BleepingComputer.com: Browser Redirect Problem

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 4 Pages +
  • 1
  • 2
  • 3
  • Last »
  • You cannot start a new topic
  • This topic is locked

Browser Redirect Problem Both IE and Firefox exhibit random redirects from Bing

#1 User is offline   Brawgates 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 93
  • Joined: 26-September 09
  • Gender:Male
  • Location:Scotland

Posted 22 November 2011 - 08:17 AM

I run XP Professional SP2 with MS Firewall and Avira AntiVir Personal - Free Antivirus 10.2.0.704.

For the past week I've experienced random redirects from Bing when using either Firefox 1.9.2.4324 or IE 8.0.6001.18702. The redirects take the system to what appear to be genuine commercial websites. Back and a retry of the Bing search results usually takes me to the correct website, though occasionally attempts at Back are met with a popup asking "Are you sure you want to navigate away from this page . .".

Suspecting an intruder, I've run the latest versions of Avira, MBAM, Spybot, SAS and Ad-Aware. Together, these unearthed a very large number of Tracker Cookies but no other Malware. Active Avira, meanwhile has on four occasions detected and quarantined HTML/Infected.WebPage.Gen2 - the latest as I type!

Your assistance in finding and removing this irritating gremlin would be greeted with a resounding cheer! :clapping:

DDS.txt in line below. Attach.txt and ARK.txt attached.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by BCWork at 16:38:15 on 2011-11-22
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.164 [GMT 0:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\CTFMON.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{8E0E0E42-A93E-4E1E-9BF5-68F530998DC9} : DhcpNameServer = 192.168.1.254
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bcwork\application data\mozilla\firefox\profiles\1yqjv1s9.default\
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\nokia\nokia pc suite 7\bkmrksync
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-11-21 64512]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-5-12 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-5-12 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-5-12 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-5-12 66616]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-11-3 2152152]
R3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [2011-2-17 90192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 cpuz132;cpuz132;\??\c:\docume~1\peter\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\peter\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-11-3 15232]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
.
=============== Created Last 30 ================
.
2011-11-22 16:34:06 -------- d-----w- c:\documents and settings\bcwork\local settings\application data\Mozilla
2011-11-22 16:30:17 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-11-21 23:30:42 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-11-21 23:30:05 -------- d-----w- c:\program files\Lavasoft
2011-11-19 22:05:55 -------- d-----w- c:\windows\ie8updates
2011-11-19 21:57:52 -------- dc-h--w- c:\windows\ie8
2011-11-19 21:52:25 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-11-19 21:52:22 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-11-19 21:52:21 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-11-17 18:09:10 -------- d-----w- c:\program files\CCleaner
2011-11-07 01:22:04 2207744 ----a-w- c:\windows\system32\HomePlanet.scr
2011-11-02 09:34:31 -------- d-----w- c:\windows\system32\LogFiles
.
==================== Find3M ====================
.
2011-11-21 23:38:17 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-08-31 16:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 16:39:58.19 ===============

Attached File(s)

  • Attached File  attach.txt (13.42K)
    Number of downloads: 2
  • Attached File  ARK.txt (2.45K)
    Number of downloads: 1

This post has been edited by Brawgates: 22 November 2011 - 02:32 PM

#2 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,515
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 26 November 2011 - 09:48 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK

    Do not re-enable these drivers until otherwise instructed.


Download DDS:

    Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt

    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply


Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

"just click on Cancel, then Accept".

information and logs:

    In your next post I need the following

    • .logs from DDS
    • log from RKUnHooker
    • let me know of any problems you may have had


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#3 User is offline   Brawgates 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 93
  • Joined: 26-September 09
  • Gender:Male
  • Location:Scotland

Posted 28 November 2011 - 11:35 AM

Good afternoon to you, Gringo.

I'm delighted to receive your kind offer of assistance.

Inline below are the results of the prodecures you requested.

DeFogger:

Downloaded to desktop. Ran successfully, leaving CD Emulation drivers disabled.

DDS:

Downloaded from Link1 to desktop. Ran successfully producing logs below:-
Start of dds.txt
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by BCWork at 12:42:54 on 2011-11-28
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.213 [GMT 0:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office\Winword.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{8E0E0E42-A93E-4E1E-9BF5-68F530998DC9} : DhcpNameServer = 192.168.1.254
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bcwork\application data\mozilla\firefox\profiles\1yqjv1s9.default\
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\nokia\nokia pc suite 7\bkmrksync
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-11-21 64512]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-5-12 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-5-12 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-5-12 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-5-12 66616]
R3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [2011-2-17 90192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 cpuz132;cpuz132;\??\c:\docume~1\peter\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\peter\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-11-3 2152152]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-11-3 15232]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
.
=============== Created Last 30 ================
.
2011-11-22 19:34:44 -------- d-sh--w- c:\documents and settings\bcwork\PrivacIE
2011-11-22 16:34:06 -------- d-----w- c:\documents and settings\bcwork\local settings\application data\Mozilla
2011-11-22 16:30:17 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-11-21 23:30:42 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-11-21 23:30:05 -------- d-----w- c:\program files\Lavasoft
2011-11-19 22:05:55 -------- d-----w- c:\windows\ie8updates
2011-11-19 21:57:52 -------- dc-h--w- c:\windows\ie8
2011-11-19 21:52:25 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-11-19 21:52:22 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-11-19 21:52:21 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-11-17 18:09:10 -------- d-----w- c:\program files\CCleaner
2011-11-07 01:22:04 2207744 ----a-w- c:\windows\system32\HomePlanet.scr
2011-11-02 09:34:31 -------- d-----w- c:\windows\system32\LogFiles
.
==================== Find3M ====================
.
2011-11-21 23:38:17 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-08-31 16:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 12:43:32.36 ===============

