Google Keeps Redirecting me.. sneaky malware?

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages
1
2
→

You cannot start a new topic
This topic is locked

Google Keeps Redirecting me.. sneaky malware? Virus scan, and clean did not work, how do I remove it?

#1 Ragnorok321

New Member

Group: Members
Posts: 11
Joined: 10-May 11

Posted 11 May 2011 - 12:20 AM

When I search for something on google, I'll click the link to the site posted, and it will redirect me to some random site. I really dislike this, so I scanned my computer for viruses with avast! antivirus, and cleaned them. I scanned with Norton Power Eraser (non rootkit scan) I wasn't sure if I should have done rootkit scan or not. Then I erased what was left. I restarted my computer after each, and then tried google again. Each time, the links were still being redirected. So, I looked up the answer on yahoo answers, and a link was posted here. I'm running windows 7 starter edition, 32 bit, and my browser is google chrome. (if that helps any)

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by David at 21:16:01.64 on Tue 05/10/2011
Internet Explorer: 9.0.8112.16421
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1012.228 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Norton Internet Security Netbook Edition *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security Netbook Edition *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security Netbook Edition *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\SPLASH.SYS\config\DVMExportService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\InstStub.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\javaw.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\David\AppData\Roaming\cacaoweb\cacaoweb.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\David\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.0.0.136\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.0.0.136\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0566.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0566.0\msneshellx.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.0.0.136\coIEPlg.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Simplify Media] "c:\program files\hp\hp mediastream\HPMediaStream.exe" -splash
uRun: [Google Update] "c:\users\david\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [cacaoweb] "c:\users\david\appdata\roaming\cacaoweb\cacaoweb.exe" -noplayer
uRun: [GHWAUC6NNZ] c:\users\david\appdata\local\temp\Ahl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [HP] c:\program files\hewlett-packard\hp quicksync\QuickSync.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [ZumoDrive] "c:\program files\hewlett-packard\hp clouddrive\ZumoLauncher.lnk"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-2 165584]
R1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys [2009-9-29 17624]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-2 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-2 50768]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-3-25 174592]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-3-25 204288]
.
=============== File Associations ===============
.
regfile="regedit.exe" "%1"
.
=============== Created Last 30 ================
.
2011-05-11 03:44:45 20 ----a-w- c:\windows\system32\drivers\SMR162.dat
2011-05-11 03:44:31 76920 ----a-w- c:\windows\system32\drivers\SMR162.SYS
2011-05-11 01:02:51 -------- d-----w- c:\users\david\appdata\local\{F8755F71-451D-4A65-A936-77FB877A9CF2}
2011-05-09 18:34:23 -------- d-----w- c:\users\david\appdata\local\jagexlauncher
2011-05-07 17:33:05 -------- d-----w- c:\users\david\appdata\local\{CA2EB6E9-CB9C-4FD5-8849-393C692423FD}
2011-05-07 02:55:37 -------- d-----w- c:\users\david\appdata\local\{E6FDFCD6-E20C-4F55-83D4-F1B46D8C8F83}
2011-05-04 18:03:35 -------- d-----w- c:\users\david\appdata\local\{2E470572-9579-4052-9494-2DD549965CE4}
2011-05-02 17:49:56 -------- d-----w- c:\users\david\appdata\local\{86840695-3F73-4B22-AA4B-5C139BFF079A}
2011-05-02 17:08:29 -------- d-----w- c:\users\david\appdata\local\{2EFA383F-3029-4FD3-B92B-2677FE490BBC}
2011-04-30 23:53:25 -------- d-----w- c:\users\david\appdata\local\{5E7824C8-239B-43AA-BAE6-F377E42FB143}
2011-04-30 08:07:12 -------- d-----w- c:\users\david\appdata\local\{66BE47AD-9A52-495B-869A-7F46416DF143}
2011-04-28 17:17:44 -------- d-----w- c:\users\david\appdata\local\{D189B722-4E22-490D-BA05-85A8926AA43F}
2011-04-28 17:04:24 -------- d-----w- c:\users\david\appdata\local\{77FA33D0-EFE2-4910-8F24-6B966F094848}
2011-04-28 05:03:50 -------- d-----w- c:\users\david\appdata\local\{A11E34F3-BC85-4EFC-A308-704538E432A1}
2011-04-27 16:20:24 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-04-27 16:20:06 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-04-27 16:20:05 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-04-27 16:20:04 1686016 ----a-w- c:\windows\system32\esent.dll
2011-04-27 16:20:04 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-04-27 16:20:03 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-04-27 16:20:03 146304 ----a-w- c:\windows\system32\drivers\storport.sys
2011-04-27 16:20:02 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-04-27 16:20:02 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-04-27 16:20:01 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-04-27 16:19:22 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-27 16:19:08 2614784 ----a-w- c:\windows\explorer.exe
2011-04-27 05:44:09 122880 --sha-r- c:\windows\system32\wmidx5.dll
2011-04-27 03:24:38 -------- d-----w- c:\users\david\appdata\local\{1DF367EE-AF79-43CA-AAA5-6A83ED548909}
2011-04-24 18:12:21 -------- d-----w- c:\users\david\appdata\local\{16234E6B-09EC-4F35-81B6-A898E7DF221B}
2011-04-23 04:02:36 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{806a385f-c7b4-4e9b-8002-ddd6884a4458}\mpengine.dll
2011-04-19 16:49:50 -------- d-----w- c:\users\david\appdata\local\{79212E52-88F0-4E56-8A3E-289A1A10AD94}
2011-04-18 15:44:38 -------- d-----w- c:\users\david\appdata\local\{C5A35AA2-5B41-4D73-A3CA-37A58BB9C961}
2011-04-17 08:58:39 -------- d-----w- c:\users\david\appdata\local\{4F730B2D-9588-4996-9D42-8838B9A178DF}
2011-04-15 16:27:15 -------- d-----w- c:\program files\VirtualDJ
2011-04-15 16:18:38 -------- d-----w- c:\users\david\appdata\local\{FC01D874-CD6A-45FA-84C4-205F5A7F0A18}
2011-04-14 16:07:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-14 16:07:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-14 16:07:57 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-14 16:07:52 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-14 16:07:52 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-14 16:07:48 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-04-14 16:07:47 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-14 16:07:00 2331136 ----a-w- c:\windows\system32\win32k.sys
2011-04-14 16:06:58 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-14 16:06:57 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-14 16:06:55 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-14 16:06:53 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-14 16:06:53 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-04-14 16:06:51 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-14 16:06:51 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-14 16:06:51 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-14 16:06:51 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-12 06:34:40 -------- d-----w- c:\users\david\appdata\local\{27C40AE9-7DD5-4314-9164-4FCD5117FD6B}
2011-04-12 05:17:05 -------- d-----w- c:\users\david\appdata\local\ElevatedDiagnostics
.
==================== Find3M ====================
.
2011-05-04 15:31:10 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-04 15:31:09 161792 ----a-w- c:\windows\system32\msls31.dll
2011-05-04 15:31:09 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-05-04 15:31:07 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-05-04 15:31:06 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-04 15:31:06 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-04 15:31:06 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-04 15:31:04 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-05-04 15:31:03 367104 ----a-w- c:\windows\system32\html.iec
2011-05-04 15:31:00 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-05-04 15:31:00 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-04 15:30:59 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-04 15:30:59 152064 ----a-w- c:\windows\system32\wextract.exe
2011-05-04 15:30:59 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-05-04 15:30:58 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-05-04 15:30:55 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-04 15:30:55 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-04 15:30:54 11776 ----a-w- c:\windows\system32\mshta.exe
2011-05-04 15:30:54 101888 ----a-w- c:\windows\system32\admparse.dll
2011-05-04 15:30:51 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-05-04 15:30:51 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-03 07:50:18 203776 --sh--w- c:\progra~2\unrar.exe
2011-04-03 07:49:14 198656 ----a-w- c:\windows\system32\browcli32.exe
2011-02-19 05:33:11 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 05:32:48 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 05:32:35 739840 ----a-w- c:\windows\system32\d2d1.dll
.
============= FINISH: 21:18:32.91 ===============

Attached File(s)

ark.txt (15.82K)
Number of downloads: 1
Attach.txt (7.52K)
Number of downloads: 0

#2 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,456
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 14 May 2011 - 01:16 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

Do not run any other tool untill instructed to do so!
Please Do not Attach logs or put in code boxes.
Tell me about any problems that have occurred during the fix.
Tell me of any other symptoms you may be having as these can help also.
Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

DeFogger

desktop

DeFogger

The application window will appear
Click the Disable button to disable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger may ask you to reboot the machine, if it does - click OK

Do not

Download DDS:

DDS by sUBs

Link1

Link2

Link3

Please disable any anti-malware program that will block scripts from running before running DDS.

