - ok
    16:44:18.0531 1736   RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    16:44:18.0531 1736   RasAcd - ok
    16:44:18.0656 1736   Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    16:44:18.0656 1736   Rasl2tp - ok
    16:44:18.0687 1736   RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    16:44:18.0687 1736   RasPppoe - ok
    16:44:18.0718 1736   Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    16:44:18.0718 1736   Raspti - ok
    16:44:18.0750 1736   Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    16:44:18.0765 1736   Rdbss - ok
    16:44:18.0796 1736   RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    16:44:18.0796 1736   RDPCDD - ok
    16:44:18.0843 1736   rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    16:44:18.0843 1736   rdpdr - ok
    16:44:18.0906 1736   RDPWD           (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    16:44:18.0921 1736   RDPWD - ok
    16:44:18.0953 1736   redbook         (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    16:44:18.0953 1736   redbook - ok
    16:44:19.0015 1736   RTLE8023xp      (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
    16:44:19.0031 1736   RTLE8023xp - ok
    16:44:19.0093 1736   Secdrv          (890cada2ab7acf53a5f9cce7515522a2) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    16:44:19.0109 1736   Secdrv - ok
    16:44:19.0140 1736   serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    16:44:19.0140 1736   serenum - ok
    16:44:19.0171 1736   Serial          (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    16:44:19.0171 1736   Serial - ok
    16:44:19.0265 1736   Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    16:44:19.0281 1736   Sfloppy - ok
    16:44:19.0328 1736   Simbad - ok
    16:44:19.0359 1736   Sparrow - ok
    16:44:19.0406 1736   splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    16:44:19.0406 1736   splitter - ok
    16:44:19.0453 1736   sr              (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    16:44:19.0453 1736   sr - ok
    16:44:19.0578 1736   SRTSP           (c16d048faf2978d2121f9f40594a6bdc) C:\WINDOWS\System32\Drivers\NAV\1305000.091\SRTSP.SYS
    16:44:19.0593 1736   SRTSP - ok
    16:44:19.0703 1736   SRTSPX          (f0d02c2e25970c9c72a5cd278c17cdb6) C:\WINDOWS\system32\drivers\NAV\1305000.091\SRTSPX.SYS
    16:44:19.0718 1736   SRTSPX - ok
    16:44:19.0765 1736   Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    16:44:19.0781 1736   Srv - ok
    16:44:19.0859 1736   swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    16:44:19.0859 1736   swenum - ok
    16:44:19.0890 1736   swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    16:44:19.0890 1736   swmidi - ok
    16:44:19.0937 1736   symc810 - ok
    16:44:19.0968 1736   symc8xx - ok
    16:44:20.0031 1736   SymDS           (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\NAV\1305000.091\SYMDS.SYS
    16:44:20.0046 1736   SymDS - ok
    16:44:20.0125 1736   SymEFA          (4e55148a2e044d02245cbcdbb266b98c) C:\WINDOWS\system32\drivers\NAV\1305000.091\SYMEFA.SYS
    16:44:20.0171 1736   SymEFA - ok
    16:44:20.0250 1736   SymEvent        (74e2521e96176a4449570e50be91954d) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    16:44:20.0265 1736   SymEvent - ok
    16:44:20.0312 1736   SymIRON         (2c356cca706505cf63cbe39d532b9236) C:\WINDOWS\system32\drivers\NAV\1305000.091\Ironx86.SYS
    16:44:20.0328 1736   SymIRON - ok
    16:44:20.0421 1736   SYMTDI          (508bd882040f9cb12319e3a4fc78edb9) C:\WINDOWS\System32\Drivers\NAV\1305000.091\SYMTDI.SYS
    16:44:20.0437 1736   SYMTDI - ok
    16:44:20.0468 1736   sym_hi - ok
    16:44:20.0500 1736   sym_u3 - ok
    16:44:20.0546 1736   sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    16:44:20.0546 1736   sysaudio - ok
    16:44:20.0671 1736   Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    16:44:20.0687 1736   Tcpip - ok
    16:44:20.0734 1736   TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    16:44:20.0734 1736   TDPIPE - ok
    16:44:20.0781 1736   TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    16:44:20.0796 1736   TDTCP - ok
    16:44:20.0828 1736   TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    16:44:20.0828 1736   TermDD - ok
    16:44:20.0875 1736   TosIde - ok
    16:44:20.0921 1736   Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    16:44:20.0937 1736   Udfs - ok
    16:44:20.0968 1736   ultra - ok
    16:44:21.0015 1736   Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    16:44:21.0031 1736   Update - ok
    16:44:21.0078 1736   usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    16:44:21.0093 1736   usbaudio - ok
    16:44:21.0140 1736   usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    16:44:21.0140 1736   usbccgp - ok
    16:44:21.0187 1736   usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    16:44:21.0187 1736   usbehci - ok
    16:44:21.0218 1736   usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    16:44:21.0234 1736   usbhub - ok
    16:44:21.0281 1736   usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    16:44:21.0296 1736   usbprint - ok
    16:44:21.0359 1736   usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    16:44:21.0359 1736   usbscan - ok
    16:44:21.0421 1736   USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    16:44:21.0421 1736   USBSTOR - ok
    16:44:21.0500 1736   usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    16:44:21.0500 1736   usbuhci - ok
    16:44:21.0609 1736   VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    16:44:21.0609 1736   VgaSave - ok
    16:44:21.0687 1736   ViaIde - ok
    16:44:21.0718 1736   VolSnap         (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    16:44:21.0734 1736   VolSnap - ok
    16:44:21.0781 1736   Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    16:44:21.0781 1736   Wanarp - ok
    16:44:21.0812 1736   WDICA - ok
    16:44:21.0843 1736   wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    16:44:21.0859 1736   wdmaud - ok
    16:44:21.0953 1736   MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    16:44:22.0078 1736   \Device\Harddisk0\DR0 - ok
    16:44:22.0093 1736   Boot (0x1200)   (5e35459700a8a95a3c57b8b7197b7fa6) \Device\Harddisk0\DR0\Partition0
    16:44:22.0093 1736   \Device\Harddisk0\DR0\Partition0 - ok
    16:44:22.0093 1736   ============================================================
    16:44:22.0093 1736   Scan finished
    16:44:22.0093 1736   ============================================================
    16:44:22.0109 2736   Detected object count: 0
    16:44:22.0109 2736   Actual detected object count: 0