Start of attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/05/2010 01:15:08
System Uptime: 28/11/2011 09:45:36 (3 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | WMT-LX
Processor: Intel® Pentium® 4 CPU 1300MHz | PGA 423 | 1296/100mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 22.01 GiB free.
D: is FIXED (NTFS) - 59 GiB total, 27.957 GiB free.
E: is FIXED (NTFS) - 56 GiB total, 45.169 GiB free.
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Video Controller
Device ID: PCI\VEN_1050&DEV_9921&SUBSYS_00000000&REV_03\4&11CD5334&0&48F0
Manufacturer:
Name: Multimedia Video Controller
PNP Device ID: PCI\VEN_1050&DEV_9921&SUBSYS_00000000&REV_03\4&11CD5334&0&48F0
Service:
.
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&3A2C8C4B&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&3A2C8C4B&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP479: 30/09/2011 09:23:25 - System Checkpoint
RP480: 02/10/2011 20:55:02 - System Checkpoint
RP481: 03/10/2011 20:58:33 - System Checkpoint
RP482: 04/10/2011 21:54:24 - System Checkpoint
RP483: 05/10/2011 22:19:00 - System Checkpoint
RP484: 06/10/2011 23:00:55 - System Checkpoint
RP485: 08/10/2011 10:17:12 - System Checkpoint
RP486: 09/10/2011 10:31:52 - System Checkpoint
RP487: 10/10/2011 11:25:41 - System Checkpoint
RP488: 11/10/2011 13:50:45 - System Checkpoint
RP489: 12/10/2011 14:15:28 - System Checkpoint
RP490: 13/10/2011 14:29:01 - System Checkpoint
RP491: 14/10/2011 14:58:54 - System Checkpoint
RP492: 15/10/2011 15:13:12 - System Checkpoint
RP493: 16/10/2011 16:11:33 - System Checkpoint
RP494: 17/10/2011 16:24:20 - System Checkpoint
RP495: 18/10/2011 16:38:00 - System Checkpoint
RP496: 19/10/2011 18:06:55 - System Checkpoint
RP497: 20/10/2011 18:52:48 - System Checkpoint
RP498: 21/10/2011 20:14:04 - System Checkpoint
RP499: 23/10/2011 10:00:33 - System Checkpoint
RP500: 24/10/2011 11:09:27 - System Checkpoint
RP501: 25/10/2011 12:44:06 - System Checkpoint
RP502: 26/10/2011 12:51:19 - System Checkpoint
RP503: 27/10/2011 14:38:42 - System Checkpoint
RP504: 28/10/2011 15:01:19 - System Checkpoint
RP505: 29/10/2011 15:41:56 - System Checkpoint
RP506: 30/10/2011 14:43:47 - System Checkpoint
RP507: 31/10/2011 15:23:01 - System Checkpoint
RP508: 01/11/2011 16:00:10 - System Checkpoint
RP509: 02/11/2011 16:13:31 - System Checkpoint
RP510: 03/11/2011 16:55:27 - System Checkpoint
RP511: 04/11/2011 17:22:43 - System Checkpoint
RP512: 05/11/2011 17:53:03 - System Checkpoint
RP513: 06/11/2011 18:02:16 - System Checkpoint
RP514: 07/11/2011 18:53:18 - System Checkpoint
RP515: 08/11/2011 22:22:43 - System Checkpoint
RP516: 10/11/2011 11:48:19 - System Checkpoint
RP517: 11/11/2011 13:21:17 - System Checkpoint
RP518: 12/11/2011 13:38:33 - System Checkpoint
RP519: 13/11/2011 18:37:01 - System Checkpoint
RP520: 14/11/2011 19:04:21 - System Checkpoint
RP521: 15/11/2011 20:36:47 - System Checkpoint
RP522: 16/11/2011 21:41:36 - System Checkpoint
RP523: 17/11/2011 22:12:07 - System Checkpoint
RP524: 18/11/2011 01:14:35 - Software Distribution Service 3.0
RP525: 19/11/2011 10:59:40 - System Checkpoint
RP526: 19/11/2011 19:15:42 - Installed Windows XP KB915865.
RP527: 19/11/2011 19:17:05 - Installed Windows NLSDownlevelMapping.
RP528: 19/11/2011 19:17:56 - Installed Windows IDNMitigationAPIs.
RP529: 19/11/2011 19:18:33 - Installed Windows Internet Explorer 7.
RP530: 19/11/2011 22:00:54 - Installed Windows Internet Explorer 8.
RP531: 19/11/2011 22:03:46 - Software Distribution Service 3.0
RP532: 20/11/2011 22:51:34 - System Checkpoint
RP533: 21/11/2011 23:26:25 - Installed Ad-Aware
RP534: 21/11/2011 23:29:57 - Installed Ad-Aware
RP535: 22/11/2011 23:59:43 - System Checkpoint
RP536: 24/11/2011 07:41:34 - System Checkpoint
RP537: 26/11/2011 14:51:36 - System Checkpoint
RP538: 28/11/2011 10:38:26 - System Checkpoint
.
==== Installed Programs ======================
.
Ad-Aware
Adobe Acrobat 3.01
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.6
Anquet Maps v06
Avira AntiVir Personal - Free Antivirus
BT Broadband Desktop Help
BTHomeHub
Cable-Mate 3.7
Camera RAW Plug-In for EPSON Creativity Suite
CCleaner
EPSON Attach To Email
EPSON Easy Photo Print
EPSON File Manager
EPSON Print CD
EPSON Printer Software
EPSON Scan Assistant
ESPR265_270 User's Guide
GoToAssist Corporate
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Java Auto Updater
Java™ 6 Update 20
KeyCAD Deluxe 3.0
Lotus SmartSuite - English
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 97, Professional Edition
Microsoft Project 98
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.24)
Mozilla Thunderbird (3.1.7)
MSVC80_x86_v2
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia Software Updater
PC Connectivity Solution
QuickTime 3.0
QuickTime for Windows (32-bit)
REALTEK GbE & FE Ethernet PCI NIC Driver
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981350)
Spybot - Search & Destroy
SUPERAntiSpyware
The DVD-ROM Guide to All the Birds of Europe
Total Recorder 8.0
TurboCAD Deluxe 17
TurboCAD Symbols
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.8)
Windows Driver Package - Nokia Modem (10/07/2010 4.6)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
.
==== Event Viewer Messages From Past Week ========
.
22/11/2011 16:59:07, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
21/11/2011 01:15:33, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ServiceLayer service to connect.
21/11/2011 01:15:33, error: Service Control Manager [7000] - The ServiceLayer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
21/11/2011 01:15:33, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service ServiceLayer with arguments "" in order to run the server: {ACF50018-41F8-476D-85FD-CD953DAE4A49}
21/11/2011 00:57:41, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
.
==== End Of File ===========================

RKUnHooker:

Downloaded to desktop. Ran Scan successfully within Report with only Drivers and Stealth checked. Log below.

Start of log from RKUnHooker:

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #1
==============================================
>Drivers
==============================================
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 4276224 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 56.73 )
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2181376 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2181376 bytes
0x804D7000 RAW 2181376 bytes
0x804D7000 WMIxWDM 2181376 bytes
0xF7B52000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 1900544 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73 )
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF7984000 C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys 1044480 bytes (Conexant Systems, Inc., HSF_DP driver)
0xF78DC000 C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys 688128 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF83A3000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF64EC000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF77A5000 C:\WINDOWS\system32\DRIVERS\update.sys 364544 bytes (Microsoft Corporation, Update Driver)
0xF65F2000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xF47B2000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xF4116000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF7A83000 C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys 221184 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0xF77FE000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 200704 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF84E7000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF8376000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF48D1000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 180224 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF2947000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF655B000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF65CA000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF6425000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 159744 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0xF8491000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF7AFA000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF34DE000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 143360 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF7AD7000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF78A5000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF65A8000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF6586000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0xF6404000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0xF8459000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7B1E000 C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 131072 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )
0xF84B7000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF7AB9000 C:\WINDOWS\system32\drivers\TotRec8.sys 122880 bytes (High Criteria inc., Total Recorder WDM audio filter driver (Professional Edition))
0xF835B000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF8479000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF63C4000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF5305000 C:\WINDOWS\system32\DRIVERS\nbf.sys 98304 bytes (Microsoft Corporation, NetBEUI Frames Protocol Driver)
0xF536D000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 94208 bytes (Avira GmbH, Avira Minifilter Driver)
0xF8430000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF7868000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF451D000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF78C8000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF7B3E000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0x806EC000 ACPI_HAL 81280 bytes
0x806EC000 C:\WINDOWS\system32\hal.dll 81280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF664A000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF8447000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF84D6000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF7857000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF8786000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF85E6000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF7D32000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF8716000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF7D42000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF85A6000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0xF8546000 ohci1394.sys 61440 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF8616000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF4891000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF8686000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF8556000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 53248 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF8606000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF8596000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7D22000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF8626000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF8576000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF8646000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF85B6000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF85F6000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF8566000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF8636000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7D52000 C:\WINDOWS\system32\drivers\es1371mp.sys 40960 bytes (Creative Technology Ltd., ENSONIQ AudioPCI 97 WDM Audio Miniport)
0xF8696000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF8676000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF34BE000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF8586000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF86E6000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF8746000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF8536000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF8656000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF86D6000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF7D62000 C:\WINDOWS\system32\DRIVERS\processr.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF8706000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF8846000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF88B6000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF884E000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF889E000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF87FE000 C:\DOCUME~1\BCWork\LOCALS~1\Temp\mbr.sys 28672 bytes
0xF87B6000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF8856000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF885E000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF88C6000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xF88BE000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xF88A6000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF888E000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF88AE000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF87BE000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF887E000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF8886000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF886E000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF8866000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 20480 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF88F6000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF8A02000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF89CE000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xF8337000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF53A8000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF8A0E000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF8946000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF7795000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF89CA000 C:\WINDOWS\system32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)
0xF89FE000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF5229000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF8A1A000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF89DE000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF8A78000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xF8A70000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF8A3C000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF8A92000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF8A6E000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF8A3A000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF8A36000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF8A72000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF8A6C000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF8A7A000 C:\WINDOWS\system32\drivers\pmemnt.sys 8192 bytes (Microsoft Corporation, Physical Memory Driver)
0xF8A74000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF8A64000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF8A66000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF8A38000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF8B5F000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF8BF1000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF8C75000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
==============================================
>Stealth
==============================================

End of log from RKUnHooker:

The Report tab log of RKUnHooker included the words "Nothing detected :(" in the Stealth section. But these did not appear in the log saved to the desktop.

Since my origninal post, I have encountered one addition Malware event. Avira spotted and quarantined EXP/Pidief.aik.1 within c:\D&S\%user%\L S\T\plugtemp-27\.

Kind regards


Brawgates

#4 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,515
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 28 November 2011 - 11:39 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

    In your next post I need the following

  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#5 User is offline   Brawgates 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 93
  • Joined: 26-September 09
  • Gender:Male
  • Location:Scotland

Posted 28 November 2011 - 01:56 PM

Gringo

Thanks for your very quick response.

I've now downloaded Combofix to the desktop and run it to a successful conclusion. I was not asked to reboot during the Combofix run, and have not rebooted since.