Double-Click on dds.scr and a command window will appear. This is normal.
Shortly after two logs will appear:
- DDS.txt
- Attach.txt
A window will open instructing you save & post the logs
Save the logs to a convenient place such as your desktop
Copy the contents of both logs & post in your next reply

Scan With RKUnHooker

Please Download Rootkit Unhooker Save it to your desktop.
Now double-click on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
Wait till the scanner has finished and then click File, Save Report.
Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

"just click on Cancel, then Accept".

information and logs:

In your next post I need the following

.logs from DDS
log from RKUnHooker
let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->

<-- Don't worry every little bit helps.

#3 Ragnorok321

New Member

Group: Members
Posts: 11
Joined: 10-May 11

Posted 15 May 2011 - 07:09 PM

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by David at 16:59:24.53 on Sun 05/15/2011
Internet Explorer: 9.0.8112.16421
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1012.289 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Norton Internet Security Netbook Edition *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security Netbook Edition *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security Netbook Edition *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\SPLASH.SYS\config\DVMExportService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\LogonUI.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\InstStub.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP QuickSync\jre\bin\javaw.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\David\AppData\Roaming\cacaoweb\cacaoweb.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\David\Desktop\dds (2).scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.0.0.136\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.0.0.136\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0566.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0566.0\msneshellx.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.0.0.136\coIEPlg.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Simplify Media] "c:\program files\hp\hp mediastream\HPMediaStream.exe" -splash
uRun: [Google Update] "c:\users\david\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [cacaoweb] "c:\users\david\appdata\roaming\cacaoweb\cacaoweb.exe" -noplayer
uRun: [GHWAUC6NNZ] c:\users\david\appdata\local\temp\Ahl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [HP] c:\program files\hewlett-packard\hp quicksync\QuickSync.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [ZumoDrive] "c:\program files\hewlett-packard\hp clouddrive\ZumoLauncher.lnk"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-2 165584]
R1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys [2009-9-29 17624]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_5576240ee6baaa25\AEstSrv.exe [2010-3-25 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-2 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-2 50768]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-2 40384]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\splash.sys\config\DVMExportService.exe [2009-7-8 323584]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.0.0.136\ccSvcHst.exe [2010-3-25 126392]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-2 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-2 40384]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-11-17 228408]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-3-25 174592]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-3-25 204288]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
.
=============== File Associations ===============
.
regfile="regedit.exe" "%1"
.
=============== Created Last 30 ================
.
2011-05-14 01:09:20 -------- d-----w- c:\users\david\appdata\local\{75CE9866-7D51-4E06-B5D7-7A95FEF3331C}
2011-05-14 00:54:34 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-11 14:17:23 -------- d-----w- c:\users\david\appdata\local\{7F1E1AB9-96CB-4551-ABA9-A7DFF461CE83}
2011-05-11 06:18:36 -------- d-----w- c:\users\david\appdata\local\PackageAware
2011-05-11 01:02:51 -------- d-----w- c:\users\david\appdata\local\{F8755F71-451D-4A65-A936-77FB877A9CF2}
2011-05-11 00:48:15 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-11 00:48:15 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 00:47:51 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-11 00:47:51 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-11 00:47:51 284160 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-11 00:47:50 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-11 00:47:50 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-11 00:47:50 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-05-11 00:47:49 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-05-09 18:34:23 -------- d-----w- c:\users\david\appdata\local\jagexlauncher
2011-05-07 17:33:05 -------- d-----w- c:\users\david\appdata\local\{CA2EB6E9-CB9C-4FD5-8849-393C692423FD}
2011-05-07 02:55:37 -------- d-----w- c:\users\david\appdata\local\{E6FDFCD6-E20C-4F55-83D4-F1B46D8C8F83}
2011-05-04 18:03:35 -------- d-----w- c:\users\david\appdata\local\{2E470572-9579-4052-9494-2DD549965CE4}
2011-05-02 17:49:56 -------- d-----w- c:\users\david\appdata\local\{86840695-3F73-4B22-AA4B-5C139BFF079A}
2011-05-02 17:08:29 -------- d-----w- c:\users\david\appdata\local\{2EFA383F-3029-4FD3-B92B-2677FE490BBC}
2011-04-30 23:53:25 -------- d-----w- c:\users\david\appdata\local\{5E7824C8-239B-43AA-BAE6-F377E42FB143}
2011-04-30 08:07:12 -------- d-----w- c:\users\david\appdata\local\{66BE47AD-9A52-495B-869A-7F46416DF143}
2011-04-28 17:17:44 -------- d-----w- c:\users\david\appdata\local\{D189B722-4E22-490D-BA05-85A8926AA43F}
2011-04-28 17:04:24 -------- d-----w- c:\users\david\appdata\local\{77FA33D0-EFE2-4910-8F24-6B966F094848}
2011-04-28 05:03:50 -------- d-----w- c:\users\david\appdata\local\{A11E34F3-BC85-4EFC-A308-704538E432A1}
2011-04-27 16:20:24 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-04-27 16:20:06 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-04-27 16:20:05 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-04-27 16:20:04 1686016 ----a-w- c:\windows\system32\esent.dll
2011-04-27 16:20:04 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-04-27 16:20:03 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-04-27 16:20:03 146304 ----a-w- c:\windows\system32\drivers\storport.sys
2011-04-27 16:20:02 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-04-27 16:20:02 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-04-27 16:20:01 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-04-27 16:19:22 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-27 16:19:08 2614784 ----a-w- c:\windows\explorer.exe
2011-04-27 05:44:09 122880 --sha-r- c:\windows\system32\wmidx5.dll
2011-04-27 03:24:38 -------- d-----w- c:\users\david\appdata\local\{1DF367EE-AF79-43CA-AAA5-6A83ED548909}
2011-04-24 18:12:21 -------- d-----w- c:\users\david\appdata\local\{16234E6B-09EC-4F35-81B6-A898E7DF221B}
2011-04-23 04:02:36 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{806a385f-c7b4-4e9b-8002-ddd6884a4458}\mpengine.dll
2011-04-19 16:49:50 -------- d-----w- c:\users\david\appdata\local\{79212E52-88F0-4E56-8A3E-289A1A10AD94}
2011-04-18 15:44:38 -------- d-----w- c:\users\david\appdata\local\{C5A35AA2-5B41-4D73-A3CA-37A58BB9C961}
2011-04-17 08:58:39 -------- d-----w- c:\users\david\appdata\local\{4F730B2D-9588-4996-9D42-8838B9A178DF}
.
==================== Find3M ====================
.
2011-05-04 15:31:10 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-04 15:31:09 161792 ----a-w- c:\windows\system32\msls31.dll
2011-05-04 15:31:09 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-05-04 15:31:07 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-05-04 15:31:06 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-04 15:31:06 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-04 15:31:06 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-04 15:31:04 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-05-04 15:31:03 367104 ----a-w- c:\windows\system32\html.iec
2011-05-04 15:31:00 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-05-04 15:31:00 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-04 15:30:59 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-04 15:30:59 152064 ----a-w- c:\windows\system32\wextract.exe
2011-05-04 15:30:59 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-05-04 15:30:58 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-05-04 15:30:55 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-04 15:30:55 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-04 15:30:54 11776 ----a-w- c:\windows\system32\mshta.exe
2011-05-04 15:30:54 101888 ----a-w- c:\windows\system32\admparse.dll
2011-05-04 15:30:51 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-05-04 15:30:51 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-03 07:50:18 203776 --sh--w- c:\progra~2\unrar.exe
2011-04-03 07:49:14 198656 ----a-w- c:\windows\system32\browcli32.exe
2011-03-11 05:40:24 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:40:24 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-08 05:38:13 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 05:29:23 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 05:27:30 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 03:31:32 2331136 ----a-w- c:\windows\system32\win32k.sys
2011-02-24 05:32:52 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-19 05:33:11 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 05:32:48 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 05:32:35 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 05:32:08 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-19 03:37:02 294912 ----a-w- c:\windows\system32\atmfd.dll
.
============= FINISH: 17:01:18.46 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Starter
Boot Device: \Device\HarddiskVolume1
Install Date: 12/3/2010 4:32:39 AM
System Uptime: 5/14/2011 8:22:24 PM (21 hours ago)
.
Motherboard: Hewlett-Packard | | 3660
Processor: Intel® Atom™ CPU N450 @ 1.66GHz | CPU | 999/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 137 GiB total, 93.528 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.933 GiB free.
E: is FIXED (FAT32) - 0 GiB total, 0.09 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: NAVEX15
Device ID: ROOT\LEGACY_NAVEX15\0000
Manufacturer:
Name: NAVEX15
PNP Device ID: ROOT\LEGACY_NAVEX15\0000
Service: NAVEX15
.
==== System Restore Points ===================
.
RP106: 5/10/2011 8:39:18 PM - Norton_Power_Eraser_20110510203917966
RP107: 5/11/2011 7:17:32 AM - Windows Update
RP108: 5/13/2011 5:52:06 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1 MUI
Adobe Shockwave Player
Advanced PC Tweaker v4.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft WebCam Companion 3
ASIO4ALL
avast! Free Antivirus
Bonjour
Broadcom 802.11 Wireless LAN Adapter
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite
D3DX10
ESU for Microsoft Windows 7
Final Fantasy VII - Ultima Edition
Finale 2011 Demo
FL Studio 9
FrostWire 4.21.5
Google Chrome
Hardcore
Hotspot Shield 1.56
HP CloudDrive
HP Customer Experience Enhancements
HP Games
HP MediaStream
HP Quick Launch Buttons
HP QuickSync
HP QuickWeb
HP Setup
HP Support Assistant
HP Update
HP User Guides 0169
HP Wireless Assistant
HPAsset component for HP Active Support Library
IDT Audio
IL Download Manager
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java™ 6 Update 24
Junk Mail filter update
Megavideo Video Downloader 3.19
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MSVCRT
Musicnotes Software Suite 1.5.3
Norton Internet Security
PoiZone
Power2Go
QLBCASL
QuickTime
Realtek Ethernet Controller Driver For Windows Vista and Later
Realtek USB 2.0 Card Reader
Recovery Manager
RuneScape Launcher 1.0.4
Sawer
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Toolbars
Skype™ 5.1
Synaptics Pointing Device Driver
Toxic Biohazard
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VirtualDJ Home FREE
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
YouTube Downloader 2.7.2
.
==== Event Viewer Messages From Past Week ========
.
5/15/2011 8:48:06 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
5/15/2011 11:37:12 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
5/14/2011 10:59:46 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
5/13/2011 6:07:42 PM, Error: Service Control Manager [7023] -
5/13/2011 6:06:49 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom SRTSP
5/13/2011 6:05:46 PM, Error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.
5/13/2011 6:05:46 PM, Error: SRTSP [4] - Error loading virus definitions.
5/13/2011 5:50:23 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.
5/10/2011 8:52:07 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user PC\David SID (S-1-5-21-1845213330-3832361804-1990838261-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
5/10/2011 6:01:36 PM, Error: Service Control Manager [7023] - The iPod Service service terminated with the following error: %%-2147417831
.
==== End Of File ===========================

