Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Webpage redirections


  • This topic is locked This topic is locked
24 replies to this topic

#1 Rimsky

Rimsky

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 17 May 2010 - 03:01 PM

Hello.

I while back my PC contracted a bug whereby bogus security alerts started to pop up. It also disabled the abilty to run any executable files. Through searching on a forum, I found a registry fix which fixed the executables problem. Malwarebytes' Anti-malware was suggested for removing the security alerts. I run, it and it found the problem and supposedly deleted it. However, on next reboot, the problem reappeared. Eventually I found a utility called TDSSKiller which has killed the XP Security 2010 virus.

However, now I seem to be redirected from Google pages to random web pages. It's not just Google either. Sometimes, a new tab pop ups even if I don't click on anything. Various fora suggest running the TDSSKiller which I have done. It reports that it's found a problem and fixed it. But it's lying - the problem reappears next reboot. The sites I get redirected to always have the same graphic to the left of the address bar. Example attached.

I have run DDS and the logs are copied and attached as requested. However GMER makes my PC hang so I've not been able to complete a scan successfully.

System info: Windows XP Pro SP3, Firefox (default browser), IE8.

I would be extremely grateful for your help.

Many thanks,
Mark


DDS (Ver_10-03-17.01) - NTFSx86
Run by Mark at 19:13:50.12 on 17/05/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1015.54 [GMT 1:00]

AV: ZoneAlarm Extreme Security Antivirus *On-access scanning enabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Extreme Security Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\ASUS\PC Probe II\Probe2.exe
C:\Program Files\ASUS\AASP\1.00.23\aaCenter.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Eraser\Eraser.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Documents and Settings\Mark\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [Power2GoExpress] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\acrobat\AdobeUpdateManager.exe" AcPro7_1_0 -reboot 1
uRun: [AdobeBridge]
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] "c:\program files\cyberlink\powerbackup\PBKScheduler.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [SkyTel] SkyTel.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [PCMService] "c:\program files\cyberlink\powercinema\PCMService.exe"
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Launch PC Probe II] "c:\program files\asus\pc probe ii\Probe2.exe" 1
mRun: [AsusStartupHelp] c:\program files\asus\aasp\1.00.23\AsRunHelp.exe
mRun: [AsusServiceProvider] c:\program files\asus\aasp\1.00.23\aaCenter.exe
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [Alcmtr] ALCMTR.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NeroCheck] c:\windows\system32\\NeroCheck.exe
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [BtTray] "c:\program files\ivt corporation\bluesoleil\BtTray.exe"
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" -H
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [Eraser] "c:\progra~1\eraser\Eraser.exe" --atRestart
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\wave.bat
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebP

Attached Files


Edited by Rimsky, 18 May 2010 - 07:20 AM.
Added in a bit more log from another post. ~ OB


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:25 AM

Posted 19 May 2010 - 02:46 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Rimsky

Rimsky
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 20 May 2010 - 05:06 PM

Dear myrti

Thanks for your reply. Here are the reports as requested.

Mark




OTL logfile created on: 20/05/2010 22:29:25 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Mark\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,015.00 Mb Total Physical Memory | 128.00 Mb Available Physical Memory | 13.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 37.00% Paging File free
Paging file location(s): P:\pagefile.sys 1524 4950 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.48 Gb Total Space | 29.39 Gb Free Space | 12.86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 7.08 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
Drive G: | 926.63 Gb Total Space | 427.79 Gb Free Space | 46.17% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive P: | 4.88 Gb Total Space | 3.36 Gb Free Space | 68.94% Space Free | Partition Type: NTFS