Start of Combofix log
ComboFix 11-11-28.02 - BCWork 28/11/2011 17:44:12.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.337 [GMT 0:00]
Running from: c:\documents and settings\BCWork\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Admin\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Start Menu\Programs\AntiMalware
c:\documents and settings\All Users\Start Menu\Programs\AntiMalware\Avira\AntiVir Desktop\AntiVir Help.lnk
c:\documents and settings\All Users\Start Menu\Programs\AntiMalware\Avira\AntiVir Desktop\AntiVir on the Internet.lnk
c:\documents and settings\All Users\Start Menu\Programs\AntiMalware\Avira\AntiVir Desktop\Display readme.lnk
c:\documents and settings\All Users\Start Menu\Programs\AntiMalware\Avira\AntiVir Desktop\Start AntiVir.lnk
c:\documents and settings\All Users\Start Menu\Programs\AntiMalware\Lavasoft\Ad-Aware\Ad-Aware Manual.lnk
c:\documents and settings\All Users\Start Menu\Programs\AntiMalware\Lavasoft\Ad-Aware\Ad-Aware Update.lnk
c:\documents and settings\All Users\Start Menu\Programs\AntiMalware\Lavasoft\Ad-Aware\Ad-Aware.lnk
c:\documents and settings\All Users\Start Menu\Programs\AntiMalware\Lavasoft\Ad-Aware\Lavasoft Homepage.lnk
c:\documents and settings\All Users\Start Menu\Programs\AntiMalware\Lavasoft\Ad-Aware\Toolbox\ThreatWork.lnk
c:\documents and settings\All Users\Start Menu\Programs\AntiMalware\Lavasoft\Ad-Aware\Uninstall Ad-Aware.lnk
c:\documents and settings\All Users\Start Menu\Programs\AntiMalware\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware Help.lnk
c:\documents and settings\All Users\Start Menu\Programs\AntiMalware\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware.lnk
c:\documents and settings\All Users\Start Menu\Programs\AntiMalware\Malwarebytes' Anti-Malware\Uninstall Malwarebytes' Anti-Malware.lnk
c:\documents and settings\All Users\Start Menu\Programs\AntiMalware\Spybot - Search & Destroy\File Shredder.lnk
c:\documents and settings\All Users\Start Menu\Programs\AntiMalware\Spybot - Search & Destroy\Spybot - Search & Destroy.lnk
c:\documents and settings\All Users\Start Menu\Programs\AntiMalware\Spybot - Search & Destroy\Tutorial.lnk
c:\documents and settings\All Users\Start Menu\Programs\AntiMalware\Spybot - Search & Destroy\Uninstall Spybot-S&D.lnk
c:\documents and settings\All Users\Start Menu\Programs\AntiMalware\Spybot - Search & Destroy\Update Spybot-S&D.lnk
c:\documents and settings\All Users\Start Menu\Programs\AntiMalware\SUPERAntiSpyware\BootSafe.lnk
c:\documents and settings\All Users\Start Menu\Programs\AntiMalware\SUPERAntiSpyware\SUPERAntiSpyware Alternate Start.lnk
c:\documents and settings\All Users\Start Menu\Programs\AntiMalware\SUPERAntiSpyware\SUPERAntiSpyware Free Edition.lnk
c:\documents and settings\All Users\Start Menu\Programs\AntiMalware\SUPERAntiSpyware\SUPERAntiSpyware Help.lnk
c:\documents and settings\All Users\Start Menu\Programs\AntiMalware\SUPERAntiSpyware\SUPERAntiSpyware Registration-Activation.lnk
c:\documents and settings\Peter\WINDOWS
c:\windows\system32\components
c:\windows\system32\components\browser.xpt
c:\windows\system32\components\browserdirprovider.dll
c:\windows\system32\components\brwsrcmp.dll
c:\windows\system32\components\components.list
c:\windows\system32\components\FeedConverter.js
c:\windows\system32\components\FeedProcessor.js
c:\windows\system32\components\FeedWriter.js
c:\windows\system32\components\fuelApplication.js
c:\windows\system32\components\GPSDGeolocationProvider.js
c:\windows\system32\components\jsconsole-clhandler.js
c:\windows\system32\components\NetworkGeolocationProvider.js
c:\windows\system32\components\nsAddonRepository.js
c:\windows\system32\components\nsBadCertHandler.js
c:\windows\system32\components\nsBlocklistService.js
c:\windows\system32\components\nsBrowserContentHandler.js
c:\windows\system32\components\nsBrowserGlue.js
c:\windows\system32\components\nsContentDispatchChooser.js
c:\windows\system32\components\nsContentPrefService.js
c:\windows\system32\components\nsDefaultCLH.js
c:\windows\system32\components\nsDownloadManagerUI.js
c:\windows\system32\components\nsExtensionManager.js
c:\windows\system32\components\nsFormAutoComplete.js
c:\windows\system32\components\nsHandlerService.js
c:\windows\system32\components\nsHelperAppDlg.js
c:\windows\system32\components\nsINIProcessor.js
c:\windows\system32\components\nsLivemarkService.js
c:\windows\system32\components\nsLoginInfo.js
c:\windows\system32\components\nsLoginManager.js
c:\windows\system32\components\nsLoginManagerPrompter.js
c:\windows\system32\components\nsMicrosummaryService.js
c:\windows\system32\components\nsPlacesAutoComplete.js
c:\windows\system32\components\nsPlacesDBFlush.js
c:\windows\system32\components\nsPlacesTransactionsService.js
c:\windows\system32\components\nsPrivateBrowsingService.js
c:\windows\system32\components\nsProxyAutoConfig.js
c:\windows\system32\components\nsSafebrowsingApplication.js
c:\windows\system32\components\nsSearchService.js
c:\windows\system32\components\nsSearchSuggestions.js
c:\windows\system32\components\nsSessionStartup.js
c:\windows\system32\components\nsSessionStore.js
c:\windows\system32\components\nsSetDefaultBrowser.js
c:\windows\system32\components\nsSidebar.js
c:\windows\system32\components\nsTaggingService.js
c:\windows\system32\components\nsTryToClose.js
c:\windows\system32\components\nsUpdateService.js
c:\windows\system32\components\nsUpdateServiceStub.js
c:\windows\system32\components\nsUpdateTimerManager.js
c:\windows\system32\components\nsUrlClassifierLib.js
c:\windows\system32\components\nsUrlClassifierListManager.js
c:\windows\system32\components\nsURLFormatter.js
c:\windows\system32\components\nsWebHandlerApp.js
c:\windows\system32\components\pluginGlue.js
c:\windows\system32\components\storage-Legacy.js
c:\windows\system32\components\storage-mozStorage.js
c:\windows\system32\components\txEXSLTRegExFunctions.js
c:\windows\system32\components\WebContentConverter.js
c:\windows\system32\ReadMe.txt
c:\windows\system32\res
c:\windows\system32\res\arrow.gif
c:\windows\system32\res\arrowd.gif
c:\windows\system32\res\broken-image.png
c:\windows\system32\res\charsetalias.properties
c:\windows\system32\res\charsetData.properties
c:\windows\system32\res\contenteditable.css
c:\windows\system32\res\designmode.css
c:\windows\system32\res\dtd\mathml.dtd
c:\windows\system32\res\dtd\xhtml11.dtd
c:\windows\system32\res\EditorOverride.css
c:\windows\system32\res\entityTables\html40Latin1.properties
c:\windows\system32\res\entityTables\html40Special.properties
c:\windows\system32\res\entityTables\html40Symbols.properties
c:\windows\system32\res\entityTables\htmlEntityVersions.properties
c:\windows\system32\res\entityTables\mathml20.properties
c:\windows\system32\res\entityTables\transliterate.properties
c:\windows\system32\res\fonts\mathfont.properties
c:\windows\system32\res\fonts\mathfontStandardSymbolsL.properties
c:\windows\system32\res\fonts\mathfontSTIXNonUnicode.properties
c:\windows\system32\res\fonts\mathfontSTIXSize1.properties
c:\windows\system32\res\fonts\mathfontSymbol.properties
c:\windows\system32\res\fonts\mathfontUnicode.properties
c:\windows\system32\res\forms.css
c:\windows\system32\res\grabber.gif
c:\windows\system32\res\hiddenWindow.html
c:\windows\system32\res\html.css
c:\windows\system32\res\html\folder.png
c:\windows\system32\res\langGroups.properties
c:\windows\system32\res\language.properties
c:\windows\system32\res\loading-image.png
c:\windows\system32\res\mathml.css
c:\windows\system32\res\quirk.css
c:\windows\system32\res\svg.css
c:\windows\system32\res\table-add-column-after-active.gif
c:\windows\system32\res\table-add-column-after-hover.gif
c:\windows\system32\res\table-add-column-after.gif
c:\windows\system32\res\table-add-column-before-active.gif
c:\windows\system32\res\table-add-column-before-hover.gif
c:\windows\system32\res\table-add-column-before.gif
c:\windows\system32\res\table-add-row-after-active.gif
c:\windows\system32\res\table-add-row-after-hover.gif
c:\windows\system32\res\table-add-row-after.gif
c:\windows\system32\res\table-add-row-before-active.gif
c:\windows\system32\res\table-add-row-before-hover.gif
c:\windows\system32\res\table-add-row-before.gif
c:\windows\system32\res\table-remove-column-active.gif
c:\windows\system32\res\table-remove-column-hover.gif
c:\windows\system32\res\table-remove-column.gif
c:\windows\system32\res\table-remove-row-active.gif
c:\windows\system32\res\table-remove-row-hover.gif
c:\windows\system32\res\table-remove-row.gif
c:\windows\system32\res\ua.css
c:\windows\system32\res\viewsource.css
c:\windows\system32\res\wincharset.properties
c:\windows\winhelp.ini
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-28 )))))))))))))))))))))))))))))))
.
.
2011-11-22 16:30 . 2004-08-03 23:56 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-11-22 16:29 . 2011-11-28 12:29 -------- d-----w- c:\documents and settings\BCWork
2011-11-21 23:30 . 2011-11-03 12:06 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-11-21 23:30 . 2011-11-21 23:30 -------- d-----w- c:\program files\Lavasoft
2011-11-21 00:16 . 2011-11-21 00:16 -------- d-----w- c:\documents and settings\Admin\Application Data\SUPERAntiSpyware.com
2011-11-20 01:34 . 2011-11-20 01:34 -------- d-sh--w- c:\documents and settings\Admin\PrivacIE
2011-11-20 01:32 . 2011-11-20 01:32 -------- d-sh--w- c:\documents and settings\Admin\IETldCache
2011-11-19 23:41 . 2011-11-19 23:41 -------- d-sh--w- c:\documents and settings\Peter\PrivacIE
2011-11-19 23:39 . 2011-11-19 23:39 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-11-19 23:38 . 2011-11-19 23:38 -------- d-sh--w- c:\documents and settings\Peter\IETldCache
2011-11-19 21:57 . 2011-11-19 22:02 -------- dc-h--w- c:\windows\ie8
2011-11-19 21:52 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-11-19 21:52 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-11-19 21:52 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-11-19 18:59 . 2011-11-20 01:59 -------- d-----w- c:\documents and settings\Peter\Local SettingsTemp
2011-11-19 17:53 . 2011-11-19 18:57 -------- d-----w- c:\documents and settings\Peter\temp
2011-11-17 18:09 . 2011-11-17 18:09 -------- d-----w- c:\program files\CCleaner
2011-11-17 18:08 . 2011-11-17 18:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-11-17 18:08 . 2011-11-17 18:12 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Temp
2011-11-17 18:07 . 2011-11-18 09:18 -------- d-----w- c:\program files\Google
2011-11-17 18:07 . 2011-11-18 01:39 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Google
2011-11-07 01:22 . 2011-11-07 01:18 2207744 ----a-w- c:\windows\system32\HomePlanet.scr
2011-11-02 09:34 . 2011-11-02 09:34 -------- d-----w- c:\windows\system32\LogFiles
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 23:38 . 2010-05-16 10:34 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-08-31 16:00 . 2011-08-12 23:46 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-08 281768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Distiller Assistant 3.01.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Distiller Assistant 3.01.lnk
backup=c:\windows\pss\Distiller Assistant 3.01.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus Organizer EasyClip.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Lotus Organizer EasyClip.lnk
backup=c:\windows\pss\Lotus Organizer EasyClip.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=c:\windows\pss\Microsoft Find Fast.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Peter^Start Menu^Programs^Startup^Microsoft Office Shortcut Bar.lnk]
path=c:\documents and settings\Peter\Start Menu\Programs\Startup\Microsoft Office Shortcut Bar.lnk
backup=c:\windows\pss\Microsoft Office Shortcut Bar.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Peter^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\Peter\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp]
2009-12-07 11:50 1584640 ----a-w- c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-03 23:56 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-12-21 11:53 1483264 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 10:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-11-07 18:04 4617600 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Lavasoft Ad-Aware Service"=2 (0x2)
"!SASCORE"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [21/11/2011 23:30 64512]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 16:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 21:55 67664]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/05/2010 06:31 136360]
R3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [17/02/2011 23:38 90192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [03/11/2011 12:06 2152152]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [03/11/2011 12:06 15232]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
S4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11/08/2011 23:38 116608]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - BlackBox
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 12:06]
.
.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
TCP: DhcpNameServer = 192.168.1.254
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\BCWork\Application Data\Mozilla\Firefox\Profiles\1yqjv1s9.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-28 17:59
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(564)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2011-11-28 18:04:01
ComboFix-quarantined-files.txt 2011-11-28 18:03
.
Pre-Run: 23,559,196,672 bytes free
Post-Run: 23,611,338,752 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 65B9BCB14914E3F74C0C8E612AE70BB3
I checked for redirects in a Firefox/Bing envirnoment and found that they continue. Usually Back from a redirect returns the screen to the Bing searchlist, but with the colour of the selected item in the search list unchanged. Occasionally Back results in a Popup asking "Are you sure you want to navigate away from this page?"