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #2
==============================================
>Drivers
==============================================
0x8B638000 C:\Windows\system32\DRIVERS\igdkmd32.sys 5279744 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x81A1D000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x81A1D000 PnpManager 4259840 bytes
0x81A1D000 RAW 4259840 bytes
0x81A1D000 WMIxWDM 4259840 bytes
0x8C40E000 C:\Windows\system32\DRIVERS\bcmwl6.sys 2510848 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0x91B60000 Win32k 2404352 bytes
0x91B60000 C:\Windows\System32\win32k.sys 2404352 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8723A000 C:\Windows\system32\DRIVERS\ql2300.sys 1568768 bytes (QLogic Corporation, QLogic Fibre Channel Stor Miniport Driver)
0x8766B000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x87431000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x86AA0000 C:\Windows\system32\drivers\iaStorV.sys 897024 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x90CEE000 C:\Windows\System32\Drivers\dump_iaStor.sys 892928 bytes
0x86C36000 C:\Windows\system32\DRIVERS\iaStor.sys 892928 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x8BB41000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8713B000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x866E3000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0xAA6A4000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x87021000 C:\Windows\system32\DRIVERS\MegaSR.sys 598016 bytes (LSI Corporation, Inc., LSI MegaRAID Software RAID Driver)
0x8795F000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x86610000 C:\Windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x86F50000 C:\Windows\system32\DRIVERS\elxstor.sys 471040 bytes (Emulex, Storport Miniport Driver for LightPulse HBAs)
0x86819000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x90C23000 C:\Windows\system32\DRIVERS\stwrt.sys 442368 bytes (IDT, Inc., IDT PC Audio)
0x86B7B000 C:\Windows\system32\DRIVERS\adp94xx.sys 434176 bytes (Adaptec, Inc., Adaptec Windows SAS/SATA Storport Driver)
0x8759E000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x8A337000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x870E6000 C:\Windows\system32\DRIVERS\ql40xx.sys 348160 bytes (QLogic Corporation, QLogic iSCSI Storport Miniport Driver)
0xAA835000 C:\Windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0xAA773000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x91A20000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x86E19000 C:\Windows\system32\DRIVERS\adpahci.sys 311296 bytes (Adaptec, Inc., Adaptec Windows SATA Storport Driver)
0x8C6B2000 C:\Windows\system32\drivers\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8698D000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x86898000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x86D54000 C:\Windows\system32\DRIVERS\storport.sys 290816 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x87919000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8C145000 C:\Windows\system32\drivers\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x866A1000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x8A231000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x87829000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x87608000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x86EDC000 C:\Windows\system32\DRIVERS\amdsbs.sys 249856 bytes (AMD Technologies Inc., AMD Technology AHCI Compatible Controller Driver for Windows family)
0xAA636000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8C030000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x81E2D000 ACPI_HAL 225280 bytes
0x8C1BE000 C:\Windows\system32\drivers\aswMonFlt.sys 225280 bytes (AVAST Software, avast! File System Minifilter for Windows 2003/Vista)
0x81E2D000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8C73A000 C:\Windows\system32\DRIVERS\SynTP.sys 225280 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)
0x867A2000 C:\Windows\System32\drivers\FLTMGR.SYS 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8C103000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x878D6000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8A396000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x877B4000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x90C8F000 C:\Windows\system32\DRIVERS\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x87891000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x87560000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8C673000 C:\Windows\System32\Drivers\fastfat.SYS 172032 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x868F1000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x86DD2000 C:\Windows\System32\Drivers\aswSP.SYS 159744 bytes (AVAST Software, avast! self protection module)
0x86E65000 C:\Windows\system32\DRIVERS\adpu320.sys 155648 bytes (Adaptec, Inc., Adaptec StorPort Ultra320 SCSI Driver)
0x86E9F000 C:\Windows\system32\DRIVERS\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x86A6C000 C:\Windows\system32\drivers\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x87646000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x870C1000 C:\Windows\system32\drivers\nvstor.sys 151552 bytes (NVIDIA Corporation, NVIDIA® nForce™ Sata Performance Driver)
0x87200000 C:\Windows\system32\DRIVERS\vsmraid.sys 151552 bytes (VIA Technologies Inc.,Ltd, VIA RAID DRIVER FOR AMD-X86-64)
0x86935000 C:\Windows\system32\DRIVERS\mpio.sys 147456 bytes (Microsoft Corporation, MultiPath Support Bus-Driver)
0xAA8D9000 C:\Windows\System32\Drivers\usbvideo.sys 147456 bytes (Microsoft Corporation, USB Video Class Driver)
0x86D19000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x86C00000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8C7DB000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xAA745000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x873DC000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8A2AC000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x86A2D000 C:\Windows\system32\DRIVERS\msdsm.sys 131072 bytes (Microsoft Corporation, Microsoft Device Specific Module)
0x8C069000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x86A4D000 C:\Windows\system32\drivers\nvraid.sys 126976 bytes (NVIDIA Corporation, NVIDIA® nForce™ RAID Driver)
0x8A3CF000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x91A00000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x90C00000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xAA671000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x86FD3000 C:\Windows\system32\DRIVERS\lsi_fc.sys 106496 bytes (LSI Corporation, LSI Fusion-MPT FC Driver (StorPort))
0x86DB8000 C:\Windows\system32\DRIVERS\lsi_scsi.sys 106496 bytes (LSI Corporation, LSI Fusion-MPT SCSI Driver (StorPort))
0x8C000000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x8B600000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x90CBE000 C:\Windows\system32\DRIVERS\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x86F38000 C:\Windows\system32\DRIVERS\arcsas.sys 98304 bytes (Adaptec, Inc., Adaptec SAS RAID WS03 Driver)
0x87417000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8C70C000 C:\Windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x86D3C000 C:\Windows\system32\DRIVERS\lsi_sas.sys 98304 bytes (LSI Corporation, LSI Fusion-MPT SAS Driver (StorPort))
0x8C7B8000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8C0BD000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x87879000 C:\Windows\system32\DRIVERS\sbp2port.sys 98304 bytes (Microsoft Corporation, SBP-2 Protocol Driver)
0x86EC5000 C:\Windows\system32\drivers\amdsata.sys 94208 bytes (Advanced Micro Devices, AHCI 1.2 Device Driver)
0x8C0D5000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8C0EC000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8A30B000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0xAA8C2000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x86F22000 C:\Windows\system32\DRIVERS\arc.sys 90112 bytes (Adaptec, Inc., Adaptec RAID Storport Driver)