Computer Name: RIMSKYTHREE
Current User Name: Mark
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/20 22:27:16 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\OTL.exe
PRC - [2010/05/20 19:21:35 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\WINDOWS\Temp\Adobelm_Cleanup.0001
PRC - [2010/04/12 23:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/04/04 00:18:42 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/15 20:06:51 | 000,378,176 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2009/12/15 09:46:48 | 000,976,784 | ---- | M] (The Eraser Project) -- C:\Program Files\Eraser\Eraser.exe
PRC - [2009/11/13 12:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/10/26 08:33:41 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/10/17 02:41:10 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/10/17 02:39:40 | 001,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/10/14 14:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2009/09/10 12:15:42 | 000,870,672 | ---- | M] (SonicWALL, Inc.) -- C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
PRC - [2009/06/22 22:23:38 | 000,196,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
PRC - [2009/04/30 12:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/27 17:04:38 | 000,850,432 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
PRC - [2009/02/27 17:04:34 | 000,278,016 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
PRC - [2009/02/27 16:42:20 | 000,098,407 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
PRC - [2009/02/27 16:40:48 | 000,143,467 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
PRC - [2009/02/06 18:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/10/29 16:35:34 | 000,199,616 | ---- | M] (Vuze Inc.) -- C:\Program Files\Azureus\Azureus.exe
PRC - [2008/04/23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/03 16:09:32 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2007/01/05 18:39:46 | 000,597,504 | R--- | M] () -- C:\Program Files\ASUS\AASP\1.00.23\aaCenter.exe
PRC - [2007/01/05 18:36:06 | 002,129,920 | ---- | M] (ASUS) -- C:\Program Files\ASUS\PC Probe II\Probe2.exe
PRC - [2006/06/13 06:39:24 | 000,118,784 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
PRC - [2006/05/16 23:12:59 | 000,075,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
PRC - [2006/03/21 14:19:40 | 000,069,632 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
PRC - [2005/01/14 19:22:52 | 000,737,379 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
PRC - [2005/01/14 19:22:50 | 000,024,576 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
PRC - [2005/01/14 19:22:26 | 000,110,711 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
PRC - [2005/01/14 19:22:24 | 000,172,153 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
PRC - [2005/01/14 19:21:46 | 000,110,744 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerCinema\PCMService.exe
PRC - [2004/10/06 20:28:30 | 000,798,720 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
PRC - [2004/03/29 17:08:16 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe


========== Modules (SafeList) ==========

MOD - [2010/05/20 22:27:16 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\OTL.exe
MOD - [2009/10/26 08:33:32 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2009/10/14 14:30:36 | 000,628,080 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
MOD - [2009/10/14 14:30:06 | 000,546,160 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.dll
MOD - [2009/09/10 12:15:48 | 000,013,072 | ---- | M] () -- C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\MlfHook.dll
MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/12 02:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2005/12/19 20:16:10 | 000,135,168 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/15 20:07:05 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2009/12/17 17:36:24 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/11/13 12:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/10/27 10:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/10/17 02:41:10 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/10/14 14:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2009/04/30 12:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2009/02/27 17:04:38 | 000,850,432 | ---- | M] () [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2009/02/27 16:42:20 | 000,098,407 | ---- | M] () [On_Demand | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)
SRV - [2009/02/27 16:40:48 | 000,143,467 | ---- | M] () [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe -- (BsMobileCS)
SRV - [2009/02/14 16:40:44 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/08/03 16:09:32 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2007/02/05 11:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 11:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/12/14 03:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 03:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 02:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/01/14 19:22:50 | 000,024,576 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005/01/14 19:22:26 | 000,110,711 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2005/01/14 19:22:24 | 000,172,153 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2004/03/29 17:08:16 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe -- (Belkin 54g Wireless USB Network Adapter Service)