Regards

Brawgates

#6 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,515
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 28 November 2011 - 02:12 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#7 User is offline   Brawgates 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 93
  • Joined: 26-September 09
  • Gender:Male
  • Location:Scotland

Posted 28 November 2011 - 04:57 PM

Gringo

TDSSKiller downloaded to Desktop and run as requested.

Copy of TDSSKiller report

21:19:52.0456 1080 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
21:19:52.0796 1080 ============================================================
21:19:52.0796 1080 Current date / time: 2011/11/28 21:19:52.0796
21:19:52.0796 1080 SystemInfo:
21:19:52.0796 1080
21:19:52.0796 1080 OS Version: 5.1.2600 ServicePack: 2.0
21:19:52.0796 1080 Product type: Workstation
21:19:52.0796 1080 ComputerName: PAVILION
21:19:52.0796 1080 UserName: BCWork
21:19:52.0796 1080 Windows directory: C:\WINDOWS
21:19:52.0796 1080 System windows directory: C:\WINDOWS
21:19:52.0796 1080 Processor architecture: Intel x86
21:19:52.0796 1080 Number of processors: 1
21:19:52.0796 1080 Page size: 0x1000
21:19:52.0796 1080 Boot type: Normal boot
21:19:52.0796 1080 ============================================================
21:19:56.0071 1080 Initialize success
21:20:04.0032 1768 ============================================================
21:20:04.0032 1768 Scan started
21:20:04.0032 1768 Mode: Manual;
21:20:04.0032 1768 ============================================================
21:20:05.0234 1768 Abiosdsk - ok
21:20:05.0274 1768 abp480n5 - ok
21:20:05.0364 1768 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:20:05.0364 1768 ACPI - ok
21:20:05.0464 1768 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:20:05.0494 1768 ACPIEC - ok
21:20:05.0605 1768 adpu160m - ok
21:20:05.0695 1768 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
21:20:05.0765 1768 aec - ok
21:20:05.0935 1768 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
21:20:05.0985 1768 AFD - ok
21:20:06.0155 1768 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
21:20:06.0165 1768 agp440 - ok
21:20:06.0205 1768 Aha154x - ok
21:20:06.0235 1768 aic78u2 - ok
21:20:06.0266 1768 aic78xx - ok
21:20:06.0306 1768 AliIde - ok
21:20:06.0336 1768 amsint - ok
21:20:06.0466 1768 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:20:06.0516 1768 Arp1394 - ok
21:20:06.0626 1768 asc - ok
21:20:06.0666 1768 asc3350p - ok
21:20:06.0706 1768 asc3550 - ok
21:20:06.0826 1768 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:20:06.0836 1768 AsyncMac - ok
21:20:07.0007 1768 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:20:07.0017 1768 atapi - ok
21:20:07.0057 1768 Atdisk - ok
21:20:07.0127 1768 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:20:07.0157 1768 Atmarpc - ok
21:20:07.0327 1768 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:20:07.0387 1768 audstub - ok
21:20:07.0537 1768 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
21:20:07.0617 1768 avgio - ok
21:20:07.0808 1768 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
21:20:07.0808 1768 avgntflt - ok
21:20:07.0868 1768 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
21:20:07.0918 1768 avipbb - ok
21:20:08.0088 1768 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:20:08.0118 1768 Beep - ok
21:20:08.0359 1768 catchme - ok
21:20:08.0509 1768 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:20:08.0539 1768 cbidf2k - ok
21:20:08.0659 1768 cd20xrnt - ok
21:20:08.0939 1768 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:20:08.0989 1768 Cdaudio - ok
21:20:09.0160 1768 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
21:20:09.0160 1768 Cdfs - ok
21:20:09.0240 1768 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:20:09.0300 1768 Cdrom - ok
21:20:09.0420 1768 Changer - ok
21:20:09.0500 1768 CmdIde - ok
21:20:09.0560 1768 Cpqarray - ok
21:20:09.0761 1768 cpuz132 - ok
21:20:09.0871 1768 dac2w2k - ok
21:20:09.0911 1768 dac960nt - ok
21:20:10.0011 1768 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
21:20:10.0021 1768 Disk - ok
21:20:10.0171 1768 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
21:20:10.0281 1768 dmboot - ok
21:20:10.0452 1768 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
21:20:10.0462 1768 dmio - ok
21:20:10.0532 1768 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:20:10.0532 1768 dmload - ok
21:20:10.0682 1768 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
21:20:10.0782 1768 DMusic - ok
21:20:10.0902 1768 dpti2o - ok
21:20:11.0062 1768 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
21:20:11.0092 1768 drmkaud - ok
21:20:11.0283 1768 es1371 (a55dd7d8ced5d2624a9ee2dda7be0319) C:\WINDOWS\system32\drivers\es1371mp.sys
21:20:11.0323 1768 es1371 - ok
21:20:11.0533 1768 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
21:20:11.0533 1768 Fastfat - ok
21:20:11.0593 1768 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:20:11.0653 1768 Fdc - ok
21:20:11.0854 1768 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
21:20:11.0894 1768 Fips - ok
21:20:12.0054 1768 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:20:12.0094 1768 Flpydisk - ok
21:20:12.0274 1768 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:20:12.0274 1768 FltMgr - ok
21:20:12.0444 1768 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:20:12.0484 1768 Fs_Rec - ok
21:20:12.0655 1768 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:20:12.0655 1768 Ftdisk - ok
21:20:12.0765 1768 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys
21:20:12.0805 1768 gameenum - ok
21:20:12.0965 1768 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:20:13.0035 1768 Gpc - ok
21:20:13.0216 1768 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:20:13.0266 1768 HidUsb - ok
21:20:13.0376 1768 hpn - ok
21:20:13.0476 1768 HSFHWBS2 (970178e8e003eb1481293830069624b9) C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
21:20:13.0546 1768 HSFHWBS2 - ok
21:20:13.0917 1768 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
21:20:14.0127 1768 HSF_DP - ok
21:20:14.0347 1768 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
21:20:14.0417 1768 HTTP - ok
21:20:14.0537 1768 i2omgmt - ok
21:20:14.0577 1768 i2omp - ok
21:20:14.0738 1768 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:20:14.0798 1768 i8042prt - ok
21:20:14.0978 1768 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:20:15.0028 1768 Imapi - ok
21:20:15.0138 1768 ini910u - ok
21:20:15.0238 1768 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:20:15.0238 1768 IntelIde - ok
21:20:15.0339 1768 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:20:15.0359 1768 Ip6Fw - ok
21:20:15.0519 1768 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:20:15.0549 1768 IpFilterDriver - ok
21:20:15.0709 1768 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:20:15.0749 1768 IpInIp - ok
21:20:15.0919 1768 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:20:15.0969 1768 IpNat - ok
21:20:16.0140 1768 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:20:16.0190 1768 IPSec - ok
21:20:16.0340 1768 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:20:16.0360 1768 IRENUM - ok
21:20:16.0530 1768 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:20:16.0530 1768 isapnp - ok
21:20:16.0630 1768 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:20:16.0670 1768 Kbdclass - ok
21:20:16.0841 1768 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:20:16.0881 1768 kbdhid - ok
21:20:17.0051 1768 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
21:20:17.0121 1768 kmixer - ok
21:20:17.0291 1768 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
21:20:17.0301 1768 KSecDD - ok
21:20:17.0502 1768 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
21:20:17.0552 1768 Lavasoft Kernexplorer - ok
21:20:17.0732 1768 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
21:20:17.0732 1768 Lbd - ok
21:20:17.0782 1768 lbrtfdc - ok
21:20:17.0902 1768 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:20:17.0942 1768 mdmxsdk - ok
21:20:18.0113 1768 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:20:18.0143 1768 mnmdd - ok
21:20:18.0323 1768 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
21:20:18.0363 1768 Modem - ok
21:20:18.0523 1768 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
21:20:18.0563 1768 MODEMCSA - ok
21:20:18.0723 1768 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:20:18.0764 1768 Mouclass - ok
21:20:18.0934 1768 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
21:20:18.0944 1768 MountMgr - ok
21:20:18.0974 1768 mraid35x - ok
21:20:19.0154 1768 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
21:20:19.0184 1768 MREMP50 - ok
21:20:19.0194 1768 MREMPR5 - ok
21:20:19.0234 1768 MRENDIS5 - ok
21:20:19.0304 1768 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
21:20:19.0344 1768 MRESP50 - ok
21:20:19.0535 1768 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:20:19.0535 1768 MRxDAV - ok
21:20:19.0675 1768 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:20:19.0705 1768 MRxSmb - ok
21:20:19.0865 1768 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
21:20:19.0865 1768 Msfs - ok
21:20:19.0955 1768 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:20:19.0975 1768 MSKSSRV - ok