0x867D6000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x873C6000 C:\Windows\system32\DRIVERS\sisraid4.sys 90112 bytes (Silicon Integrated Systems, SiS AHCI Stor-Miniport Driver)
0x86E8B000 C:\Windows\system32\DRIVERS\djsvs.sys 81920 bytes (Adaptec, Inc., Adaptec Ultra SCSI miniport)
0x86DA5000 C:\Windows\system32\DRIVERS\HpSAMD.sys 77824 bytes (Hewlett-Packard Company, Smart Array SAS/SATA Controller Media Driver)
0x8758B000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8C098000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8A20E000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8C796000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x87000000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x8C0AB000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x87908000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x90DD3000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x87225000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8C189000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x86959000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x86688000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8A3EE000 C:\Windows\system32\DRIVERS\vwififlt.sys 69632 bytes (Microsoft Corporation, Virtual WiFi Filter Driver)
0x8C7A8000 C:\Windows\system32\DRIVERS\HssDrv.sys 65536 bytes (AnchorFree Inc., Hotspot Shield Routing Driver)
0x86FC3000 C:\Windows\system32\DRIVERS\iirsp.sys 65536 bytes (Intel Corp./ICP vortex GmbH, Intel/ICP Raid Storport Driver)
0x8C01A000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x86FED000 C:\Windows\system32\DRIVERS\lsi_sas2.sys 65536 bytes (LSI Corporation, LSI SAS Gen2 Driver (StorPort))
0x878BE000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x8C088000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8A221000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x8697D000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x86926000 C:\Windows\system32\DRIVERS\isapnp.sys 61440 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0x8C6FD000 C:\Windows\system32\drivers\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x877ED000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x8A200000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x870B3000 C:\Windows\system32\DRIVERS\nfrd960.sys 57344 bytes (IBM Corporation, IBM ServeRAID Controller Driver)
0x8A2FD000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x869DF000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x87400000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x8C137000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8688A000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x8C789000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x90CE1000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8C72D000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8C773000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0x873B9000 C:\Windows\system32\DRIVERS\SiSRaid2.sys 53248 bytes (Silicon Integrated Systems Corp., SiS RAID Stor Miniport Driver)
0xAA766000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8A2CD000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x87814000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x8A2A0000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x86972000 C:\Windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x86E00000 C:\Windows\system32\DRIVERS\megasas.sys 45056 bytes (LSI Corporation, MEGASAS RAID Controller Driver for Windows 7 for x86)
0xAA9A7000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x8A2F2000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8C7D0000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8A322000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8C6A7000 C:\Windows\system32\drivers\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8691B000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x8A32D000 C:\Windows\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0x90CD7000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x86D9B000 C:\Windows\system32\DRIVERS\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x8A27C000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8A272000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xAA73B000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8A288000 C:\Windows\system32\drivers\NIS\1100000.088\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0x8C69D000 C:\Windows\system32\DRIVERS\vwifibus.sys 40960 bytes (Microsoft Corporation, Virtual WiFi Bus Driver)
0x86F19000 C:\Windows\system32\drivers\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0xAA9E7000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x86D10000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8740E000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8C724000 C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 36864 bytes (Hewlett-Packard Development Company, L.P., HpqKbFiltr Keyboard Filter Driver)
0xAA9B2000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x87868000 C:\Windows\system32\DRIVERS\stexstor.sys 36864 bytes (Promise Technology, Promise SuperTrak EX Series Driver for Windows )
0x91DC0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8C780000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x868E0000 C:\Windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x86699000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x86800000 C:\Windows\system32\DRIVERS\cmdide.sys 32768 bytes (CMD Technology, Inc., CMD PCI IDE Bus Driver)
0x8696A000 C:\Windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x878CE000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x8189D000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x868E9000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8A2DA000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8A2E2000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x8A2EA000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x87871000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x86A98000 C:\Windows\system32\DRIVERS\viaide.sys 32768 bytes (VIA Technologies, Inc., VIA Generic PCI IDE Bus Driver)
0x877E5000 C:\Windows\system32\DRIVERS\wd.sys 32768 bytes (Microsoft Corporation, Microsoft Watchdog Timer Driver)
0x869ED000 C:\Windows\system32\DRIVERS\aliide.sys 28672 bytes (Acer Laboratories Inc., ALi mini IDE Driver)
0x869F4000 C:\Windows\system32\DRIVERS\amdide.sys 28672 bytes (Microsoft Corporation, AMD IDE Driver)
0x8A299000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x869D8000 C:\Windows\system32\DRIVERS\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xAA99C000 C:\Users\David\AppData\Local\Temp\mbr.sys 28672 bytes
0x8A292000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x86A91000 C:\Windows\system32\DRIVERS\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8C400000 C:\Windows\system32\DRIVERS\taphss.sys 28672 bytes (AnchorFree Inc, TAP-Win32 Virtual Network Driver)
0x8A3C8000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x8A391000 C:\Windows\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0x87820000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x90C1B000 C:\Windows\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0x87811000 C:\SPLASH.SYS\config\dvmio.sys 12288 bytes (DeviceVM, Inc., DVMIO virtual device driver)
0x8C407000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8C771000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x004B0000 Hidden Image-->HP.ActiveSupportLibrary.dll [ EPROCESS 0x83A6B910 ] PID: 5420, 126976 bytes
0x005A0000 Hidden Image-->Interop.HPQWMIEXLib.dll [ EPROCESS 0x83B5A678 ] PID: 2348, 28672 bytes
0x03FE0000 Hidden Image-->Interop.HPQTOASTERLib.dll [ EPROCESS 0x83B5A678 ] PID: 2348, 28672 bytes
0x00590000 Hidden Image-->HPWAMain.resources.dll [ EPROCESS 0x83B5A678 ] PID: 2348, 36864 bytes
0xAA927F2E Unknown thread object [ ETHREAD 0x83A85A60 ] , 600 bytes
0x008B0000 Hidden Image-->interop.Scheduler.dll [ EPROCESS 0x83A6B910 ] PID: 5420, 61440 bytes