========== Driver Services (SafeList) ==========

DRV - [2010/01/15 20:06:53 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2009/10/17 02:39:42 | 000,486,280 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/10/14 14:30:02 | 000,025,208 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2009/10/14 14:29:48 | 000,035,448 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys -- (icsak)
DRV - [2009/10/12 19:15:30 | 000,317,072 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2009/10/12 19:15:26 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\kl1.sys -- (kl1)
DRV - [2009/02/14 23:22:16 | 000,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)
DRV - [2009/01/08 02:20:04 | 000,031,880 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2009/01/07 23:39:36 | 000,020,744 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BtHidBus.sys -- (BtHidBus)
DRV - [2009/01/03 16:40:12 | 000,039,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2008/12/12 10:33:58 | 006,048,768 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/12/07 12:44:54 | 000,030,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetBus.sys -- (btnetBUs)
DRV - [2008/12/07 12:44:18 | 000,014,088 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT)
DRV - [2008/11/25 15:23:30 | 000,033,800 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2008/11/15 12:18:42 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/11/15 12:18:27 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/07/02 14:58:48 | 000,026,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/21 19:27:50 | 000,014,856 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2007/03/07 18:56:37 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2007/03/07 18:54:19 | 000,642,560 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2006/11/22 13:41:18 | 000,022,416 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Program Files\IVT Corporation\BlueSoleil\device\Win2k\BTNetFilter.sys -- (BTNetFilter)
DRV - [2006/10/19 04:12:16 | 000,012,664 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2006/07/24 16:15:04 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/02/27 06:46:20 | 000,081,408 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/04/30 15:50:20 | 000,011,860 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2005/04/30 15:50:10 | 000,028,271 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2004/11/13 17:19:00 | 000,014,453 | ---- | M] (franson.biz) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bizVSerialNT.sys -- (bizVSerial)
DRV - [2004/08/13 11:56:00 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/07/16 12:14:30 | 000,140,416 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (bkn50USB)
DRV - [2003/09/25 23:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2003/01/22 22:37:36 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/05/31 17:35:02 | 000,076,976 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pnp680r.sys -- (Pnp680r)
DRV - [2001/08/17 14:49:10 | 000,026,624 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irstusb.sys -- (STIrUsb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-796845957-152049171-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-796845957-152049171-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.85
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.4
FF - prefs.js..extensions.enabledItems: {be7e016e-4aea-4690-b59f-094890f69cce}:2.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABD59049-8F4C-4F50-A274-CC63527942FA}:1.01
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2

FF - HKLM\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010/03/06 18:04:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/02/07 23:28:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/10 23:23:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/04 00:18:46 | 000,000,000 | ---D | M]