    Offline Hoov

    • Malware Removal Mentors
    • Global Moderator
    • Diamond Member
    • Posts: 25344
    • Unwilling part owner of Gov't. Motors and Chrysler
      • Hoov's Personal Site
    Re: [In Progress] Hijacking mtc.makemesearch.com
    « Reply #7 on: February 12, 2012, 03:59:27 pm »
    With the problem you had after the first run, and this one, You had a TDSS infection, but it is gone now.

    Earlier you said the problem would come back if you left the computer alone, how long did it usually take?


    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

    Offline DonkeyDragon

    • Bronze Member
    • Posts: 16
    Re: [In Progress] Hijacking mtc.makemesearch.com
    « Reply #8 on: February 12, 2012, 04:02:51 pm »
    a few days

    Offline DonkeyDragon

    • Bronze Member
    • Posts: 16
    Re: [In Progress] Hijacking mtc.makemesearch.com
    « Reply #9 on: February 12, 2012, 04:15:03 pm »
    should i assume whatever it was is now gone unless there is another incident?

    Offline Hoov

    • Malware Removal Mentors
    • Global Moderator
    • Diamond Member
    • Posts: 25344
    • Unwilling part owner of Gov't. Motors and Chrysler
      • Hoov's Personal Site
    Re: [In Progress] Hijacking mtc.makemesearch.com
    « Reply #10 on: February 12, 2012, 04:47:54 pm »
    I think we should do a few more scans. I would like to say yes, but if it takes that long, then there really is no way to be sure. Run a combofix scan using the instructions below. If it shows nothing, then we can let it go for a couple days and see what happens.

    '* Anyone other than the originator of this thread, you would be best advised to not run combofix without guidance from someone trained in its use. It is a very powerful tool that can cause damage to your computer if used wrong.

    Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

    Please include the C:\ComboFix.txt in your next reply for further review.

    Note:
    Do not mouseclick combofix''s window while it''s running. That may cause it to stall


    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

    Offline DonkeyDragon

    • Bronze Member
    • Posts: 16
    Re: [In Progress] Hijacking mtc.makemesearch.com
    « Reply #11 on: February 12, 2012, 05:17:42 pm »
    combofix report