!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

#4 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,456
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 15 May 2011 - 08:15 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1

Link 2

Link 3

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

Log from Combofix
let me know of any problems you may have had
How is the computer doing now?

Gringo

<-- Don't worry every little bit helps.

#5 Ragnorok321

New Member

Group: Members
Posts: 11
Joined: 10-May 11

Posted 16 May 2011 - 02:07 AM

ComboFix 11-05-15.03 - David 05/15/2011 19:50:02.1.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1012.409 [GMT -7:00]
Running from: c:\users\David\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Norton Internet Security Netbook Edition *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security Netbook Edition *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Norton Internet Security Netbook Edition *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Hotspot Shield\HssIE\HsSIe.dll
c:\programdata\SysWoW32
c:\programdata\SysWoW32\mu1122747904v4
c:\programdata\SysWoW32\mu1122747904v4.kwd
c:\programdata\SysWoW32\mu1122747904v5
c:\programdata\SysWoW32\mu1122747904v5.kwd
c:\programdata\SysWoW32\mu1122747904v6
c:\programdata\SysWoW32\mu1122747904v6.kwd
c:\programdata\SysWoW32\mu1122747904v7
c:\programdata\SysWoW32\mu1122747904v7.kwd
c:\programdata\SysWoW32\wu1122747904v0
c:\programdata\SysWoW32\wu1122747904v0.kwd
c:\programdata\SysWoW32\wu1122747904v1
c:\programdata\SysWoW32\wu1122747904v1.kwd
c:\programdata\SysWoW32\wu1122747904v2
c:\programdata\SysWoW32\wu1122747904v2.kwd
c:\programdata\SysWoW32\wu1122747904v3
c:\programdata\SysWoW32\wu1122747904v3.kwd
c:\programdata\unrar.exe
c:\users\David\AppData\Local\Temp\libsqlitejdbc-787835118151023944.lib
c:\users\David\AppData\Local\Temp\swt-gdip-win32-3448.dll
c:\users\David\AppData\Local\Temp\swt-win32-3448.dll
c:\users\David\AppData\Local\Temp\WindowsAPI.dll
c:\users\David\AppData\Roaming\cacaoweb
c:\users\David\AppData\Roaming\cacaoweb\adstorage.db
c:\users\David\AppData\Roaming\cacaoweb\cacaoweb.exe
c:\users\David\AppData\Roaming\cacaoweb\storage.db
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wyyzql57.default\extensions\{0c2001f7-1e1f-4481-93f0-172f5e37d06d}
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wyyzql57.default\extensions\{0c2001f7-1e1f-4481-93f0-172f5e37d06d}\chrome.manifest
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wyyzql57.default\extensions\{0c2001f7-1e1f-4481-93f0-172f5e37d06d}\chrome\xulcache.jar
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wyyzql57.default\extensions\{0c2001f7-1e1f-4481-93f0-172f5e37d06d}\defaults\preferences\xulcache.js
c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wyyzql57.default\extensions\{0c2001f7-1e1f-4481-93f0-172f5e37d06d}\install.rdf
c:\windows\system32\sqlite3.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-04-16 to 2011-05-16 )))))))))))))))))))))))))))))))
.
.
2011-05-16 03:07 . 2011-05-16 03:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-16 02:42 . 2011-05-16 02:45 -------- d-----w- C:\32788R22FWJFW
2011-05-14 01:09 . 2011-05-14 01:09 -------- d-----w- c:\users\David\AppData\Local\{75CE9866-7D51-4E06-B5D7-7A95FEF3331C}
2011-05-14 00:54 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-11 14:17 . 2011-05-11 14:17 -------- d-----w- c:\users\David\AppData\Local\{7F1E1AB9-96CB-4551-ABA9-A7DFF461CE83}
2011-05-11 06:18 . 2011-05-11 06:18 -------- d-----w- c:\users\David\AppData\Local\PackageAware
2011-05-11 01:02 . 2011-05-11 01:03 -------- d-----w- c:\users\David\AppData\Local\{F8755F71-451D-4A65-A936-77FB877A9CF2}
2011-05-11 00:48 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-11 00:48 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 00:47 . 2011-03-29 03:06 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-11 00:47 . 2011-03-29 03:06 284160 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-11 00:47 . 2011-03-29 03:06 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-11 00:47 . 2011-03-29 03:07 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-11 00:47 . 2011-03-29 03:06 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-05-11 00:47 . 2011-03-29 03:06 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-11 00:47 . 2011-03-29 03:06 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-05-09 18:34 . 2011-05-09 18:34 -------- d-----w- c:\users\David\AppData\Local\jagexlauncher
2011-05-07 17:33 . 2011-05-07 17:33 -------- d-----w- c:\users\David\AppData\Local\{CA2EB6E9-CB9C-4FD5-8849-393C692423FD}
2011-05-07 02:55 . 2011-05-07 02:55 -------- d-----w- c:\users\David\AppData\Local\{E6FDFCD6-E20C-4F55-83D4-F1B46D8C8F83}
2011-05-04 18:03 . 2011-05-04 18:03 -------- d-----w- c:\users\David\AppData\Local\{2E470572-9579-4052-9494-2DD549965CE4}
2011-05-02 17:49 . 2011-05-02 17:50 -------- d-----w- c:\users\David\AppData\Local\{86840695-3F73-4B22-AA4B-5C139BFF079A}
2011-05-02 17:08 . 2011-05-03 06:26 -------- d-----w- c:\users\David\AppData\Local\{2EFA383F-3029-4FD3-B92B-2677FE490BBC}
2011-04-30 23:53 . 2011-05-01 22:17 -------- d-----w- c:\users\David\AppData\Local\{5E7824C8-239B-43AA-BAE6-F377E42FB143}
2011-04-30 08:07 . 2011-04-30 08:07 -------- d-----w- c:\users\David\AppData\Local\{66BE47AD-9A52-495B-869A-7F46416DF143}
2011-04-28 17:17 . 2011-04-28 17:17 -------- d-----w- c:\users\David\AppData\Local\{D189B722-4E22-490D-BA05-85A8926AA43F}
2011-04-28 17:04 . 2011-04-28 17:04 -------- d-----w- c:\users\David\AppData\Local\{77FA33D0-EFE2-4910-8F24-6B966F094848}
2011-04-28 05:03 . 2011-04-28 05:04 -------- d-----w- c:\users\David\AppData\Local\{A11E34F3-BC85-4EFC-A308-704538E432A1}
2011-04-27 19:34 . 2011-04-27 19:34 -------- d-----w- c:\windows\Sun
2011-04-27 16:20 . 2011-02-18 05:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-04-27 16:20 . 2011-03-11 05:44 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-04-27 16:20 . 2011-03-11 05:44 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-04-27 16:20 . 2011-03-11 05:44 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-04-27 16:20 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\system32\esent.dll
2011-04-27 16:20 . 2011-03-11 05:44 146304 ----a-w- c:\windows\system32\drivers\storport.sys
2011-04-27 16:20 . 2011-03-11 05:43 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-04-27 16:20 . 2011-03-11 05:43 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-04-27 16:20 . 2011-03-11 05:43 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-04-27 16:20 . 2011-03-11 05:37 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-04-27 16:19 . 2011-03-12 11:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-27 16:19 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\explorer.exe
2011-04-27 05:44 . 2011-04-27 05:44 122880 --sha-r- c:\windows\system32\wmidx5.dll
2011-04-27 03:24 . 2011-04-27 16:04 -------- d-----w- c:\users\David\AppData\Local\{1DF367EE-AF79-43CA-AAA5-6A83ED548909}
2011-04-24 18:12 . 2011-04-25 14:08 -------- d-----w- c:\users\David\AppData\Local\{16234E6B-09EC-4F35-81B6-A898E7DF221B}
2011-04-23 04:02 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{806A385F-C7B4-4E9B-8002-DDD6884A4458}\mpengine.dll
2011-04-19 16:49 . 2011-04-23 13:32 -------- d-----w- c:\users\David\AppData\Local\{79212E52-88F0-4E56-8A3E-289A1A10AD94}
2011-04-18 15:44 . 2011-04-18 15:44 -------- d-----w- c:\users\David\AppData\Local\{C5A35AA2-5B41-4D73-A3CA-37A58BB9C961}
2011-04-17 08:58 . 2011-04-17 21:43 -------- d-----w- c:\users\David\AppData\Local\{4F730B2D-9588-4996-9D42-8838B9A178DF}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-03 07:49 . 2011-04-03 07:49 198656 ----a-w- c:\windows\system32\browcli32.exe
2011-04-01 07:07 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-11 05:40 . 2011-04-14 16:06 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:40 . 2011-04-14 16:06 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-08 05:38 . 2011-04-14 16:06 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 05:29 . 2011-04-14 16:07 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 05:27 . 2011-04-14 16:07 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 03:31 . 2011-04-14 16:07 2331136 ----a-w- c:\windows\system32\win32k.sys
2011-02-24 05:32 . 2011-04-14 16:06 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-23 05:06 . 2011-04-14 16:07 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-23 05:05 . 2011-04-14 16:07 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-23 05:05 . 2011-04-14 16:07 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-02-23 05:05 . 2011-04-14 16:06 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-23 05:05 . 2011-04-14 16:06 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-23 05:05 . 2011-04-14 16:06 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-23 05:05 . 2011-04-14 16:06 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-02-19 05:33 . 2011-03-08 19:10 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 05:32 . 2011-03-08 19:10 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 05:32 . 2011-03-08 19:10 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 05:32 . 2011-04-14 16:07 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-19 03:37 . 2011-04-14 16:07 294912 ----a-w- c:\windows\system32\atmfd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2009-10-29 01:18 661504 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2009-10-29 01:18 661504 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2009-10-29 01:18 661504 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2009-10-29 01:18 661504 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2009-10-29 01:18 661504 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Simplify Media"="c:\program files\HP\HP MediaStream\HPMediaStream.exe" [2009-10-23 21498376]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-16 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-16 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-16 150552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-11-03 1594664]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-10-12 495708]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]
"ZumoDrive"="c:\program files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2010-12-03 2042]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 174592]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-10-02 204288]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
S1 aswSP;aswSP; [x]
S1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys [2009-09-30 17624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\aestsrv.exe [2009-03-02 81920]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\splash.sys\config\DVMExportService.exe [2009-07-09 323584]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-10-15 326704]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [2009-08-24 126392]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1845213330-3832361804-1990838261-1000Core.job
- c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-03 12:55]
.
2011-05-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1845213330-3832361804-1990838261-1000UA.job
- c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-03 12:55]
.
2011-05-15 c:\windows\Tasks\One-Click Tweak.job
- c:\program files\Advanced PC Tweaker\OneClick.exe [2011-04-04 01:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-cacaoweb - c:\users\David\AppData\Roaming\cacaoweb\cacaoweb.exe
AddRemove-Final Fantasy VII - c:\program files\Final Fantasy VII\Uninst.isu
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.0.0.136\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1996)
c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\STacSV.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\InstStub.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-05-15 20:18:54 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-16 03:18
.
Pre-Run: 100,334,157,824 bytes free
Post-Run: 100,724,563,968 bytes free
.
- - End Of File - - 60C49208396D9A719AAD05621955699E