[2009/09/26 16:35:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Mozilla\Extensions
[2009/09/26 16:35:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Mozilla\Extensions\home2@tomtom.com
[2010/05/20 19:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\oihla6y8.default\extensions
[2010/05/06 00:02:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\oihla6y8.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2009/09/03 21:54:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\oihla6y8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/01 10:42:21 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\oihla6y8.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2009/07/27 18:13:41 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\oihla6y8.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
[2008/10/03 20:36:54 | 000,000,000 | ---D | M] (Movies Extractor Scout helper) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\oihla6y8.default\extensions\{ABD59049-8F4C-4F50-A274-CC63527942FA}
[2008/08/30 12:13:55 | 000,000,000 | ---D | M] (hideBad) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\oihla6y8.default\extensions\{be7e016e-4aea-4690-b59f-094890f69cce}
[2009/09/18 20:40:04 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\oihla6y8.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/09/27 13:20:39 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\oihla6y8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/12/01 23:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\oihla6y8.default\extensions\LogMeInClient@logmein.com
[2008/01/17 20:46:03 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\oihla6y8.default\searchplugins\aolsearch.xml
[2008/06/22 11:03:56 | 000,000,908 | ---- | M] () -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\oihla6y8.default\searchplugins\imdb.xml
[2007/02/04 00:03:45 | 000,001,068 | ---- | M] () -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\oihla6y8.default\searchplugins\wikipedia-english.xml
[2010/05/20 19:41:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/01/17 13:17:00 | 002,609,152 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
[2007/08/09 13:08:00 | 000,008,784 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ractrlkeyhook.dll
[2007/08/09 13:10:00 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\unicows.dll
[2010/03/12 21:16:38 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/12 21:16:38 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/12 21:16:38 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/12 21:16:39 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/04/24 23:49:10 | 000,393,593 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.0.1 router
O1 - Hosts: 192.168.0.2 printerwired
O1 - Hosts: 192.168.0.3 printerwireless
O1 - Hosts: 127.0.0.1 .supercocklol.com
O1 - Hosts: 127.0.0.1 www..webloyalty.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 13594 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-796845957-152049171-725345543-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-796845957-152049171-725345543-1003\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.23\aaCenter.exe ()
O4 - HKLM..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.23\AsRunHelp.exe ()
O4 - HKLM..\Run: [BtTray] C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [Launch PC Probe II] C:\Program Files\ASUS\PC Probe II\Probe2.exe (ASUS)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe ()
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-796845957-152049171-725345543-1003..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-796845957-152049171-725345543-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-796845957-152049171-725345543-1003..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\wave.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-796845957-152049171-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Extract Flash Video with Bytescout... - C:\Program Files\Bytescout Movies Extractor Scout\flashextract_ie.html ()
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm ()
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm ()
O9 - Extra Button: Extract Flash Video with Bytescout... - {789A1DA3-3DD3-4536-80DF-E33993E6D9C0} - C:\Program Files\Bytescout Movies Extractor Scout\flashextract_ie.html ()
O9 - Extra 'Tools' menuitem : Extract Flash Video with Bytescout... - {C803A8E1-A194-4767-8E8C-CDB25693DD08} - C:\Program Files\Bytescout Movies Extractor Scout\flashextract_ie.html ()
O9 - Extra Button: Flash Movie Extractor Scout - {CB49D928-FD87-4A5D-A7F9-8D8F530C39F9} - C:\Program Files\Flash Movie Extractor Scout\flashextract.exe ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\S-1-5-21-796845957-152049171-725345543-1003\..Trusted Domains: firsttitle.eu ([sslvpn] http in Trusted sites)
O15 - HKU\S-1-5-21-796845957-152049171-725345543-1003\..Trusted Domains: firsttitle.eu ([sslvpn] https in Trusted sites)
O15 - HKU\S-1-5-21-796845957-152049171-725345543-1003\..Trusted Domains: internet ([]about in Internet)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} https://sslvpn.firsttitle.eu/vdesk/terminal...0,2010,226,1307 (OPSWAT AntiViruses Class)
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} https://sslvpn.firsttitle.eu/vdesk/cachecle...,2009,0824,2121 (F5 Networks CacheCleaner)
O16 - DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} https://sslvpn.firsttitle.eu/vdesk/terminal...0,2010,226,1307 (OPSWAT FireWalls Class)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://sslvpn.firsttitle.eu/vdesk/terminal...,2008,1112,2313 (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} https://sslvpn.firsttitle.eu/vdesk/terminal...,2009,0828,1616 (F5 Networks Auto Update)
O16 - DPF: {49EC7987-E331-44E3-B170-748B58A268B9} https://sslvpn.firsttitle.eu/vdesk/terminal...0,2010,226,1307 (OPSWAT ProcessesScanner Class)
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} http://www.srtest.com/srl_bin/sysreqlab_ind.cab (System Requirements Lab Class)
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} https://sslvpn.firsttitle.eu/vdesk/terminal/f5InspectionHost.

#4 Rimsky

Rimsky
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 20 May 2010 - 05:11 PM

Here are the files as attachments as I'm not sure the logs were added in full in my previous post.

Mark

Attached Files



#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:25 AM

Posted 20 May 2010 - 06:41 PM

Hi,

please try running Gmer as follows:
please try to uncheck everything except sections as shown in this picture:


Let me know if the scan does now complete.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 Rimsky

Rimsky
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 21 May 2010 - 02:58 AM

Hi myrti

The GMER scan hung as before. Whole PC stopped responding (as before). Required a hard reboot.

Thanks,
Mark

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:25 AM

Posted 21 May 2010 - 05:25 AM

Hi,

I would like you to run TDSSKiller again. The tool has been updated recently so please make sure that you download a fresh copy:
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 Rimsky

Rimsky
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 21 May 2010 - 05:33 AM

Myrti

I have run TDSSKiller from the command line as requested. It didn't say "Hidden service detected". Here's the log.