    ComboFix 12-02-10.03 - STOUT 02/12/2012  18:01:34.1.2 - x86
    Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3070.1847 [GMT -5:00]
    Running from: c:\documents and settings\STOUT\My Documents\Downloads\ComboFix.exe
    AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\docume~1\STOUT\LOCALS~1\Temp\1.tmp\F_IN_BOX.dll
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\STOUT\Local Settings\Temp\1.tmp\F_IN_BOX.dll
    c:\documents and settings\STOUT\WINDOWS
    c:\program files\Search Toolbar
    c:\program files\Search Toolbar\icon.ico
    c:\program files\Search Toolbar\SearchToolbar.dll
    c:\program files\Search Toolbar\SearchToolbarUninstall.exe
    c:\program files\Search Toolbar\SearchToolbarUpdater.exe
    .
    .
    (((((((((((((((((((((((((   Files Created from 2012-01-12 to 2012-02-12  )))))))))))))))))))))))))))))))
    .
    .
    2012-02-12 20:49 . 2012-02-12 20:49   --------   d-----w-   C:\TDSSKiller_Quarantine
    2012-02-12 04:29 . 2012-02-12 18:12   --------   d-----w-   c:\program files\Symantec
    2012-02-12 04:29 . 2012-02-12 18:12   60872   ----a-w-   c:\windows\system32\S32EVNT1.DLL
    2012-02-12 04:29 . 2012-02-12 18:12   141944   ----a-w-   c:\windows\system32\drivers\SYMEVENT.SYS
    2012-02-12 04:29 . 2012-02-12 04:41   --------   d-----w-   c:\program files\Common Files\Symantec Shared
    2012-02-12 04:28 . 2012-02-12 20:54   --------   d-----w-   c:\windows\system32\drivers\NAV
    2012-02-12 04:28 . 2012-02-12 04:28   --------   d-----w-   c:\program files\Norton AntiVirus
    2012-02-12 04:04 . 2012-02-12 04:04   --------   d-----w-   c:\program files\SpywareBlaster
    2012-02-12 04:03 . 2012-02-12 04:03   --------   d-----w-   c:\program files\NortonInstaller
    2012-02-12 03:40 . 2012-02-12 03:40   --------   d-----w-   c:\documents and settings\STOUT\Application Data\WinPatrol
    2012-02-12 03:40 . 2012-02-12 03:40   --------   d-----w-   c:\program files\BillP Studios
    2012-02-12 03:40 . 2012-02-12 03:40   --------   d-----w-   c:\documents and settings\All Users\Application Data\InstallMate
    2012-02-12 02:34 . 2012-02-12 02:34   --------   d-----w-   c:\documents and settings\STOUT\Application Data\Malwarebytes
    2012-02-12 02:34 . 2012-02-12 02:34   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-02-12 02:34 . 2012-02-12 02:34   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
    2012-02-12 02:34 . 2011-12-10 20:24   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
    2012-02-12 02:26 . 2012-02-12 02:26   --------   d-----w-   c:\program files\CCleaner
    2012-02-12 01:40 . 2012-02-12 01:40   --------   d-----w-   c:\windows\system32\wbem\Repository
    2012-02-10 03:44 . 2012-02-10 03:44   --------   d-----w-   c:\documents and settings\Administrator
    2012-02-10 02:52 . 2012-02-12 04:43   388096   ----a-r-   c:\documents and settings\STOUT\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-02-10 02:52 . 2012-02-10 02:52   --------   d-----w-   c:\program files\Trend Micro
    2012-02-08 06:05 . 2012-02-08 06:05   --------   d-----w-   c:\documents and settings\All Users\Application Data\PCSettings
    2012-02-08 05:37 . 2012-02-09 02:02   --------   d-----w-   c:\documents and settings\STOUT\Local Settings\Application Data\LogMeIn Rescue Applet
    2012-01-28 17:36 . 2012-01-28 17:36   --------   d-----w-   c:\program files\Maxis
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-11 03:32 . 2002-03-25 20:02   12464   ----a-w-   c:\windows\system32\drivers\secdrv.sys
    2011-12-20 03:32 . 2011-12-20 03:32   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-25 21:57 . 2002-08-29 10:41   293376   ----a-w-   c:\windows\system32\winsrv.dll
    2011-11-23 13:25 . 2002-08-29 09:14   1859584   ----a-w-   c:\windows\system32\win32k.sys
    2011-11-18 12:35 . 2002-08-29 10:41   60416   ----a-w-   c:\windows\system32\packager.exe
    2012-02-11 15:28 . 2011-12-11 06:56   134104   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-08-01 1103216]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "Steam"="c:\program files\Steam\steam.exe" [2011-08-02 1242448]
    "MusicManager"="c:\documents and settings\STOUT\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe" [2012-01-11 13224448]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "RTHDCPL"="RTHDCPL.EXE" [2008-09-10 16851968]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-23 149280]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
    "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1753192]
    "wltray.exe"="c:\windows\system32\wltray.exe" [2005-06-09 778318]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 1770400]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
    "WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2012-01-30 400480]
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
    "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
    "c:\\Program Files\\Sony\\EverQuest II\\EverQuest2.exe"=
    "c:\\Program Files\\CounterPath\\X-Lite\\x-lite.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\Sony\\EverQuest II\\EQ2VoiceService.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\Program Files\\Steam\\Steam.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\sid meier's civilization v\\Launcher.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1305000.091\symds.sys [2/12/2012 1:12 PM 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1305000.091\symefa.sys [2/12/2012 1:12 PM 905336]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\BASHDefs\20120207.003\BHDrvx86.sys [2/7/2012 6:18 AM 820344]
    R1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAV\1305000.091\ccsetx86.sys [2/12/2012 1:12 PM 132744]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1305000.091\ironx86.sys [2/12/2012 1:12 PM 149624]
    R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\19.5.0.145\ccsvchst.exe [2/12/2012 1:12 PM 138248]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/11/2012 11:34 PM 106104]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\IPSDefs\20120210.002\IDSXpx86.sys [2/10/2012 4:27 PM 356280]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/22/2011 10:02 PM 135664]
    S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 12:58 PM 11336]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/22/2011 10:02 PM 135664]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-02 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
    .
    2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-23 03:02]
    .
    2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-23 03:02]
    .
    2012-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1592454029-839522115-1003Core.job
    - c:\documents and settings\STOUT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-22 21:45]
    .
    2012-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1592454029-839522115-1003UA.job
    - c:\documents and settings\STOUT\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-22 21:45]
    .
    .
    ------- Supplementary Scan -------
    .
    mStart Page = hxxp://www.yahoo.com/
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.2.1
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\STOUT\Application Data\Mozilla\Firefox\Profiles\2iqes1ho.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
    FF - prefs.js: browser.startup.homepage - www.yahoo.com
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z129&form=ZGAADF&install_date=20110902&q=
    FF - user.js: yahoo.homepage.dontask - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
    HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
    HKCU-Run-DriverUpdaterPro - c:\program files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe
    HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
    HKLM-Run-GEST - (no file)
    HKLM-Run-MSN Toolbar - c:\program files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
    HKLM-Run-Microsoft Default Manager - c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
    AddRemove-Adobe Flash Player Plugin - c:\windows\system32\Macromed\Flash\FlashUtil10i_Plugin.exe
    AddRemove-Google Chrome - c:\program files\Google\Chrome\Application\15.0.874.121\Installer\setup.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-02-12 18:10
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ... 
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ... 
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]
    "ImagePath"="\"c:\program files\Norton AntiVirus\Engine\19.5.0.145\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\19.5.0.145\diMaster.dll\" /prefetch:1"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(900)
    c:\windows\System32\BCMLogon.dll
    .
    - - - - - - - > 'explorer.exe'(2376)
    c:\windows\system32\WININET.dll
    c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
    c:\windows\system32\ieframe.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvsvc32.exe
    c:\windows\System32\wltrysvc.exe
    c:\windows\System32\bcmwltry.exe
    c:\windows\system32\LEXBCES.EXE
    c:\windows\system32\LEXPPS.EXE
    c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\RTHDCPL.EXE
    c:\windows\system32\RUNDLL32.EXE
    c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Java\jre6\bin\jucheck.exe
    .
    **************************************************************************
    .
    Completion time: 2012-02-12  18:15:31 - machine was rebooted
    ComboFix-quarantined-files.txt  2012-02-12 23:15
    .
    Pre-Run: 115,408,523,264 bytes free
    Post-Run: 116,282,667,008 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
    .
    - - End Of File - - 09787AA9FD5373991140AF47BB992883