Combofix seemed to work fine.. I followed instructions and turned off my anti virus, but before the process started it said that it still detected my anti virus, but nothing bad happened to the process it seems like. Not sure if this was meant to fix or not, but google is STILL redirecting me to places I do not want to go. What next?

#6 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,456
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 16 May 2011 - 02:27 AM

. I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo

<-- Don't worry every little bit helps.

#7 Ragnorok321

New Member

Group: Members
Posts: 11
Joined: 10-May 11

Posted 16 May 2011 - 09:42 AM

2011/05/16 07:38:52.0507 2988 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/16 07:38:53.0272 2988 ================================================================================
2011/05/16 07:38:53.0272 2988 SystemInfo:
2011/05/16 07:38:53.0272 2988
2011/05/16 07:38:53.0272 2988 OS Version: 6.1.7600 ServicePack: 0.0
2011/05/16 07:38:53.0272 2988 Product type: Workstation
2011/05/16 07:38:53.0272 2988 ComputerName: PC
2011/05/16 07:38:53.0272 2988 UserName: David
2011/05/16 07:38:53.0272 2988 Windows directory: C:\Windows
2011/05/16 07:38:53.0272 2988 System windows directory: C:\Windows
2011/05/16 07:38:53.0272 2988 Processor architecture: Intel x86
2011/05/16 07:38:53.0272 2988 Number of processors: 2
2011/05/16 07:38:53.0272 2988 Page size: 0x1000
2011/05/16 07:38:53.0272 2988 Boot type: Normal boot
2011/05/16 07:38:53.0272 2988 ================================================================================
2011/05/16 07:38:54.0395 2988 Initialize success
2011/05/16 07:39:14.0143 2532 ================================================================================
2011/05/16 07:39:14.0143 2532 Scan started
2011/05/16 07:39:14.0143 2532 Mode: Manual;
2011/05/16 07:39:14.0143 2532 ================================================================================
2011/05/16 07:39:15.0406 2532 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/05/16 07:39:15.0578 2532 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/05/16 07:39:15.0672 2532 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/05/16 07:39:15.0843 2532 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/05/16 07:39:15.0937 2532 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/05/16 07:39:16.0077 2532 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/05/16 07:39:16.0608 2532 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/05/16 07:39:16.0779 2532 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/05/16 07:39:16.0951 2532 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/05/16 07:39:17.0138 2532 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/05/16 07:39:17.0216 2532 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/05/16 07:39:17.0372 2532 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/05/16 07:39:17.0497 2532 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/16 07:39:17.0590 2532 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/05/16 07:39:17.0668 2532 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
2011/05/16 07:39:17.0746 2532 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/05/16 07:39:17.0793 2532 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
2011/05/16 07:39:17.0871 2532 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/05/16 07:39:18.0105 2532 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/05/16 07:39:18.0168 2532 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/05/16 07:39:18.0292 2532 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\Windows\system32\drivers\aswFsBlk.sys
2011/05/16 07:39:18.0511 2532 aswMonFlt (bd9119468c32b7ecd1e0544d3f286a73) C:\Windows\system32\drivers\aswMonFlt.sys
2011/05/16 07:39:18.0636 2532 aswRdr (69823954bbd461a73d69774928c9737e) C:\Windows\system32\drivers\aswRdr.sys
2011/05/16 07:39:18.0714 2532 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\Windows\system32\drivers\aswSP.sys
2011/05/16 07:39:18.0776 2532 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\Windows\system32\drivers\aswTdi.sys
2011/05/16 07:39:18.0854 2532 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/16 07:39:18.0932 2532 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/05/16 07:39:19.0026 2532 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys
2011/05/16 07:39:19.0322 2532 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/05/16 07:39:19.0416 2532 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/05/16 07:39:19.0618 2532 BCM43XX (3508fd340c8b0fbbdb548f174d48762e) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/05/16 07:39:19.0852 2532 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/05/16 07:39:19.0962 2532 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/05/16 07:39:20.0055 2532 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/16 07:39:20.0118 2532 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/05/16 07:39:20.0164 2532 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/05/16 07:39:20.0430 2532 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/05/16 07:39:20.0523 2532 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/16 07:39:20.0601 2532 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/16 07:39:20.0632 2532 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/05/16 07:39:20.0679 2532 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/16 07:39:21.0022 2532 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/16 07:39:21.0116 2532 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/16 07:39:21.0178 2532 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/16 07:39:21.0241 2532 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/05/16 07:39:21.0350 2532 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/16 07:39:21.0412 2532 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/05/16 07:39:21.0490 2532 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/05/16 07:39:21.0584 2532 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/16 07:39:21.0646 2532 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/05/16 07:39:21.0740 2532 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/05/16 07:39:21.0865 2532 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/05/16 07:39:21.0958 2532 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/05/16 07:39:22.0052 2532 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/05/16 07:39:22.0146 2532 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/05/16 07:39:22.0302 2532 DVMIO (8cf55015b2a443ee869c90cab31fd435) C:\SPLASH.SYS\config\dvmio.sys
2011/05/16 07:39:22.0520 2532 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/16 07:39:22.0738 2532 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/05/16 07:39:23.0019 2532 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/05/16 07:39:23.0082 2532 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/05/16 07:39:23.0191 2532 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/05/16 07:39:23.0238 2532 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/05/16 07:39:23.0300 2532 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/16 07:39:23.0394 2532 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/05/16 07:39:23.0440 2532 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/05/16 07:39:23.0503 2532 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/16 07:39:23.0581 2532 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/05/16 07:39:23.0643 2532 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/05/16 07:39:23.0706 2532 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/16 07:39:23.0784 2532 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/16 07:39:23.0862 2532 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/05/16 07:39:23.0940 2532 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/16 07:39:24.0033 2532 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/16 07:39:24.0096 2532 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/05/16 07:39:24.0174 2532 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/16 07:39:24.0330 2532 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/05/16 07:39:24.0501 2532 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/16 07:39:24.0595 2532 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/16 07:39:24.0704 2532 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/16 07:39:24.0938 2532 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/05/16 07:39:25.0032 2532 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/05/16 07:39:25.0110 2532 HssDrv (4f28652ec514fa1ba473bc1a695a5c98) C:\Windows\system32\DRIVERS\HssDrv.sys
2011/05/16 07:39:25.0328 2532 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/05/16 07:39:25.0375 2532 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/16 07:39:25.0453 2532 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/16 07:39:25.0593 2532 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys
2011/05/16 07:39:25.0671 2532 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
2011/05/16 07:39:25.0921 2532 igfx (81f7c715528ab621c6af58869d4b07b9) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/05/16 07:39:26.0186 2532 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/05/16 07:39:26.0295 2532 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/05/16 07:39:26.0389 2532 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/16 07:39:26.0482 2532 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/16 07:39:26.0545 2532 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/05/16 07:39:26.0623 2532 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/05/16 07:39:26.0701 2532 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/05/16 07:39:26.0763 2532 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/05/16 07:39:26.0826 2532 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/16 07:39:26.0904 2532 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/16 07:39:26.0982 2532 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/16 07:39:27.0044 2532 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/16 07:39:27.0122 2532 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/16 07:39:27.0247 2532 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/16 07:39:27.0372 2532 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/05/16 07:39:27.0450 2532 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/05/16 07:39:27.0481 2532 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/05/16 07:39:27.0543 2532 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/05/16 07:39:27.0621 2532 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/05/16 07:39:27.0684 2532 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/05/16 07:39:27.0762 2532 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/05/16 07:39:27.0840 2532 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/05/16 07:39:27.0886 2532 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/16 07:39:27.0964 2532 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/16 07:39:28.0027 2532 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/16 07:39:28.0089 2532 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/05/16 07:39:28.0152 2532 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/05/16 07:39:28.0261 2532 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/16 07:39:28.0354 2532 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/05/16 07:39:28.0495 2532 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/16 07:39:28.0557 2532 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/16 07:39:28.0620 2532 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/16 07:39:28.0682 2532 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/05/16 07:39:28.0729 2532 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/05/16 07:39:28.0838 2532 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/05/16 07:39:28.0885 2532 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/16 07:39:28.0947 2532 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/05/16 07:39:29.0025 2532 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/16 07:39:29.0072 2532 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/16 07:39:29.0134 2532 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/05/16 07:39:29.0197 2532 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/05/16 07:39:29.0275 2532 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/16 07:39:29.0322 2532 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/05/16 07:39:29.0384 2532 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/05/16 07:39:29.0431 2532 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/05/16 07:39:29.0509 2532 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/16 07:39:29.0899 2532 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/05/16 07:39:29.0961 2532 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/16 07:39:30.0039 2532 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/16 07:39:30.0086 2532 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/16 07:39:30.0148 2532 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/16 07:39:30.0195 2532 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/05/16 07:39:30.0336 2532 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/16 07:39:30.0414 2532 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/16 07:39:30.0663 2532 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
