Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Redirects; slow computer


  • This topic is locked This topic is locked
32 replies to this topic

#1 Big Ern

Big Ern

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:GA
  • Local time:10:57 PM

Posted 10 May 2010 - 02:13 PM

I have run several tools including MBAM, superantispyware, smithfraudfix and eset online scan with no success. Had a previous infection with antivirus 2010 and porn pop ups. they seem to be gone...I can log on to one account and comp seems to work ok. The main account we normally use is the one that has the browser redirects and slow response time. also home page has been changed and most searches turn up undesired results...
Computer crashed while running GMER. I ran GMER in safe mode but computer locked up when I tried to save the report.so I ran it with sections checked only and it worked.
I have completed prep guide and attached logs:



DDS (Ver_09-06-26.01) - NTFSx86
Run by tim at 10:23:35.92 on Mon 05/10/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.119 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Xtreme Desktop\xdc\xdc.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PIXELA\ImageMixer 3 SE Ver.5\Transfer Utility\CameraMonitor.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\helpctr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
C:\Documents and Settings\tim\Desktop\spyware antivirus etc\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Freeze.com Helper: {d6a99b1f-fab9-4fa5-9c9d-d0d0cf846c05} - c:\program files\yourscreen\Freeze.DesktopManager.BrowserHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client for internet explorer\YontooIEClient.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Adaptec DirectCD] c:\progra~1\adaptec\directcd\directcd.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [XDc] c:\program files\xtreme desktop\xdc\startxdc.exe
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [WorksFUD] c:\program files\microsoft works\wkfud.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [Microsoft Works Portfolio] c:\program files\microsoft works\WksSb.exe /AllUsers
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\tim\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\imagem~1.lnk - c:\program files\pixela\imagemixer 3 se ver.5\transfer utility\CameraMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\common files\microsoft shared\works shared\wkcalrem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.kw.com/listings/includes/ImageUploader4.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - hxxp://www.ritzpix.com/net/Uploader/ImageUploader3.cab
DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} - hxxp://www.ritzpix.com/net/Uploader/LPUploader45.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F375116A-793C-11D2-BFE1-444553540001} - hxxp://realist2.firstamres.com/mapviewer/mapviewer.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tim\applic~1\mozilla\firefox\profiles\xqh87d5f.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-1-15 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 66632]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 12872]
S1 Cdudf;Cdudf;c:\windows\system32\drivers\CDUDF.SYS [2006-9-25 221408]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-19 135664]

=============== Created Last 30 ================

2010-05-10 10:20 411,368 a------- c:\windows\system32\deployJava1.dll
2010-05-10 10:20 73,728 a------- c:\windows\system32\javacpl.cpl
2010-05-10 09:51 3,608 a------- c:\windows\system32\tmp.reg
2010-05-09 23:08 <DIR> --d----- c:\program files\ESET
2010-05-09 22:55 130,492 a------- C:\MGlogs.zip
2010-05-09 22:55 <DIR> --d----- C:\MGtools
2010-05-09 22:10 <DIR> a-dshr-- C:\cmdcons
2010-05-09 21:51 256,512 a------- c:\windows\PEV.exe
2010-05-09 21:51 161,792 a------- c:\windows\SWREG.exe
2010-05-09 21:51 98,816 a------- c:\windows\sed.exe
2010-05-09 21:51 77,312 a------- c:\windows\MBR.exe
2010-05-09 21:26 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-09 21:26 20,952 a------- c:\windows\system32\drivers\mbam.sys
2010-05-09 21:26 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2010-05-09 17:06 <DIR> --d----- c:\program files\CCleaner