21:20:20.0135 1768 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:20:20.0156 1768 MSPCLOCK - ok
21:20:20.0316 1768 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
21:20:20.0336 1768 MSPQM - ok
21:20:20.0496 1768 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:20:20.0546 1768 mssmbios - ok
21:20:20.0716 1768 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
21:20:20.0726 1768 Mup - ok
21:20:20.0816 1768 Nbf (c087dd7fa47c4a43683df764fbfa30a7) C:\WINDOWS\system32\DRIVERS\nbf.sys
21:20:20.0877 1768 Nbf - ok
21:20:21.0047 1768 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
21:20:21.0057 1768 NDIS - ok
21:20:21.0157 1768 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:20:21.0197 1768 NdisTapi - ok
21:20:21.0367 1768 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:20:21.0407 1768 Ndisuio - ok
21:20:21.0588 1768 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:20:21.0648 1768 NdisWan - ok
21:20:21.0818 1768 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
21:20:21.0858 1768 NDProxy - ok
21:20:22.0028 1768 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:20:22.0028 1768 NetBIOS - ok
21:20:22.0078 1768 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:20:22.0148 1768 NetBT - ok
21:20:22.0329 1768 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:20:22.0369 1768 NIC1394 - ok
21:20:22.0539 1768 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
21:20:22.0539 1768 Npfs - ok
21:20:22.0659 1768 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
21:20:22.0689 1768 Ntfs - ok
21:20:22.0839 1768 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:20:22.0869 1768 Null - ok
21:20:23.0150 1768 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:20:23.0430 1768 nv - ok
21:20:23.0641 1768 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:20:23.0691 1768 NwlnkFlt - ok
21:20:23.0851 1768 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:20:23.0881 1768 NwlnkFwd - ok
21:20:24.0081 1768 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:20:24.0081 1768 ohci1394 - ok
21:20:24.0342 1768 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
21:20:24.0422 1768 Parport - ok
21:20:24.0672 1768 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
21:20:24.0672 1768 PartMgr - ok
21:20:24.0822 1768 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:20:24.0852 1768 ParVdm - ok
21:20:25.0012 1768 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
21:20:25.0053 1768 pccsmcfd - ok
21:20:25.0223 1768 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
21:20:25.0223 1768 PCI - ok
21:20:25.0263 1768 PCIDump - ok
21:20:25.0303 1768 PCIIde - ok
21:20:25.0383 1768 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:20:25.0423 1768 Pcmcia - ok
21:20:25.0543 1768 PDCOMP - ok
21:20:25.0573 1768 PDFRAME - ok
21:20:25.0744 1768 PDRELI - ok
21:20:25.0764 1768 PDRFRAME - ok
21:20:25.0794 1768 perc2 - ok
21:20:25.0814 1768 perc2hib - ok
21:20:25.0934 1768 PMEM (2b85237f904c5bdf7ad386f0ede19bd3) C:\WINDOWS\system32\drivers\pmemnt.sys
21:20:25.0974 1768 PMEM - ok
21:20:26.0154 1768 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:20:26.0214 1768 PptpMiniport - ok
21:20:26.0374 1768 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
21:20:26.0415 1768 Processor - ok
21:20:26.0595 1768 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
21:20:26.0785 1768 PSched - ok
21:20:26.0945 1768 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:20:26.0995 1768 Ptilink - ok
21:20:27.0116 1768 ql1080 - ok
21:20:27.0156 1768 Ql10wnt - ok
21:20:27.0186 1768 ql12160 - ok
21:20:27.0206 1768 ql1240 - ok
21:20:27.0236 1768 ql1280 - ok
21:20:27.0586 1768 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:20:27.0726 1768 RasAcd - ok
21:20:28.0277 1768 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:20:28.0337 1768 Rasl2tp - ok
21:20:28.0508 1768 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:20:28.0548 1768 RasPppoe - ok
21:20:28.0868 1768 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:20:28.0918 1768 Raspti - ok
21:20:29.0088 1768 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:20:29.0098 1768 Rdbss - ok
21:20:29.0199 1768 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:20:29.0239 1768 RDPCDD - ok
21:20:29.0419 1768 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:20:29.0489 1768 rdpdr - ok
21:20:29.0639 1768 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
21:20:29.0669 1768 RDPWD - ok
21:20:29.0849 1768 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:20:29.0900 1768 redbook - ok
21:20:30.0110 1768 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
21:20:30.0150 1768 RTL8023xp - ok
21:20:30.0310 1768 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
21:20:30.0340 1768 rtl8139 - ok
21:20:30.0500 1768 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:20:30.0560 1768 SASDIFSV - ok
21:20:30.0821 1768 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:20:30.0871 1768 SASKUTIL - ok
21:20:31.0071 1768 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:20:31.0111 1768 Secdrv - ok
21:20:31.0292 1768 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:20:31.0332 1768 serenum - ok
21:20:31.0502 1768 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
21:20:31.0552 1768 Serial - ok
21:20:31.0782 1768 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:20:31.0812 1768 Sfloppy - ok
21:20:31.0932 1768 Simbad - ok
21:20:31.0983 1768 Sparrow - ok
21:20:32.0063 1768 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
21:20:32.0103 1768 splitter - ok
21:20:32.0283 1768 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
21:20:32.0283 1768 sr - ok
21:20:32.0383 1768 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
21:20:32.0413 1768 Srv - ok
21:20:32.0583 1768 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
21:20:32.0714 1768 ssmdrv - ok
21:20:32.0884 1768 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
21:20:32.0924 1768 StillCam - ok
21:20:33.0094 1768 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:20:33.0134 1768 swenum - ok
21:20:33.0304 1768 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
21:20:33.0344 1768 swmidi - ok
21:20:33.0465 1768 symc810 - ok
21:20:33.0505 1768 symc8xx - ok
21:20:33.0535 1768 sym_hi - ok
21:20:33.0555 1768 sym_u3 - ok
21:20:33.0635 1768 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
21:20:33.0685 1768 sysaudio - ok
21:20:33.0885 1768 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:20:34.0055 1768 Tcpip - ok
21:20:34.0186 1768 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:20:34.0236 1768 TDPIPE - ok
21:20:34.0396 1768 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
21:20:34.0416 1768 TDTCP - ok
21:20:34.0586 1768 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:20:34.0716 1768 TermDD - ok
21:20:34.0847 1768 TosIde - ok
21:20:34.0947 1768 TotRec8 (6d7eb4aab1a31ad47957e97abd849dc8) C:\WINDOWS\system32\drivers\TotRec8.sys
21:20:35.0017 1768 TotRec8 - ok
21:20:35.0177 1768 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
21:20:35.0207 1768 Udfs - ok
21:20:35.0327 1768 ultra - ok
21:20:35.0437 1768 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
21:20:35.0558 1768 Update - ok
21:20:35.0738 1768 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:20:35.0778 1768 usbhub - ok
21:20:35.0948 1768 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:20:35.0998 1768 usbprint - ok
21:20:36.0149 1768 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:20:36.0189 1768 usbscan - ok
21:20:36.0349 1768 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:20:36.0379 1768 USBSTOR - ok
21:20:36.0549 1768 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:20:36.0749 1768 usbuhci - ok
21:20:36.0910 1768 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
21:20:36.0970 1768 VgaSave - ok
21:20:37.0080 1768 ViaIde - ok
21:20:37.0170 1768 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
21:20:37.0180 1768 VolSnap - ok
21:20:37.0270 1768 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:20:37.0300 1768 Wanarp - ok
21:20:37.0420 1768 WDICA - ok
21:20:37.0520 1768 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
21:20:37.0571 1768 wdmaud - ok
21:20:37.0781 1768 winachsf (1225ebea76aac3c84df6c54fe5e5d8be) C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys
21:20:37.0961 1768 winachsf - ok
21:20:38.0131 1768 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:20:38.0332 1768 \Device\Harddisk0\DR0 - ok
21:20:38.0352 1768 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
21:20:38.0362 1768 \Device\Harddisk1\DR1 - ok
21:20:38.0372 1768 Boot (0x1200) (a44061e7980b3dfb4b41aa0bf6d4a21f) \Device\Harddisk0\DR0\Partition0
21:20:38.0382 1768 \Device\Harddisk0\DR0\Partition0 - ok
21:20:38.0392 1768 Boot (0x1200) (22680d4ec9c76df41ba693140eae1759) \Device\Harddisk1\DR1\Partition0
21:20:38.0392 1768 \Device\Harddisk1\DR1\Partition0 - ok
21:20:38.0422 1768 Boot (0x1200) (1dee8e76106a58a9fac3f1025f3bd32d) \Device\Harddisk1\DR1\Partition1
21:20:38.0422 1768 \Device\Harddisk1\DR1\Partition1 - ok
21:20:38.0432 1768 ============================================================
21:20:38.0432 1768 Scan finished
21:20:38.0432 1768 ============================================================
21:20:38.0452 3736 Detected object count: 0
21:20:38.0452 3736 Actual detected object count: 0