    Offline Hoov

    • Malware Removal Mentors
    • Global Moderator
    • Diamond Member
    • Posts: 25344
    • Unwilling part owner of Gov't. Motors and Chrysler
      • Hoov's Personal Site
    Re: [In Progress] Hijacking mtc.makemesearch.com
    « Reply #12 on: February 12, 2012, 05:55:16 pm »
    There is still one program that concerns me. The information about it is ambiguous at best. Do you know anything about x-lite.exe? From what I have found it may have something to do with a softphone? Does that make any sense to you?


    Download and scan with CCleaner
    1. CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free or Slim versions instead of the Standard Build.
    2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
    3. Then select the items you wish to clean up.
    In the Windows Tab:
    • Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
    • Clean all the entries in the "Windows Explorer" section.
    • Clean all entries in the "System" section.
    • Clean all entries in the "Advanced" section.
    • Clean any others that you choose.
    In the Applications Tab:
    • Clean all except cookies in the Firefox/Mozilla section if you use it.
    • Clean all in the Opera section if you use it.
    • Clean Sun Java in the Internet Section.



    How is your computer running? [/list]

    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

    Offline DonkeyDragon

    • Bronze Member
    • Posts: 16
    Re: [In Progress] Hijacking mtc.makemesearch.com
    « Reply #13 on: February 12, 2012, 05:59:36 pm »
    x-lite is a voip program i have used for work
     it should be ok

    Offline Hoov

    • Malware Removal Mentors
    • Global Moderator
    • Diamond Member
    • Posts: 25344
    • Unwilling part owner of Gov't. Motors and Chrysler
      • Hoov's Personal Site
    Re: [In Progress] Hijacking mtc.makemesearch.com
    « Reply #14 on: February 12, 2012, 06:34:00 pm »
    OK. Thanks for the info. How is the computer running?

    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!