==================== Find3M ====================

2010-05-08 21:10 153,798 a------- c:\windows\pchealth\helpctr\config\cache\Personal_32_1033.dat
2010-03-10 09:18 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2010-03-10 09:18 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2010-03-09 07:09 430,080 a------- c:\windows\system32\vbscript.dll
2010-03-09 07:09 430,080 -------- c:\windows\system32\dllcache\vbscript.dll
2010-02-24 10:16 181,632 -------- c:\windows\system32\MpSigStub.exe
2010-02-24 09:11 455,680 -------- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-23 01:20 634,648 -------- c:\windows\system32\dllcache\iexplore.exe
2010-02-23 01:18 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2010-02-17 09:10 2,189,952 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-16 10:08 2,146,304 a------- c:\windows\system32\ntoskrnl.exe
2010-02-16 10:08 2,146,304 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-16 09:25 2,024,448 a------- c:\windows\system32\ntkrnlpa.exe
2010-02-16 09:25 2,066,816 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-16 09:25 2,024,448 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-12 00:33 100,864 a------- c:\windows\system32\6to4svc.dll
2010-02-12 00:33 100,864 -------- c:\windows\system32\dllcache\6to4svc.dll
2010-02-11 08:02 226,880 -------- c:\windows\system32\dllcache\tcpip6.sys
2009-01-19 19:02 1,754 a------- c:\program files\msjjqeri.txt
2006-09-02 12:22 774,144 a------- c:\program files\RngInterstitial.dll
2006-08-16 22:05 2,489 a------- c:\program files\Microsoft Word (2).lnk
2006-07-16 17:04 848 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-11-29 04:08 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008112920081130\index.dat

============= FINISH: 10:24:12.53 ===============

Attached Files


Edited by Big Ern, 10 May 2010 - 02:16 PM.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:57 AM

Posted 10 May 2010 - 02:21 PM

Good evening. smile.gif

I see neither an anti-virus program nor a firewall installed - how long has this been the case?

So long, and thanks for all the fish.

 

 


#3 Big Ern

Big Ern
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:GA
  • Local time:10:57 PM

Posted 10 May 2010 - 03:02 PM

I uninstalled norton and turned on windows firewall this morning. I only had an internet connection long enough to post, then I disconnected. I plan on using comodo as a firewall and maybe avast for AV. was going to do this whenever the comp was clean and just only connect when I had to...let me know if I should go ahead and install the aforementioned programs..

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:57 AM

Posted 10 May 2010 - 05:31 PM

You need to get an AV installed before we do anything else. The firewall can wait as there are pros and cons to installing one whilst infected. Let it run a full scan and delete whatever it finds, but make a note of the file(s) and let me know what they were.

So long, and thanks for all the fish.

 

 


#5 Big Ern

Big Ern
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:GA
  • Local time:10:57 PM

Posted 10 May 2010 - 06:01 PM

I am at work tonight (7-7). I will install and scan in the morning when I get home. will post log after I get up. should be before 3 pm EST.
Thx for the reply...

#6 Big Ern

Big Ern
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:GA
  • Local time:10:57 PM

Posted 11 May 2010 - 08:41 AM

Avast found Win32:Trojan-gen. I deleted it. It was in the system restore. I thought restore was off...I will make sure it is. I will await further instructions...

#7 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:57 AM

Posted 11 May 2010 - 02:27 PM

Good evening. smile.gif

Please re-enable System Restore and create a new Restore Point before you do anything else. Should your machine have any issues, System Restore may be the only chance you have to save the installation. While you may restore any infection present in the point, an infected PC is better than an electronic paperweight.

Once you've done that, let me have a fresh DDS log and we'll take it from there.

So long, and thanks for all the fish.

 

 


#8 Big Ern

Big Ern
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:GA
  • Local time:10:57 PM

Posted 11 May 2010 - 04:10 PM

Restore point created. here are the logs you requested...