Thanks,
Mark



11:31:19:625 7236 TDSS rootkit removing tool 2.3.0.0 May 12 2010 18:11:17
11:31:19:625 7236 ================================================================================
11:31:19:625 7236 SystemInfo:

11:31:19:625 7236 OS Version: 5.1.2600 ServicePack: 3.0
11:31:19:625 7236 Product type: Workstation
11:31:19:625 7236 ComputerName: RIMSKYTHREE
11:31:19:625 7236 UserName: Mark
11:31:19:625 7236 Windows directory: C:\WINDOWS
11:31:19:625 7236 Processor architecture: Intel x86
11:31:19:625 7236 Number of processors: 2
11:31:19:625 7236 Page size: 0x1000
11:31:19:625 7236 Boot type: Normal boot
11:31:19:625 7236 ================================================================================
11:31:35:343 7236 UnloadDriverW: NtUnloadDriver error 2
11:31:35:343 7236 ForceUnloadDriverW: UnloadDriverW(klmd23) error 2
11:31:35:578 7236 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
11:31:35:578 7236 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
11:31:35:578 7236 wfopen_ex: Trying to KLMD file open
11:31:35:578 7236 wfopen_ex: File opened ok (Flags 2)
11:31:35:578 7236 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
11:31:35:578 7236 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
11:31:35:578 7236 wfopen_ex: Trying to KLMD file open
11:31:35:578 7236 wfopen_ex: File opened ok (Flags 2)
11:31:35:593 7236 KLAVA engine initialized
11:31:37:140 7236 Initialize success
11:31:37:140 7236
11:31:37:140 7236 Scanning Services ...
11:31:38:359 7236 Raw services enum returned 392 services
11:31:38:390 7236
11:31:38:390 7236 Scanning Drivers ...
11:31:39:296 7236 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:31:39:390 7236 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:31:39:515 7236 adfs (ece68655d81d662bc961abc05ba9680e) C:\WINDOWS\system32\drivers\adfs.sys
11:31:39:578 7236 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:31:39:671 7236 AegisP (4b66e250c94c92522c33a759d5d273cb) C:\WINDOWS\system32\DRIVERS\AegisP.sys
11:31:39:781 7236 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
11:31:39:906 7236 AsIO (663f2fb92608073824ee3106886120f3) C:\WINDOWS\system32\drivers\AsIO.sys
11:31:39:953 7236 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:31:40:046 7236 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
11:31:40:062 7236 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:31:40:140 7236 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:31:40:203 7236 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:31:40:265 7236 bizVSerial (df854d8ccf04ded2cea9fd90df9c3ba8) C:\WINDOWS\system32\drivers\bizVSerialNT.sys
11:31:40:343 7236 bkn50USB (6d39682a1051a5be7437ec99f1bf9921) C:\WINDOWS\system32\DRIVERS\rt2500usb.sys
11:31:40:437 7236 BlueletAudio (bc0e1c15e6fb3e20cd558f496ea684a0) C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
11:31:40:453 7236 BT (8e2d9ece59dfe7d310201e0d65d97ecb) C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
11:31:40:515 7236 Btcsrusb (942c602296119d758547808221c85a2c) C:\WINDOWS\system32\Drivers\btcusb.sys
11:31:40:578 7236 BtHidBus (ce441ccd98c5ecb10cb12fcaf97322ec) C:\WINDOWS\system32\Drivers\BtHidBus.sys
11:31:40:625 7236 BTHidEnum (161969d2dd1d39cd2f1edbc60c61fa99) C:\WINDOWS\system32\DRIVERS\vbtenum.sys
11:31:40:656 7236 BTHidMgr (a9164c2a39bd917b9f42ae087560ac3d) C:\WINDOWS\system32\Drivers\BTHidMgr.sys
11:31:40:687 7236 btnetBUs (d3c277a51ef9e2ec972d6221f99c0b6d) C:\WINDOWS\system32\Drivers\btnetBus.sys
11:31:40:843 7236 BTNetFilter (4f26303becbb7cc5ca8ff39593124cf2) C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys
11:31:40:906 7236 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:31:40:984 7236 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:31:41:062 7236 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:31:41:093 7236 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:31:41:156 7236 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:31:41:250 7236 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:31:41:312 7236 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:31:41:375 7236 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:31:41:500 7236 dmload (207877ddf55d58fb401264fc273e91b0) C:\WINDOWS\system32\drivers\dmload.sys
11:31:41:500 7236 Suspicious file (Forged): C:\WINDOWS\system32\drivers\dmload.sys. Real md5: 207877ddf55d58fb401264fc273e91b0, Fake md5: e9317282a63ca4d188c0df5e09c6ac5f
11:31:41:500 7236 File "C:\WINDOWS\system32\drivers\dmload.sys" infected by TDSS rootkit ... 11:31:42:578 7236 Backup copy found, using it..
11:31:42:671 7236 will be cured on next reboot
11:31:42:781 7236 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:31:42:843 7236 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:31:42:921 7236 dtscsi (12aca694b50ea53563c1e7c99e7bb27d) C:\WINDOWS\System32\Drivers\dtscsi.sys
11:31:42:921 7236 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\dtscsi.sys. md5: 12aca694b50ea53563c1e7c99e7bb27d