Regards

Brawgates

#8 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,515
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 28 November 2011 - 05:02 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.




Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#9 User is offline   Brawgates 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 93
  • Joined: 26-September 09
  • Gender:Male
  • Location:Scotland

Posted 28 November 2011 - 05:17 PM

Gringo

When I started aswMBR, a popup suggested downloading AVAST! for better detection. Is this a YES?

Regards

Peter

#10 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,515
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 28 November 2011 - 05:26 PM

yes that is fine


gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#11 User is offline   Brawgates 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 93
  • Joined: 26-September 09
  • Gender:Male
  • Location:Scotland

Posted 28 November 2011 - 05:45 PM

Gringo

Copy of aswMBR log

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-28 22:12:02
-----------------------------
22:12:02.997 OS Version: Windows 5.1.2600 Service Pack 2
22:12:02.997 Number of processors: 1 586 0xA
22:12:02.997 ComputerName: PAVILION UserName: BCWork
22:12:03.788 Initialize success
22:32:36.000 AVAST engine defs: 11112802
22:33:14.916 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
22:33:14.976 Disk 0 Vendor: ST340810A 3.34 Size: 38166MB BusType: 3
22:33:15.006 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
22:33:15.006 Disk 1 Vendor: Maxtor_6Y120P0 YAR41BW0 Size: 117246MB BusType: 3
22:33:17.029 Disk 0 MBR read successfully
22:33:17.029 Disk 0 MBR scan
22:33:17.199 Disk 0 Windows XP default MBR code
22:33:17.199 Disk 0 scanning sectors +78140160
22:33:17.460 Disk 0 scanning C:\WINDOWS\system32\drivers
22:33:32.371 Service scanning
22:33:33.803 Modules scanning
22:33:55.094 Disk 0 trace - called modules:
22:33:55.114 ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
22:33:55.444 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8239dab8]
22:33:55.444 3 CLASSPNP.SYS[f859705b] -> nt!IofCallDriver -> \Device\00000064[0x823a29e8]
22:33:55.444 5 ACPI.sys[f84ed620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8237fd98]
22:33:56.426 AVAST engine scan C:\WINDOWS
22:34:06.661 AVAST engine scan C:\WINDOWS\system32
22:37:28.991 AVAST engine scan C:\WINDOWS\system32\drivers
22:37:47.288 AVAST engine scan C:\Documents and Settings\BCWork
22:38:16.640 AVAST engine scan C:\Documents and Settings\All Users
22:38:55.135 Scan finished successfully
22:39:19.130 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\BCWork\Desktop\MBR.dat"
22:39:19.170 The log file has been saved successfully to "C:\Documents and Settings\BCWork\Desktop\aswMBR.txt"
Peter

#12 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,515
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 28 November 2011 - 05:51 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later

  • Please post the contents of OTListIt.txt in your next reply.


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#13 User is offline   Brawgates 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 93
  • Joined: 26-September 09
  • Gender:Male
  • Location:Scotland

Posted 28 November 2011 - 06:23 PM

Gringo

OTL downloaded and options set as you specified before running from the desktop.