DDS (Ver_09-06-26.01) - NTFSx86
Run by tim at 17:07:38.17 on Tue 05/11/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.206 [GMT -4:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Xtreme Desktop\xdc\xdc.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\PIXELA\ImageMixer 3 SE Ver.5\Transfer Utility\CameraMonitor.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
C:\Documents and Settings\tim\Desktop\spyware antivirus etc\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Freeze.com Helper: {d6a99b1f-fab9-4fa5-9c9d-d0d0cf846c05} - c:\program files\yourscreen\Freeze.DesktopManager.BrowserHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client for internet explorer\YontooIEClient.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe
mRun: [Adaptec DirectCD] c:\progra~1\adaptec\directcd\directcd.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [XDc] c:\program files\xtreme desktop\xdc\startxdc.exe
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [WorksFUD] c:\program files\microsoft works\wkfud.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [Microsoft Works Portfolio] c:\program files\microsoft works\WksSb.exe /AllUsers
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\tim\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\imagem~1.lnk - c:\program files\pixela\imagemixer 3 se ver.5\transfer utility\CameraMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\common files\microsoft shared\works shared\wkcalrem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.kw.com/listings/includes/ImageUploader4.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - hxxp://www.ritzpix.com/net/Uploader/ImageUploader3.cab
DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} - hxxp://www.ritzpix.com/net/Uploader/LPUploader45.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F375116A-793C-11D2-BFE1-444553540001} - hxxp://realist2.firstamres.com/mapviewer/mapviewer.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tim\applic~1\mozilla\firefox\profiles\xqh87d5f.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-11 164048]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-1-15 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 66632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-11 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-11 40384]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-11 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-11 40384]
S1 Cdudf;Cdudf;c:\windows\system32\drivers\CDUDF.SYS [2006-9-25 221408]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-19 135664]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 12872]

=============== Created Last 30 ================

2010-05-10 10:20 411,368 a------- c:\windows\system32\deployJava1.dll
2010-05-10 10:20 73,728 a------- c:\windows\system32\javacpl.cpl
2010-05-10 09:51 3,608 a------- c:\windows\system32\tmp.reg
2010-05-09 23:08 <DIR> --d----- c:\program files\ESET
2010-05-09 22:55 130,492 a------- C:\MGlogs.zip
2010-05-09 22:55 <DIR> --d----- C:\MGtools
2010-05-09 22:10 <DIR> a-dshr-- C:\cmdcons
2010-05-09 21:51 256,512 a------- c:\windows\PEV.exe
2010-05-09 21:51 161,792 a------- c:\windows\SWREG.exe
2010-05-09 21:51 98,816 a------- c:\windows\sed.exe
2010-05-09 21:51 77,312 a------- c:\windows\MBR.exe
2010-05-09 21:26 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-09 21:26 20,952 a------- c:\windows\system32\drivers\mbam.sys
2010-05-09 21:26 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2010-05-09 17:06 <DIR> --d----- c:\program files\CCleaner

==================== Find3M ====================

2010-05-06 10:36 221,568 -------- c:\windows\system32\MpSigStub.exe
2010-03-10 09:18 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2010-03-10 09:18 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2010-03-09 07:09 430,080 a------- c:\windows\system32\vbscript.dll
2010-03-09 07:09 430,080 -------- c:\windows\system32\dllcache\vbscript.dll
2010-02-24 09:11 455,680 -------- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-23 01:20 634,648 -------- c:\windows\system32\dllcache\iexplore.exe
2010-02-23 01:18 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2010-02-17 09:10 2,189,952 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-16 10:08 2,146,304 a------- c:\windows\system32\ntoskrnl.exe
2010-02-16 10:08 2,146,304 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-16 09:25 2,024,448 a------- c:\windows\system32\ntkrnlpa.exe
2010-02-16 09:25 2,066,816 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-16 09:25 2,024,448 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-12 00:33 100,864 a------- c:\windows\system32\6to4svc.dll
2010-02-12 00:33 100,864 -------- c:\windows\system32\dllcache\6to4svc.dll
2010-02-11 08:02 226,880 -------- c:\windows\system32\dllcache\tcpip6.sys
2009-01-19 19:02 1,754 a------- c:\program files\msjjqeri.txt
2006-09-02 12:22 774,144 a------- c:\program files\RngInterstitial.dll
2006-08-16 22:05 2,489 a------- c:\program files\Microsoft Word (2).lnk
2006-07-16 17:04 848 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-11-29 04:08 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008112920081130\index.dat

============= FINISH: 17:08:27.65 ===============

Attached Files



#9 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:57 AM

Posted 12 May 2010 - 01:57 PM

Good evening. smile.gif

Take a trip to this webpage for download links and instructions for running Combofix by sUBs: http://www.bleepingcomputer.com/combofix/how-to-use-combofix *
  • When prompted to save Combofix, change the filename BEFORE saving it - any name will do, as long as it has .exe at the end.
  • Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start.
  • When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste
  • Let me know how the PC is behaving.
* There are two points to note from the instructions page:

1) The Recovery Console.