2011/05/16 07:39:30.0866 2532 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/05/16 07:39:30.0944 2532 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/05/16 07:39:31.0006 2532 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/16 07:39:31.0131 2532 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
2011/05/16 07:39:31.0209 2532 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/05/16 07:39:31.0287 2532 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
2011/05/16 07:39:31.0350 2532 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
2011/05/16 07:39:31.0428 2532 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/05/16 07:39:31.0506 2532 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/16 07:39:31.0630 2532 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/05/16 07:39:31.0693 2532 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/05/16 07:39:31.0755 2532 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/05/16 07:39:31.0833 2532 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/05/16 07:39:31.0896 2532 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/05/16 07:39:31.0958 2532 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/16 07:39:32.0020 2532 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/05/16 07:39:32.0083 2532 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/05/16 07:39:32.0348 2532 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/16 07:39:32.0442 2532 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/05/16 07:39:32.0566 2532 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/16 07:39:32.0660 2532 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/05/16 07:39:32.0769 2532 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/05/16 07:39:32.0847 2532 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/16 07:39:32.0894 2532 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/16 07:39:32.0972 2532 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/16 07:39:33.0050 2532 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/16 07:39:33.0112 2532 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/16 07:39:33.0159 2532 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/16 07:39:33.0222 2532 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/16 07:39:33.0284 2532 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/05/16 07:39:33.0346 2532 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/16 07:39:33.0409 2532 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/16 07:39:33.0487 2532 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/16 07:39:33.0565 2532 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/05/16 07:39:33.0643 2532 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/05/16 07:39:33.0768 2532 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/16 07:39:33.0877 2532 RSUSBSTOR (f9541f3b59da30423f2f76ef443c07fc) C:\Windows\system32\Drivers\RtsUStor.sys
2011/05/16 07:39:33.0924 2532 RTL8167 (c5a68c5ec01fd6f03396dd154b48db56) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/05/16 07:39:34.0017 2532 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/05/16 07:39:34.0080 2532 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/16 07:39:34.0173 2532 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
2011/05/16 07:39:34.0251 2532 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/16 07:39:34.0360 2532 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/16 07:39:34.0438 2532 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/05/16 07:39:34.0501 2532 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/05/16 07:39:34.0626 2532 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/05/16 07:39:34.0688 2532 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/05/16 07:39:34.0750 2532 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/05/16 07:39:34.0797 2532 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/16 07:39:34.0906 2532 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/05/16 07:39:34.0969 2532 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/05/16 07:39:35.0031 2532 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/05/16 07:39:35.0094 2532 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/05/16 07:39:35.0187 2532 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/05/16 07:39:35.0359 2532 SRTSP (00f20cf8956b22c392aaae949d84c3e8) C:\Windows\system32\drivers\NIS\1100000.088\SRTSP.SYS
2011/05/16 07:39:35.0406 2532 SRTSPX (bc2d2c9e48d14d3d19f1dbd47bf5b203) C:\Windows\system32\drivers\NIS\1100000.088\SRTSPX.SYS
2011/05/16 07:39:35.0484 2532 srv (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys
2011/05/16 07:39:35.0546 2532 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/16 07:39:35.0624 2532 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/05/16 07:39:35.0702 2532 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/05/16 07:39:35.0796 2532 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/05/16 07:39:35.0858 2532 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/16 07:39:35.0952 2532 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys
2011/05/16 07:39:35.0999 2532 sscdmdfl (8a1be0c347814f482f493aea619d57f6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
2011/05/16 07:39:36.0061 2532 sscdmdm (5ab0b1987f682a59b15b78f84c6ad7d0) C:\Windows\system32\DRIVERS\sscdmdm.sys
2011/05/16 07:39:36.0108 2532 sscdserd (751e66eb32efa80633b80f5d7ff0a1d8) C:\Windows\system32\DRIVERS\sscdserd.sys
2011/05/16 07:39:36.0233 2532 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/05/16 07:39:36.0311 2532 STHDA (96cb9fd21207af4456d37957441f6001) C:\Windows\system32\DRIVERS\stwrt.sys
2011/05/16 07:39:36.0373 2532 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/16 07:39:36.0545 2532 SynTP (c6e720d3f5fb8290d01acfb63e14b606) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/16 07:39:36.0654 2532 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
2011/05/16 07:39:36.0779 2532 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/05/16 07:39:36.0935 2532 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/16 07:39:37.0028 2532 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/16 07:39:37.0091 2532 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/05/16 07:39:37.0153 2532 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/05/16 07:39:37.0215 2532 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/16 07:39:37.0278 2532 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/16 07:39:37.0434 2532 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/16 07:39:37.0496 2532 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/16 07:39:37.0559 2532 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/05/16 07:39:37.0621 2532 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/16 07:39:37.0730 2532 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/05/16 07:39:37.0808 2532 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/16 07:39:37.0886 2532 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/16 07:39:37.0964 2532 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2011/05/16 07:39:38.0027 2532 usbccgp (5c233aefb566ee78c1efbc0493fb066a) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/16 07:39:38.0089 2532 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/05/16 07:39:38.0167 2532 usbehci (5b71019a6aca0116fd21b368f19c0b91) C:\Windows\system32\drivers\usbehci.sys
2011/05/16 07:39:38.0229 2532 usbhub (5823d3965c2a4f6f785ed1a3b403f3b8) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/16 07:39:38.0292 2532 usbohci (e753ed6c49da13967ebabf9ea616454a) C:\Windows\system32\drivers\usbohci.sys
2011/05/16 07:39:38.0354 2532 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/16 07:39:38.0432 2532 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/16 07:39:38.0510 2532 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\drivers\USBSTOR.SYS
2011/05/16 07:39:38.0573 2532 usbuhci (6a30928a469ce802600e1ea8c0f2f53f) C:\Windows\system32\drivers\usbuhci.sys
2011/05/16 07:39:38.0635 2532 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
2011/05/16 07:39:38.0744 2532 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/05/16 07:39:38.0822 2532 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/16 07:39:38.0885 2532 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/05/16 07:39:38.0947 2532 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/05/16 07:39:39.0009 2532 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/05/16 07:39:39.0087 2532 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/05/16 07:39:39.0150 2532 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/05/16 07:39:39.0228 2532 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/05/16 07:39:39.0290 2532 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/05/16 07:39:39.0384 2532 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/05/16 07:39:39.0477 2532 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/05/16 07:39:39.0555 2532 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/05/16 07:39:39.0618 2532 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/05/16 07:39:39.0711 2532 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/05/16 07:39:39.0774 2532 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/16 07:39:39.0805 2532 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/16 07:39:39.0945 2532 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/05/16 07:39:40.0008 2532 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/16 07:39:40.0164 2532 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/16 07:39:40.0211 2532 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/05/16 07:39:40.0491 2532 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/05/16 07:39:40.0585 2532 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/16 07:39:40.0725 2532 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/16 07:39:40.0850 2532 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/05/16 07:39:40.0928 2532 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/16 07:39:41.0053 2532 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
2011/05/16 07:39:41.0178 2532 ================================================================================
2011/05/16 07:39:41.0178 2532 Scan finished
2011/05/16 07:39:41.0178 2532 ================================================================================

when the scan finished, it said that no infections were found.. but google is still redirecting me.. is there something else wrong?