A copy of OTL.txt follows below:

Regards

Peter



OTL logfile created on: 28/11/2011 23:01:58 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\BCWork\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.46 Mb Total Physical Memory | 255.91 Mb Available Physical Memory | 50.03% Memory free
1.22 Gb Paging File | 0.73 Gb Available in Paging File | 59.43% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 21.83 Gb Free Space | 58.60% Space Free | Partition Type: NTFS
Drive D: | 58.59 Gb Total Space | 27.97 Gb Free Space | 47.73% Space Free | Partition Type: NTFS
Drive E: | 55.90 Gb Total Space | 45.16 Gb Free Space | 80.79% Space Free | Partition Type: NTFS

Computer Name: PAVILION | User Name: BCWork | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\BCWork\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Documents and Settings\Peter\Local Settings\Application Data\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office\WINWORD.EXE ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\js3250.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Program Files\Microsoft Office\Office\MSO97.DLL ()
MOD - C:\Program Files\Common Files\Microsoft Shared\VBA\VBE.DLL ()
MOD - C:\Program Files\Microsoft Office\Office\DISTMON.DLL ()
MOD - C:\Program Files\Microsoft Office\Office\WINWORD.EXE ()
MOD - C:\Program Files\Microsoft Office\Office\WWINTL32.DLL ()
MOD - C:\Program Files\Common Files\Microsoft Shared\Proof\MSSP232.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION)


========== Driver Services (SafeList) ==========

DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (Nbf) -- C:\WINDOWS\system32\drivers\NBF.SYS (Microsoft Corporation)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (TotRec8) -- C:\WINDOWS\system32\drivers\TotRec8.sys (High Criteria inc.)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (es1371) Creative AudioPCI (ES1371,ES1373) (WDM) -- C:\WINDOWS\system32\drivers\es1371mp.sys (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-823518204-1202660629-1900996195-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-823518204-1202660629-1900996195-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-823518204-1202660629-1900996195-1071\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-823518204-1202660629-1900996195-1071\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 75 59 C8 4D A9 CC 01 [binary data]
IE - HKU\S-1-5-21-823518204-1202660629-1900996195-1071\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.736

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@yverinfo.yahoo.com/YahooVersionInfoPlugin;version=1.0.0.1: C:\Program Files\Yahoo!\Shared\npYVerInfo.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011/03/19 08:04:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/22 16:34:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/21 00:45:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/12/29 19:56:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011/11/22 16:34:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\BCWork\Application Data\Mozilla\Extensions
[2011/11/28 15:44:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\BCWork\Application Data\Mozilla\Firefox\Profiles\1yqjv1s9.default\extensions
[2011/11/28 12:25:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\BCWork\Application Data\Mozilla\Firefox\Profiles\1yqjv1s9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/27 11:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/19 08:04:31 | 000,000,000 | ---D | M] (PC Sync 2 Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC
[2011/10/27 16:17:24 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/10/27 16:17:25 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/10/27 16:17:26 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/10/27 16:17:26 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/11/28 17:58:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKU\S-1-5-21-823518204-1202660629-1900996195-1003\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKU\S-1-5-21-823518204-1202660629-1900996195-1003..\Run: [{6FA87BC6-C067-83E6-FD5E-C4C61205DD86}] C:\Documents and Settings\Peter\Application Data\Enab\argyka.exe ()
O4 - HKU\S-1-5-21-823518204-1202660629-1900996195-1003..\Run: [advEventmm] C:\Documents and Settings\Peter\Local Settings\Application Data\DRMmappnp\advEventmm.dll ()
O4 - HKU\S-1-5-21-823518204-1202660629-1900996195-1003..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background File not found
O4 - HKU\S-1-5-21-823518204-1202660629-1900996195-1003..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-823518204-1202660629-1900996195-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-823518204-1202660629-1900996195-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-823518204-1202660629-1900996195-1071\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-823518204-1202660629-1900996195-1071\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-823518204-1202660629-1900996195-1071\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-823518204-1202660629-1900996195-1071\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E0E0E42-A93E-4E1E-9BF5-68F530998DC9}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/11 00:10:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/28 22:59:05 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\BCWork\Desktop\OTL.exe
[2011/11/28 22:11:25 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\BCWork\Desktop\aswMBR.exe
[2011/11/28 21:23:21 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/11/28 21:22:49 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\BCWork\Desktop\tdsskiller.exe
[2011/11/28 18:04:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/11/28 17:40:37 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/11/28 17:37:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/28 17:37:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/28 17:37:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/28 17:37:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/28 17:37:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/28 17:36:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/28 17:32:14 | 004,310,219 | R--- | C] (Swearware) -- C:\Documents and Settings\BCWork\Desktop\ComboFix.exe
[2011/11/28 15:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BCWork\Application Data\Avira
[2011/11/28 12:32:24 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\BCWork\Desktop\dds.scr
[2011/11/22 19:35:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BCWork\Application Data\Macromedia
[2011/11/22 19:34:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BCWork\Application Data\Adobe
[2011/11/22 19:34:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\BCWork\PrivacIE
[2011/11/22 16:49:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BCWork\Desktop\gmer
[2011/11/22 16:38:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\BCWork\My Documents\My Videos
[2011/11/22 16:38:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\BCWork\Start Menu\Programs\Administrative Tools
[2011/11/22 16:34:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BCWork\My Documents\Downloads
[2011/11/22 16:34:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BCWork\Local Settings\Application Data\Mozilla
[2011/11/22 16:34:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BCWork\Application Data\Mozilla
[2011/11/22 16:30:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BCWork\Application Data\Identities
[2011/11/22 16:29:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\BCWork\My Documents\My Music
[2011/11/22 16:29:53 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\BCWork\IETldCache
[2011/11/22 16:29:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BCWork\Application Data\PC Suite
[2011/11/22 16:29:42 | 000,000,000 | --SD | C] -- C:\Documents and Settings\BCWork\Application Data\Microsoft
[2011/11/22 16:29:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\BCWork\SendTo
[2011/11/22 16:29:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\BCWork\Recent
[2011/11/22 16:29:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\BCWork\Application Data
[2011/11/22 16:29:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\BCWork\Start Menu\Programs\Startup
[2011/11/22 16:29:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\BCWork\Start Menu
[2011/11/22 16:29:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\BCWork\My Documents\My Pictures
[2011/11/22 16:29:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\BCWork\My Documents
[2011/11/22 16:29:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\BCWork\Favorites
[2011/11/22 16:29:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\BCWork\Start Menu\Programs\Accessories
[2011/11/22 16:29:42 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\BCWork\Cookies
[2011/11/22 16:29:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\BCWork\Templates
[2011/11/22 16:29:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\BCWork\PrintHood
[2011/11/22 16:29:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\BCWork\NetHood
[2011/11/22 16:29:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\BCWork\Local Settings
[2011/11/22 16:29:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BCWork\Local Settings\Application Data\Microsoft
[2011/11/22 16:29:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BCWork\Desktop
[2011/11/22 16:19:03 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\BCWork\Desktop\dds.1st.scr
[2011/11/21 23:30:42 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/11/21 23:30:05 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/11/19 22:05:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/11/19 21:57:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/11/19 21:52:22 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011/11/17 18:09:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/11/17 18:09:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/11/17 18:08:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2011/11/17 18:07:23 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/11/15 13:07:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/11/02 09:34:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/28 22:59:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BCWork\Desktop\OTL.exe
[2011/11/28 22:42:50 | 000,008,536 | ---- | M] () -- C:\WINDOWS\BCWork8.xlb
[2011/11/28 22:39:19 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\BCWork\Desktop\MBR.dat
[2011/11/28 22:11:34 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\BCWork\Desktop\aswMBR.exe
[2011/11/28 21:22:52 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\BCWork\Desktop\tdsskiller.exe
[2011/11/28 17:58:48 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/28 17:40:50 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/11/28 17:32:15 | 004,310,219 | R--- | M] (Swearware) -- C:\Documents and Settings\BCWork\Desktop\ComboFix.exe
[2011/11/28 15:41:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/28 15:41:00 | 536,379,392 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/28 12:58:59 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\BCWork\Desktop\RKUnhookerLE.EXE
[2011/11/28 12:32:24 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\BCWork\Desktop\dds.scr
[2011/11/28 12:29:08 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\BCWork\defogger_reenable
[2011/11/28 12:27:52 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\BCWork\Desktop\Defogger.exe
[2011/11/28 12:23:54 | 000,035,262 | ---- | M] () -- C:\WINDOWS\BCWork.acl
[2011/11/28 09:46:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/23 00:40:44 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/11/22 16:48:26 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\BCWork\Desktop\gmer.zip
[2011/11/22 16:30:36 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\BCWork\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/22 16:30:31 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\BCWork\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/11/22 16:19:04 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\BCWork\Desktop\dds.1st.scr
[2011/11/22 09:27:27 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/11/21 23:38:17 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/11/21 23:06:31 | 000,008,536 | ---- | M] () -- C:\WINDOWS\Admin8.xlb
[2011/11/21 00:56:20 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/11/19 22:02:49 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/07 01:18:28 | 002,207,744 | ---- | M] () -- C:\WINDOWS\System32\HomePlanet.scr
[2011/11/03 12:06:56 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/10/30 10:44:28 | 000,472,562 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/30 10:44:28 | 000,075,530 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/28 22:42:50 | 000,008,536 | ---- | C] () -- C:\WINDOWS\BCWork8.xlb
[2011/11/28 22:39:19 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\BCWork\Desktop\MBR.dat
[2011/11/28 17:40:50 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/11/28 17:40:45 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/11/28 17:37:20 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/28 17:37:20 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/28 17:37:20 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/28 17:37:20 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/28 17:37:20 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/28 12:58:59 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\BCWork\Desktop\RKUnhookerLE.EXE
[2011/11/28 12:29:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\BCWork\defogger_reenable
[2011/11/28 12:27:50 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\BCWork\Desktop\Defogger.exe
[2011/11/28 12:23:54 | 000,035,262 | ---- | C] () -- C:\WINDOWS\BCWork.acl
[2011/11/22 16:48:24 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\BCWork\Desktop\gmer.zip
[2011/11/22 16:30:36 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\BCWork\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/22 16:30:36 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\BCWork\Start Menu\Programs\Internet Explorer.lnk
[2011/11/22 16:30:31 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\BCWork\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/11/22 16:30:14 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\BCWork\Start Menu\Programs\Outlook Express.lnk
[2011/11/22 16:29:42 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\BCWork\Start Menu\Programs\Remote Assistance.lnk
[2011/11/22 16:29:42 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\BCWork\Start Menu\Programs\Windows Media Player.lnk
[2011/11/21 23:31:00 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/11/21 00:56:20 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/11/19 22:02:35 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/11/07 01:22:04 | 002,207,744 | ---- | C] () -- C:\WINDOWS\System32\HomePlanet.scr
[2011/10/14 11:39:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2011/10/14 11:36:40 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2011/03/05 19:37:35 | 000,000,707 | ---- | C] () -- C:\WINDOWS\System32\updater.ini
[2011/03/05 19:37:31 | 000,000,142 | ---- | C] () -- C:\WINDOWS\System32\platform.ini
[2011/03/05 19:37:27 | 001,016,280 | ---- | C] () -- C:\WINDOWS\System32\js3250.dll
[2011/03/05 19:37:25 | 000,003,803 | ---- | C] () -- C:\WINDOWS\System32\crashreporter.ini
[2011/03/05 19:37:25 | 000,000,583 | ---- | C] () -- C:\WINDOWS\System32\crashreporter-override.ini
[2011/03/05 19:37:20 | 000,002,129 | ---- | C] () -- C:\WINDOWS\System32\application.ini
[2010/12/27 11:29:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/13 23:17:08 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/08/13 23:17:08 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2010/08/13 23:16:05 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08a.dat
[2010/08/13 23:15:51 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2010/05/14 23:14:05 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SSEUninstaller.exe
[2010/05/14 22:56:30 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\QTUninst.dll
[2010/05/14 22:09:02 | 000,000,120 | ---- | C] () -- C:\WINDOWS\MSMAIL32.INI
[2010/05/13 07:11:47 | 000,000,037 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2010/05/13 07:09:50 | 000,000,252 | ---- | C] () -- C:\WINDOWS\ADAM.INI
[2010/05/13 07:09:50 | 000,000,198 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2010/05/13 07:09:50 | 000,000,116 | ---- | C] () -- C:\WINDOWS\cap_pi.ini
[2010/05/13 07:09:24 | 000,001,392 | ---- | C] () -- C:\WINDOWS\ACROCAT.INI
[2010/05/13 07:09:07 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2010/05/13 07:09:05 | 000,000,192 | ---- | C] () -- C:\WINDOWS\ACROEXCH.INI
[2010/05/13 00:14:42 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2010/05/12 23:59:16 | 000,000,864 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2010/05/12 09:05:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\fpstart.ini
[2010/05/12 08:34:09 | 000,004,793 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/05/12 08:34:09 | 000,000,482 | ---- | C] () -- C:\WINDOWS\lotus.ini
[2010/05/12 08:34:07 | 000,004,758 | ---- | C] () -- C:\WINDOWS\ORG2.INI
[2010/05/11 10:03:45 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/05/11 07:59:17 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/05/11 07:59:17 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/05/11 07:59:17 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/05/11 07:59:17 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/05/11 07:59:17 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/05/11 07:59:17 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/05/11 07:59:17 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/05/11 07:59:17 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/05/11 07:59:17 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/05/11 07:59:17 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010/05/11 07:59:17 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/05/11 07:59:17 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/05/11 07:59:17 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/05/11 07:59:17 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/05/11 07:59:17 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/05/11 07:59:17 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010/05/11 07:59:17 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010/05/11 07:59:17 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/05/11 07:59:17 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/05/11 07:55:13 | 000,000,027 | ---- | C] () -- C:\WINDOWS\CDE SPR265DEFGIPS.ini
[2010/05/11 00:44:22 | 000,004,822 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/05/11 00:42:44 | 000,153,176 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/11 00:15:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/05/11 00:04:51 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 00:07:22 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 03:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 03:00:00 | 000,472,562 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 03:00:00 | 000,075,530 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 03:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1998/04/27 00:23:00 | 006,150,961 | ---- | C] () -- C:\WINDOWS\System32\jre116.exe
[1998/04/06 23:00:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ODBCMON.DLL
[1996/11/20 23:00:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\WRKGADM.EXE
[1996/11/20 23:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1996/11/20 23:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/11/20 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1994/07/25 00:23:00 | 000,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv
[1994/04/07 00:23:00 | 000,000,462 | ---- | C] () -- C:\WINDOWS\lodbf13.ini
[1994/04/07 00:23:00 | 000,000,462 | ---- | C] () -- C:\WINDOWS\lodbf09.ini