11:31:42:953 7236 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:31:43:000 7236 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:31:43:062 7236 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:31:43:125 7236 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:31:43:203 7236 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:31:43:328 7236 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:31:43:375 7236 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:31:43:406 7236 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:31:43:484 7236 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\WINDOWS\system32\drivers\grmnusb.sys
11:31:43:578 7236 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
11:31:43:671 7236 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:31:43:843 7236 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:31:43:921 7236 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:31:44:015 7236 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:31:44:265 7236 ialm (66a685b05066683621920bc14a45cfe8) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
11:31:44:750 7236 icsak (267d0048ae39a5bb2a5effdd722becc8) C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys
11:31:44:812 7236 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:31:45:000 7236 IntcAzAudAddService (12f4d2aa29745dc2a403ff42e75cf7fa) C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:31:45:390 7236 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:31:45:468 7236 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:31:45:546 7236 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:31:45:609 7236 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:31:45:656 7236 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:31:45:718 7236 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:31:45:796 7236 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
11:31:45:859 7236 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:31:45:906 7236 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:31:46:046 7236 ISWKL (6c614b6fd20194835c77346f6c34156e) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
11:31:46:093 7236 IvtBtBUs (71e1fc547cc488d5cd7bf0860c96f5af) C:\WINDOWS\system32\Drivers\IvtBtBus.sys
11:31:46:156 7236 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:31:46:187 7236 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:31:46:250 7236 kl1 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\WINDOWS\system32\DRIVERS\kl1.sys
11:31:46:281 7236 KLIF (a11c971434468fa05815eec8228d63fd) C:\WINDOWS\system32\DRIVERS\klif.sys
11:31:46:359 7236 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:31:46:406 7236 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:31:46:625 7236 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
11:31:46:734 7236 LMImirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\LMImirr.sys
11:31:46:796 7236 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
11:31:46:906 7236 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:31:47:000 7236 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:31:47:046 7236 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:31:47:109 7236 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:31:47:125 7236 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:31:47:156 7236 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:31:47:250 7236 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:31:47:296 7236 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:31:47:421 7236 MSIRCOMM (95c6432151ccff8617352f8e616a1aa4) C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
11:31:47:484 7236 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:31:47:515 7236 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:31:47:546 7236 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:31:47:593 7236 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:31:47:640 7236 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
11:31:47:718 7236 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
11:31:47:765 7236 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
11:31:47:828 7236 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:31:47:890 7236 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:31:47:921 7236 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:31:47:984 7236 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:31:48:046 7236 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:31:48:109 7236 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:31:48:171 7236 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
11:31:48:234 7236 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:31:48:281 7236 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:31:48:312 7236 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:31:48:359 7236 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:31:48:453 7236 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:31:48:515 7236 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:31:48:546 7236 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:31:48:593 7236 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
11:31:48:656 7236 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:31:48:703 7236 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:31:48:765 7236 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