It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.
CF will complete some, but not all, of it's removal tasks without the installation of the Console, so you are free to choose whether you want to complete this step, but it is in your interests to do so.

2) Disabling your Anti-Virus.

CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for!

So long, and thanks for all the fish.

 

 


#10 Big Ern

Big Ern
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:GA
  • Local time:10:57 PM

Posted 12 May 2010 - 03:34 PM

Evening... cool.gif The computer is acting a lot faster now but it will still not let me get on the internet on the one account. IE says cannot display page and firefox will go to google main page but when when I search for something, it always redirects to "newsearchgate.com"
here is the combofix log:

ComboFix 10-05-12.01 - tim 05/12/2010 15:59:58.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.164 [GMT -4:00]
Running from: c:\documents and settings\tim\Desktop\fixit.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\tim\LOCALS~1\Temp\3015wrd.~lk\8097fspext.dll
c:\documents and settings\tim\Local Settings\Temp\3015wrd.~lk\8097fspext.dll
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((( Files Created from 2010-04-12 to 2010-05-12 )))))))))))))))))))))))))))))))
.

2010-05-12 00:47 . 2010-05-12 00:47 503808 ----a-w- c:\documents and settings\mandy\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-20d5b06d-n\msvcp71.dll
2010-05-12 00:47 . 2010-05-12 00:47 499712 ----a-w- c:\documents and settings\mandy\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-20d5b06d-n\jmc.dll
2010-05-12 00:47 . 2010-05-12 00:47 348160 ----a-w- c:\documents and settings\mandy\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-20d5b06d-n\msvcr71.dll
2010-05-12 00:47 . 2010-05-12 00:47 12800 ----a-w- c:\documents and settings\mandy\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-48cb8b42-n\decora-d3d.dll
2010-05-12 00:47 . 2010-05-12 00:47 61440 ----a-w- c:\documents and settings\mandy\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-48cb8b42-n\decora-sse.dll
2010-05-11 12:49 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-11 12:49 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-11 12:49 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-11 12:49 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-11 12:49 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-11 12:49 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-11 12:49 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-11 12:49 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-11 12:49 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-10 14:20 . 2010-05-10 14:20 -------- d-----w- c:\program files\Common Files\Java
2010-05-10 14:20 . 2010-05-10 14:20 503808 ----a-w- c:\documents and settings\tim\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7eb77f71-n\msvcp71.dll
2010-05-10 14:20 . 2010-05-10 14:20 499712 ----a-w- c:\documents and settings\tim\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7eb77f71-n\jmc.dll
2010-05-10 14:20 . 2010-05-10 14:20 348160 ----a-w- c:\documents and settings\tim\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7eb77f71-n\msvcr71.dll
2010-05-10 14:20 . 2010-05-10 14:20 61440 ----a-w- c:\documents and settings\tim\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-758eb166-n\decora-sse.dll
2010-05-10 14:20 . 2010-05-10 14:20 12800 ----a-w- c:\documents and settings\tim\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-758eb166-n\decora-d3d.dll
2010-05-10 14:20 . 2010-05-10 14:19 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-10 03:08 . 2010-05-10 03:08 -------- d-----w- c:\program files\ESET
2010-05-10 02:55 . 2010-05-10 02:57 130492 ----a-w- C:\MGlogs.zip
2010-05-10 02:55 . 2010-05-10 02:57 -------- d-----w- C:\MGtools
2010-05-10 01:26 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-10 01:26 . 2010-05-10 01:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-10 01:26 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-09 21:06 . 2010-05-10 13:40 -------- d-----w- c:\program files\CCleaner
2010-05-09 01:02 . 2008-05-02 14:41 3493888 ---ha-w- c:\documents and settings\tim\Application Data\U3\temp\Launchpad Removal.exe
2010-05-09 00:54 . 2010-05-09 01:02 -------- d-----w- c:\documents and settings\tim\Application Data\U3
2010-04-22 22:13 . 2010-04-22 22:13 439816 ----a-w- c:\documents and settings\mandy\Application Data\Real\Update\setup3.10\setup.exe
2010-04-19 15:22 . 2010-04-19 15:22 -------- d-----w- c:\documents and settings\tim\Local Settings\Application Data\Temp
2010-04-19 15:22 . 2010-04-19 15:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-04-19 15:18 . 2010-04-19 15:18 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-04-19 13:59 . 2010-04-19 13:59 -------- d-----w- c:\documents and settings\tim\Application Data\Roxio
2010-04-19 12:59 . 2010-04-19 12:59 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2010-04-16 15:43 . 2010-04-16 15:43 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-16 15:43 . 2010-04-16 15:43 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-16 15:42 . 2010-04-16 15:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-04-16 12:39 . 2010-04-16 12:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-11 20:26 . 2007-10-03 20:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-05-10 14:19 . 2005-04-13 18:57 -------- d-----w- c:\program files\Java