< End of report >

#14 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,515
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 28 November 2011 - 07:03 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
      
:otl
FF - HKLM\Software\MozillaPlugins\@yverinfo.yahoo.com/YahooVersionInfoPlugin;version=1.0.0.1: C:\Program Files\Yahoo!\Shared\npYVerInfo.dll File not found
O3 - HKU\S-1-5-21-823518204-1202660629-1900996195-1003\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
O4 - HKU\S-1-5-21-823518204-1202660629-1900996195-1003..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background File not found
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html
[2011/10/27 16:17:24 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/10/27 16:17:25 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/10/27 16:17:26 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/10/27 16:17:26 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
:Files
ipconfig /flushdns /c
:Commands
[PURITY]
[EMPTYTEMP]
[emptyjava]
[EMPTYFLASH]
[RESETHOSTS]

  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


Let me know How things are doing

Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#15 User is offline   Brawgates 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 93
  • Joined: 26-September 09
  • Gender:Male
  • Location:Scotland

Posted 28 November 2011 - 08:21 PM

Gringo

OTL Run Fix with Script completed. Required reboot.

You may well have cracked it!! I tried about a dozen FF/Bing searches. No redirects.

With an early start in the morning, I need to go offline right now. Will check more thoroughly tomorrow and include IE. Looks like good news.

Many thanks for you extraordinary assistance so far.

Best wishes

Peter




Copy of OTL report

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@yverinfo.yahoo.com/YahooVersionInfoPlugin;version=1.0.0.1\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-823518204-1202660629-1900996195-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE5D279F-081B-4404-994D-C6B60AAEBA6D}\ not found.
Registry key HKEY_USERS\S-1-5-21-823518204-1202660629-1900996195-1003\Software\Microsoft\Windows\CurrentVersion\Run not found.
File oft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomSearch| /E : value set successfully!
C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Documents and Settings\BCWork\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\BCWork\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->Java cache emptied: 95052 bytes
->FireFox cache emptied: 89310065 bytes
->Flash cache emptied: 487 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: BCWork
->Temp folder emptied: 49860965 bytes
->Temporary Internet Files folder emptied: 48173815 bytes
->FireFox cache emptied: 55046203 bytes
->Flash cache emptied: 456 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49219 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Peter
->Temp folder emptied: 252225534 bytes
->Temporary Internet Files folder emptied: 502470112 bytes
->Java cache emptied: 1376668 bytes
->FireFox cache emptied: 77203591 bytes
->Flash cache emptied: 17227319 bytes

User: temp2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->Flash cache emptied: 3811 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2142714 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1566512 bytes

Total Files Cleaned = 1,046.00 mb


[EMPTYJAVA]

User: Admin
->Java cache emptied: 0 bytes

User: Administrator

User: All Users

User: BCWork

User: Default User

User: LocalService

User: NetworkService

User: Peter
->Java cache emptied: 0 bytes

User: temp2

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Admin
->Flash cache emptied: 0 bytes

User: Administrator

User: All Users

User: BCWork
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

User: Peter
->Flash cache emptied: 0 bytes

User: temp2
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 11292011_003924

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Share this topic:


  • 4 Pages +
  • 1
  • 2
  • 3
  • Last »
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users