11:31:48:781 7236 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:31:48:843 7236 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:31:48:906 7236 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:31:48:984 7236 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
11:31:49:109 7236 pfc (2c1eb94c24a6a1d3434481b0a5fa9c08) C:\WINDOWS\system32\drivers\pfc.sys
11:31:49:187 7236 Pnp680r (a1d7a9214b71ebbb6f31cb84aac15525) C:\WINDOWS\system32\DRIVERS\pnp680r.sys
11:31:49:203 7236 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:31:49:234 7236 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:31:49:281 7236 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:31:49:312 7236 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:31:49:375 7236 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:31:49:406 7236 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
11:31:49:484 7236 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:31:49:546 7236 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:31:49:640 7236 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:31:49:671 7236 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:31:49:718 7236 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:31:49:781 7236 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:31:49:828 7236 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
11:31:49:843 7236 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:31:49:921 7236 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
11:31:49:984 7236 RTL8023xp (8e34400ffc7d647946d9c820678775af) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
11:31:50:046 7236 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:31:50:093 7236 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:31:50:125 7236 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:31:50:187 7236 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:31:50:250 7236 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:31:50:296 7236 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:31:50:390 7236 sptd (cdd306493d5829e710ca56bb50bc3809) C:\WINDOWS\system32\Drivers\sptd.sys
11:31:50:390 7236 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdd306493d5829e710ca56bb50bc3809
11:31:50:421 7236 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:31:50:500 7236 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
11:31:50:546 7236 STIrUsb (a1a16662c6b1a665d965d61b9eecc5a7) C:\WINDOWS\system32\DRIVERS\irstusb.sys
11:31:50:609 7236 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:31:50:656 7236 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:31:50:750 7236 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:31:50:843 7236 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:31:50:937 7236 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:31:50:968 7236 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:31:51:031 7236 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:31:51:062 7236 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:31:51:109 7236 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:31:51:187 7236 UnlockerDriver5 (f365fa561c3ab455d8685770d208691a) C:\Program Files\Unlocker\UnlockerDriver5.sys
11:31:51:250 7236 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:31:51:312 7236 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:31:51:375 7236 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:31:51:421 7236 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:31:51:468 7236 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:31:51:515 7236 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:31:51:562 7236 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:31:51:593 7236 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:31:51:687 7236 VComm (0955553090e0a88614e5b8a02af9324c) C:\WINDOWS\system32\DRIVERS\VComm.sys
11:31:51:718 7236 VcommMgr (ea0d7c68dc77b478f1c08022b8afe8ca) C:\WINDOWS\system32\Drivers\VcommMgr.sys
11:31:51:765 7236 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:31:51:843 7236 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:31:51:921 7236 vsdatant (1045d05bbd5170565927d7653346c961) C:\WINDOWS\system32\vsdatant.sys
11:31:51:984 7236 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:31:52:046 7236 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
11:31:52:156 7236 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:31:52:187 7236 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:31:52:234 7236 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:31:52:281 7236 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:31:52:296 7236 Reboot required for cure complete..
11:31:52:328 7236 Cure on reboot scheduled successfully
11:31:52:328 7236
11:31:52:328 7236 Completed
11:31:52:328 7236
11:31:52:328 7236 Results:
11:31:52:328 7236 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
11:31:52:328 7236 File objects infected / cured / cured on reboot: 1 / 0 / 1
11:31:52:328 7236
11:31:52:328 7236 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
11:31:52:328 7236 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
11:31:52:328 7236 UnloadDriverW: NtUnloadDriver error 1
11:31:52:343 7236 KLMD(ARK) unloaded successfully