#8 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,456
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 16 May 2011 - 11:42 AM

we are going to check the router

Create and Run Batch File

Notepad

@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0

router.bat

Save type as - All Files

Desktop

router.bat

gringo

<-- Don't worry every little bit helps.

#9 Ragnorok321

New Member

Group: Members
Posts: 11
Joined: 10-May 11

Posted 16 May 2011 - 07:01 PM

Windows IP Configuration

Host Name . . . . . . . . . . . . : PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Ethernet adapter Local Area Connection* 16:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Anchorfree HSS Adapter
Physical Address. . . . . . . . . : 00-FF-17-79-F8-57
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Broadcom 802.11b/g WLAN
Physical Address. . . . . . . . . : F0-7B-CB-29-DC-D1
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::88ae:98c5:4c9:6078%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.66(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, May 16, 2011 4:58:33 PM
Lease Expires . . . . . . . . . . : Tuesday, May 17, 2011 4:58:35 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 334527435
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-3C-DB-24-C8-0A-A9-6F-D2-75
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{1779F857-0CBD-4218-9F59-7A7936708F49}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.gateway.2wire.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 18:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:2c0c:3776:9e8e:44fa(Preferred)
Link-local IPv6 Address . . . . . : fe80::2c0c:3776:9e8e:44fa%22(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: homeportal
Address: 192.168.0.1

Name: google.com
Addresses: 74.125.53.104
74.125.53.105
74.125.53.106
74.125.53.147
74.125.53.99
74.125.53.103

Server: homeportal
Address: 192.168.0.1

Name: yahoo.com
Addresses: 69.147.125.65
72.30.2.43
98.137.149.56
209.191.122.70
67.195.160.76

Pinging google.com [74.125.53.103] with 32 bytes of data:
Reply from 74.125.53.103: bytes=32 time=53ms TTL=54
Reply from 74.125.53.103: bytes=32 time=53ms TTL=54

Ping statistics for 74.125.53.103:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 53ms, Maximum = 53ms, Average = 53ms

Pinging yahoo.com [67.195.160.76] with 32 bytes of data:
Reply from 67.195.160.76: bytes=32 time=127ms TTL=54
Reply from 67.195.160.76: bytes=32 time=129ms TTL=54

Ping statistics for 67.195.160.76:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 127ms, Maximum = 129ms, Average = 128ms
===========================================================================
Interface List
19...00 ff 17 79 f8 57 ......Anchorfree HSS Adapter
13...f0 7b cb 29 dc d1 ......Broadcom 802.11b/g WLAN
1...........................Software Loopback Interface 1
24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
22...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.66 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.66 281
192.168.0.66 255.255.255.255 On-link 192.168.0.66 281
192.168.0.255 255.255.255.255 On-link 192.168.0.66 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.66 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.66 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
22 58 ::/0 On-link
1 306 ::1/128 On-link
22 58 2001::/32 On-link
22 306 2001:0:4137:9e76:2c0c:3776:9e8e:44fa/128
On-link
13 281 fe80::/64 On-link
22 306 fe80::/64 On-link
22 306 fe80::2c0c:3776:9e8e:44fa/128
On-link
13 281 fe80::88ae:98c5:4c9:6078/128
On-link
1 306 ff00::/8 On-link
22 306 ff00::/8 On-link
13 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

#10 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,456
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 16 May 2011 - 07:54 PM

Resetting Router

Let’s try to reset the router to its default configuration.

This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
If you don’t know the router's default password, you can look it up. Here
You also need to reconfigure any security settings you had in place prior to the reset.
You may also need to consult with your Internet service provider to find out which DNS servers your network should be using or you can use OpenDNS

Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.

flush the DNS:

Now lets flush the DNS on the computer:

click on Start
select run
enter cmd and hit enter
a black window will open.
please enter the following text into that window and hit enter:

Now lets check the router again

Create and Run Batch File

Notepad

@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0

router.bat

Save type as - All Files

Desktop

router.bat

gringo

<-- Don't worry every little bit helps.

#11 Ragnorok321

New Member

Group: Members
Posts: 11
Joined: 10-May 11

Posted 18 May 2011 - 07:24 PM

I reset my router using the button on the back of it. Then I opened my web browsers, and it set up my router again... so I after that I just flushed the DNS. I couldn't change my password, because they want ASCII or Hexadecimal passwords... I don't know what any of that is, so any help there would be appreciated. (I have a 2wire router on qwest high speed internet).

Anyway, after I flushed the DNS I did the router.bat thing and got this

Windows IP Configuration

Host Name . . . . . . . . . . . . : PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Ethernet adapter Local Area Connection* 16:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Anchorfree HSS Adapter
Physical Address. . . . . . . . . : 00-FF-17-79-F8-57
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Broadcom 802.11b/g WLAN
Physical Address. . . . . . . . . : F0-7B-CB-29-DC-D1
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::88ae:98c5:4c9:6078%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.66(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, May 18, 2011 4:38:41 PM
Lease Expires . . . . . . . . . . : Thursday, May 19, 2011 4:46:30 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 334527435
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-3C-DB-24-C8-0A-A9-6F-D2-75
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{1779F857-0CBD-4218-9F59-7A7936708F49}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.gateway.2wire.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 18:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:28af:2ff7:3f57:ffbd(Preferred)
Link-local IPv6 Address . . . . . : fe80::28af:2ff7:3f57:ffbd%22(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: homeportal
Address: 192.168.0.1

Name: google.com
Addresses: 74.125.53.105
74.125.53.106
74.125.53.147
74.125.53.99
74.125.53.103
74.125.53.104

Server: homeportal
Address: 192.168.0.1

Name: yahoo.com
Addresses: 209.191.122.70
67.195.160.76
69.147.125.65
72.30.2.43
98.137.149.56

Pinging google.com [74.125.53.99] with 32 bytes of data:
Reply from 74.125.53.99: bytes=32 time=55ms TTL=54
Reply from 74.125.53.99: bytes=32 time=54ms TTL=54

Ping statistics for 74.125.53.99:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 54ms, Maximum = 55ms, Average = 54ms

Pinging yahoo.com [98.137.149.56] with 32 bytes of data:
Reply from 98.137.149.56: bytes=32 time=69ms TTL=54
Reply from 98.137.149.56: bytes=32 time=67ms TTL=54

Ping statistics for 98.137.149.56:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 67ms, Maximum = 69ms, Average = 68ms
===========================================================================
Interface List
19...00 ff 17 79 f8 57 ......Anchorfree HSS Adapter
13...f0 7b cb 29 dc d1 ......Broadcom 802.11b/g WLAN
1...........................Software Loopback Interface 1
24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
22...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.66 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.66 281
192.168.0.66 255.255.255.255 On-link 192.168.0.66 281
192.168.0.255 255.255.255.255 On-link 192.168.0.66 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.66 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.66 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
22 58 ::/0 On-link
1 306 ::1/128 On-link
22 58 2001::/32 On-link
22 306 2001:0:4137:9e76:28af:2ff7:3f57:ffbd/128
On-link
13 281 fe80::/64 On-link
22 306 fe80::/64 On-link
22 306 fe80::28af:2ff7:3f57:ffbd/128
On-link
13 281 fe80::88ae:98c5:4c9:6078/128
On-link
1 306 ff00::/8 On-link
22 306 ff00::/8 On-link
13 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

#12 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,456
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 18 May 2011 - 08:39 PM

are you still being redirected?

gringo

<-- Don't worry every little bit helps.

#13 Ragnorok321

New Member

Group: Members
Posts: 11
Joined: 10-May 11

Posted 18 May 2011 - 11:05 PM

I just tried, and I think I'm still being redirected, but I click a different search result, it is saying "http://www.goingonearth.com/search.php?q=facebook%2Binformation&n=1305777567 might be temporarily down or may have permanently moved to a new web address."

#14 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,456
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 19 May 2011 - 12:38 AM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

File::
c:\windows\system32\wmidx5.dll
c:\windows\system32\browcli32.exe

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

In your next post I need the following

report from Combofix
let me know of any problems you may have had
How is the computer doing now after running the script?

Gringo

<-- Don't worry every little bit helps.

#15 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,456
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 22 May 2011 - 02:58 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

do you still need help with this?
do you need more time?
are you having problems following my instructions?
if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

<-- Don't worry every little bit helps.