2010-05-10 13:38 . 2005-04-30 00:29 -------- d-----w- c:\program files\Symantec
2010-05-10 01:24 . 2008-11-22 23:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-10 01:24 . 2008-11-22 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-05-10 01:24 . 2006-11-26 20:45 -------- d-----w- c:\program files\Games
2010-05-09 21:50 . 2010-01-18 14:53 117760 ----a-w- c:\documents and settings\tim\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-09 00:06 . 2005-04-13 19:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-05-06 14:36 . 2009-10-03 05:44 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-20 21:45 . 2006-12-25 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Napster
2010-04-20 21:45 . 2005-04-13 18:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-19 15:17 . 2006-09-02 16:22 -------- d-----w- c:\program files\Google
2010-04-16 15:44 . 2009-02-07 00:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-10 00:40 . 2010-04-06 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-04-06 21:01 . 2010-04-06 21:01 -------- d-----w- c:\program files\Alwil Software
2010-03-28 18:12 . 2010-03-28 18:12 -------- d-----w- c:\program files\KingsIsle Entertainment
2010-03-11 12:38 . 2004-08-04 10:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-04 10:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-10 16:11 . 2010-03-10 16:11 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-03-09 11:09 . 2004-08-04 10:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-27 13:55 . 2009-06-17 00:35 117760 ----a-w- c:\documents and settings\mandy\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-24 13:11 . 2004-08-04 10:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 1980-01-01 05:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 1980-01-01 05:00 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-04 10:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2009-01-19 23:02 . 2009-01-19 23:02 1754 ----a-w- c:\program files\msjjqeri.txt
2006-09-02 16:22 . 2006-09-02 16:23 774144 ----a-w- c:\program files\RngInterstitial.dll
2006-08-17 02:05 . 2006-08-17 02:05 2489 ----a-w- c:\program files\Microsoft Word (2).lnk
2007-07-26 19:32 . 2007-08-30 16:59 66408 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-07-26 19:32 . 2007-08-30 16:59 54112 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-07-26 19:32 . 2007-08-30 16:59 34688 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-07-26 19:32 . 2007-08-30 16:59 46456 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-07-26 19:32 . 2007-08-30 16:59 171880 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2008-06-19 09:16 . 2008-06-19 09:16 118784 ----a-w- c:\program files\mozilla firefox\plugins\MyCamera.dll
2006-07-16 21:04 . 2005-10-10 00:59 848 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2009-04-01 17:16 193472 ------w- c:\program files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adaptec DirectCD"="c:\progra~1\Adaptec\DirectCD\directcd.exe" [2000-01-18 1126400]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"XDc"="c:\program files\Xtreme Desktop\xdc\startxdc.exe" [2006-10-03 1383478]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-09-17 615696]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2001-10-06 24576]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2009-10-14 222728]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-17 135168]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 53248]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2001-08-23 331830]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-14 198160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\mandy\Start Menu\Programs\Startup\
iWin Desktop Alerts.lnk - c:\documents and settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe [2008-7-12 317952]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
ImageMixer 3 SE Camera Monitor Ver.5.lnk - c:\program files\PIXELA\ImageMixer 3 SE Ver.5\Transfer Utility\CameraMonitor.exe [2009-9-19 253952]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-8-7 24633]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-12-07 02:37 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Global Star Software\\Airport Tycoon 3\\at3.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\StubInstaller.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [5/11/2010 8:49 AM 164048]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/15/2009 5:17 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/15/2009 5:17 PM 66632]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [5/11/2010 8:49 AM 19024]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S1 Cdudf;Cdudf;c:\windows\SYSTEM32\DRIVERS\CDUDF.SYS [9/25/2006 9:04 AM 221408]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/19/2010 11:17 AM 135664]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 5:17 PM 12872]
.
Contents of the 'Scheduled Tasks' folder