#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:25 AM

Posted 21 May 2010 - 08:12 AM

Hi,

please try running gmer again. Also please let me know if the redirects persist.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 Rimsky

Rimsky
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 21 May 2010 - 09:47 AM

Hi

GMER still makes the PC hang (even if I don't start scanning). However, I've not been redirected in recent minutes... Fingers crossed?

Ta,
Mark

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:25 AM

Posted 22 May 2010 - 04:03 AM

Hi,

TDSSKiller removed an infection that will cause redirects. So it is quite possible that the redirects won't return.

Please run a scan with Eset:
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 Rimsky

Rimsky
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 23 May 2010 - 02:37 AM

Myrti

Here's the report from Eset.

Mark

C:\Documents and Settings\Mark\Application Data\Desktopicon\eBayShortcuts.exe a variant of Win32/Adware.ADON application cleaned by deleting - quarantined
C:\Documents and Settings\Mark\Application Data\Sun\Java\Deployment\cache\6.0\15\71cfa04f-3a5f252b a variant of Java/Exploit.Agent.F trojan deleted - quarantined
C:\Documents and Settings\Mark\Application Data\Sun\Java\Deployment\cache\6.0\16\4ab810d0-15d73863 multiple threats deleted - quarantined
C:\Documents and Settings\Mark\Application Data\Sun\Java\Deployment\cache\6.0\21\48c57615-3462448a a variant of Java/Exploit.Agent.F trojan deleted - quarantined
C:\Documents and Settings\Mark\Application Data\Sun\Java\Deployment\cache\6.0\24\5fe61458-35f1a558 Java/TrojanDownloader.Agent.NAM trojan deleted - quarantined
C:\Documents and Settings\Mark\Application Data\Sun\Java\Deployment\cache\6.0\32\2591d5a0-1123ef2e multiple threats deleted - quarantined
C:\Documents and Settings\Mark\Application Data\Sun\Java\Deployment\cache\6.0\45\352e636d-256d85dc a variant of Java/Exploit.Agent.F trojan deleted - quarantined
C:\Documents and Settings\Mark\Application Data\Sun\Java\Deployment\cache\6.0\54\11c850f6-61f2c2a7 a variant of Java/TrojanDownloader.Agent.NAX trojan deleted - quarantined
C:\Documents and Settings\Mark\Application Data\Sun\Java\Deployment\cache\6.0\56\67d827b8-761da2e9 Java/TrojanDownloader.Agent.NAM trojan deleted - quarantined
C:\Documents and Settings\Mark\Application Data\Sun\Java\Deployment\cache\6.0\61\56b08ffd-6825ffc7 Java/TrojanDownloader.Agent.NAM trojan deleted - quarantined
C:\Documents and Settings\Mark\Application Data\Sun\Java\Deployment\cache\6.0\62\4e5b5f3e-3eb7ccc1 multiple threats deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\35\240cbe63-37ac2b86 Java/TrojanDownloader.Agent.NAM trojan deleted - quarantined
C:\Installation Files\MyPhoneExplorer 1.7.5\MyPhoneExplorer_Setup_1.7.5.exe Win32/Adware.ADON application deleted - quarantined
C:\Installation Files\Unlocker 1.8.8\unlocker1.8.8.exe Win32/Adware.ADON application deleted - quarantined


#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:25 AM

Posted 23 May 2010 - 04:45 AM

Hi,

this is looking good. How is your PC doing?

Please update your java next:
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 20 (JDK or JRE)"
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u20-windows-i586.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 Rimsky

Rimsky
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 23 May 2010 - 05:07 AM

Hi myrti

I have the following items with Java in the title:

Java™ 6 Update 18
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Jave Runtime Environment 6 (or similar title - already uninstalled it).

Do I need to uninstall the Updates as well as the JRE?

Thanks,
Mark

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:25 AM

Posted 23 May 2010 - 05:38 AM

Hi,

yes please also uninstall all updates. Java's update are not incremental, meaning that every update replaces the previous instead of being an addition.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users