2010-05-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-19 15:17]

2010-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-19 15:17]

2010-05-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: {F375116A-793C-11D2-BFE1-444553540001} - hxxp://realist2.firstamres.com/mapviewer/mapviewer.cab
FF - ProfilePath - c:\documents and settings\tim\Application Data\Mozilla\Firefox\Profiles\xqh87d5f.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-12 16:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\LocalService_Classes\Software\Fun Web Products\ScreenSaver]
@DACL=(02 0000)

[HKEY_USERS\S-1-5-20_Classes\Software\Fun Web Products\ScreenSaver]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A9EA839D-D535-415D-84C2-864A27431C76}\InprocServer32]
@DACL=(02 0000)
@="c:\\Documents and Settings\\All Users\\Application Data\\Microsoft\\Internet Explorer\\DLLs\\ieModule.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(636)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(980)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Xtreme Desktop\xdc\xdc.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-05-12 16:21:39 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-12 20:21
ComboFix2.txt 2010-05-10 02:37

Pre-Run: 33,538,801,664 bytes free
Post-Run: 33,599,557,632 bytes free

- - End Of File - - 0421F8197AE3A6F28E34EDD45A4AFC2F



#11 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:57 AM

Posted 14 May 2010 - 02:31 PM

Good evening. smile.gif

Please download BootCheck.exe and save it to your Desktop.
  • Double click BootCheck.exe to run the tool.
  • A Command Window will open and close a few seconds later and a Notepad window will then appear, as if by magic, with some text in it
  • Assuming you can contain your excitement, please post the contents in your next reply

So long, and thanks for all the fish.

 

 


#12 Big Ern

Big Ern
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:GA
  • Local time:10:57 PM

Posted 14 May 2010 - 02:45 PM

I managed somehow to contain my excitement w00t.gif ...so here's the results of boot check:

CMDCONS Folder exists!

Contents of C:\boot.ini:

[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect


#13 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:02:57 AM

Posted 14 May 2010 - 08:21 PM

Please download maxlook by noahdfear from here and save it to your Desktop.
  • Double click the tool to run it - please do this only once.
  • When prompted, reboot into the Recovery Console:
  • Restart your computer.
  • Before Windows loads, you will be prompted to choose which Operating System to start.
  • Use the up/down arrow keys to select Microsoft Windows Recovery Console
  • You must enter which Windows installation to log onto (there may be more than one) - select the C:\Windows option and press Enter.
  • You now need to enter the following command and then press Enter:

    batch look.bat

  • While the tool is running you will see 1 file(s) copied repeatedly and then when completed you will see the command prompt return - C:\Windows>
  • To reboot the PC as normal, enter the command exit and then press Enter.

Once the PC has rebooted, go to Start > Run..., enter the following in the text box and click OK:
    maxlook -sig
Follow the prompts, and post (or attach) the log produced, C:\looklog.txt

So long, and thanks for all the fish.

 

 


#14 Big Ern

Big Ern
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:GA
  • Local time:10:57 PM

Posted 14 May 2010 - 08:40 PM

will do tommorrow morning when I get home from work. Thanks and have a good one...

#15 Big Ern

Big Ern
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:GA
  • Local time:10:57 PM

Posted 15 May 2010 - 07:45 AM

Here is the looklog:

CODE
Run from C:\Documents and Settings\tim\Desktop\maxlook.exe on Sat 05/15/2010 at  8:40:00.04

--------- maxlook unsigned files ---------

c:\windows\maxdriver\cdr4_2K.sys:
    Verified:    Unsigned
    File date:    00:08 1/18/2000
    Publisher:    Adaptec
    Description:    CDR4_2k CDR Helper
    Product:    Adaptec's CD-R Helper Drivers
    Version:    2.5 (087)
    File version:    2.5 (087)
c:\windows\maxdriver\cdralw2k.sys:
    Verified:    Unsigned
    File date:    14:32 9/7/2005
    Publisher:    Sonic Solutions
    Description:    CDRAL for Windows 2000 Kernel Driver
    Product:    Drag-to-Disc
    Version:    7.5.0.50
    File version:    7.5.0.50
c:\windows\maxdriver\CDUDF.SYS:
    Verified:    Unsigned
    File date:    09:04 9/25/2006
    Publisher:    Adaptec
    Description:    CD-UDF NT Filesystem Driver
    Product:    DirectCD
    Version:    3.01 (165)
    File version:    3.01 (165)
c:\windows\maxdriver\drvmcdb.sys:
    Verified:    Unsigned
    File date:    04:22 12/1/2004
    Publisher:    Sonic Solutions
    Description:    Device Driver
    Product:    n/a
    Version:    n/a
    File version:    3.22.03a
c:\windows\maxdriver\drvnddm.sys:
    Verified:    Unsigned
    File date:    03:56 11/23/2004
    Publisher:    Sonic Solutions
    Description:    Device Driver Manager
    Product:    n/a
    Version:    n/a
    File version:    2.56.43a
c:\windows\maxdriver\iqvw32.sys:
    Verified:    Unsigned
    File date:    15:27 2/11/2004
    Publisher:    Intel Corporation
    Description:    Intel(R) Network Adapter Diagnostic Driver
    Product:    Intel(R) iQVW32.SYS
    Version:    1.01.0.3
    File version:    1.01.0.3 built by: WinDDK
c:\windows\maxdriver\mmc_2k.sys:
    Verified:    Unsigned
    File date:    09:04 9/25/2006
    Publisher:    Adaptec
    Description:    CD-R/RW AddOn MMC Driver (W2K)
    Product:    DirectCD
    Version:    3.01 (164)
    File version:    3.01 (164)
c:\windows\maxdriver\omci.sys:
    Verified:    Unsigned
    File date:    14:45 11/8/2002
    Publisher:    Dell Computer Corporation
    Description:    OMCI Device Driver
    Product:    OMCI Driver
    Version:    7, 0, 323, 0
    File version:    7, 0, 323, 0
c:\windows\maxdriver\pwd_2K.sys:
    Verified:    Unsigned
    File date:    09:04 9/25/2006
    Publisher:    Adaptec
    Description:    Win2000 Framework for Packet Write Driver
    Product:    DirectCD
    Version:    3.01 (164)
    File version:    3.01 (164)
c:\windows\maxdriver\pxhelp20.sys:
    Verified:    Unsigned
    File date:    03:03 8/2/2004
    Publisher:    Sonic Solutions
    Description:    Px Engine Device Driver for Windows 2000/XP
    Product:    PxHelp20
    Version:    n/a
    File version:    2.03.16a
c:\windows\maxdriver\sscdbhk5.sys:
    Verified:    Unsigned
    File date:    12:29 7/14/2004
    Publisher:    Sonic Solutions
    Description:    Shared Driver Component
    Product:    n/a
    Version:    n/a
    File version:    1.10.87a
c:\windows\maxdriver\ssrtln.sys:
    Verified:    Unsigned
    File date:    12:28 7/14/2004
    Publisher:    Sonic Solutions
    Description:    Shared Driver Component
    Product:    n/a
    Version:    n/a
    File version:    1.10.87a
c:\windows\maxdriver\UdfReadr.sys:
    Verified:    Unsigned
    File date:    00:08 1/18/2000
    Publisher:    Adaptec
    Description:    CD-UDF NT Filesystem Reader Driver
    Product:    UDF Reader Driver
    Version:    1.03 (112)
    File version:    1.03 (112)

--------- system32\drivers unsigned files ---------

c:\windows\system32\drivers\cdr4_2K.sys:
    Verified:    Unsigned
    File date:    00:08 1/18/2000
    Publisher:    Adaptec
    Description:    CDR4_2k CDR Helper
    Product:    Adaptec's CD-R Helper Drivers
    Version:    2.5 (087)
    File version:    2.5 (087)
c:\windows\system32\drivers\cdralw2k.sys:
    Verified:    Unsigned
    File date:    14:32 9/7/2005
    Publisher:    Sonic Solutions
    Description:    CDRAL for Windows 2000 Kernel Driver
    Product:    Drag-to-Disc
    Version:    7.5.0.50
    File version:    7.5.0.50
c:\windows\system32\drivers\CDUDF.SYS:
    Verified:    Unsigned
    File date:    09:04 9/25/2006
    Publisher:    Adaptec
    Description:    CD-UDF NT Filesystem Driver
    Product:    DirectCD
    Version:    3.01 (165)
    File version:    3.01 (165)
c:\windows\system32\drivers\drvmcdb.sys:
    Verified:    Unsigned
    File date:    04:22 12/1/2004
    Publisher:    Sonic Solutions
    Description:    Device Driver
    Product:    n/a
    Version:    n/a
    File version:    3.22.03a
c:\windows\system32\drivers\drvnddm.sys:
    Verified:    Unsigned
    File date:    03:56 11/23/2004
    Publisher:    Sonic Solutions
    Description:    Device Driver Manager
    Product:    n/a
    Version:    n/a
    File version:    2.56.43a
c:\windows\system32\drivers\iqvw32.sys:
    Verified:    Unsigned
    File date:    15:27 2/11/2004
    Publisher:    Intel Corporation
    Description:    Intel(R) Network Adapter Diagnostic Driver
    Product:    Intel(R) iQVW32.SYS
    Version:    1.01.0.3
    File version:    1.01.0.3 built by: WinDDK
c:\windows\system32\drivers\mmc_2k.sys:
    Verified:    Unsigned
    File date:    09:04 9/25/2006
    Publisher:    Adaptec
    Description:    CD-R/RW AddOn MMC Driver (W2K)
    Product:    DirectCD
    Version:    3.01 (164)
    File version:    3.01 (164)
c:\windows\system32\drivers\omci.sys:
    Verified:    Unsigned
    File date:    14:45 11/8/2002
    Publisher:    Dell Computer Corporation
    Description:    OMCI Device Driver
    Product:    OMCI Driver
    Version:    7, 0, 323, 0
    File version:    7, 0, 323, 0
c:\windows\system32\drivers\pwd_2K.sys:
    Verified:    Unsigned
    File date:    09:04 9/25/2006
    Publisher:    Adaptec
    Description:    Win2000 Framework for Packet Write Driver
    Product:    DirectCD
    Version:    3.01 (164)
    File version:    3.01 (164)
c:\windows\system32\drivers\pxhelp20.sys:
    Verified:    Unsigned
    File date:    03:03 8/2/2004
    Publisher:    Sonic Solutions
    Description:    Px Engine Device Driver for Windows 2000/XP
    Product:    PxHelp20
    Version:    n/a
    File version:    2.03.16a
c:\windows\system32\drivers\sscdbhk5.sys:
    Verified:    Unsigned
    File date:    12:29 7/14/2004
    Publisher:    Sonic Solutions
    Description:    Shared Driver Component
    Product:    n/a
    Version:    n/a
    File version:    1.10.87a
c:\windows\system32\drivers\ssrtln.sys:
    Verified:    Unsigned
    File date:    12:28 7/14/2004
    Publisher:    Sonic Solutions
    Description:    Shared Driver Component
    Product:    n/a
    Version:    n/a
    File version:    1.10.87a
c:\windows\system32\drivers\UdfReadr.sys:
    Verified:    Unsigned
    File date:    00:08 1/18/2000
    Publisher:    Adaptec
    Description:    CD-UDF NT Filesystem Reader Driver
    Product:    UDF Reader Driver
    Version:    1.03 (112)
    File version:    1.03 (112)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users