Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have a new redirect in IE


  • This topic is locked This topic is locked
2 replies to this topic

#1 buysndeals

buysndeals

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:30528
  • Local time:11:42 AM

Posted 04 September 2010 - 12:23 PM

Attached File  ark.txt..log   19.63KB   0 downloadsAttached File  ark.txt..log   19.63KB   0 downloads

DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 16:54:42.53 on Thu 09/02/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.86 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\vVX6000.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Roxio 2010\5.0\CPMonitor.exe
C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\WINDOWS\system32\VxBlockServer.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Roxio 2010\Roxio Burn\Roxio Burn.exe
C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Program Files\NCH Software\Eyeline\eyeline.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHDLDCS.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\StkASv2K.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\Defogger.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =
uStart Page = hxxp://my.ebay.com/ws/eBayISAPI.dll?MyeBay&CurrentPage=MyeBayAllSelling&migrateVisitor=3
uSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: OToolbarHelper Class: {ead3a971-6a23-4246-8691-c9244e858967} - c:\program files\paypal\paypal plug-in\PayPalHelper.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: PayPal Plug-In: {dc0f2f93-27fa-4f84-acaa-9416f90b9511} - c:\program files\paypal\paypal plug-in\OToolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [cdloader] "c:\documents and settings\administrator\application data\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [VX6000] c:\windows\vVX6000.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\12.0\sharedcom\RoxWatchTray12.exe"
mRun: [CPMonitor] "c:\program files\roxio 2010\5.0\CPMonitor.exe"
mRun: [Desktop Disc Tool] "c:\program files\roxio 2010\roxio burn\RoxioBurnLauncher.exe"
mRun: [AudioDeck] c:\program files\via\viaudioi\sbadeck\ADeck.exe 1
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: cinemanow.com
Trusted Zone: roxio.com
Trusted Zone: sonic.com\redirect2
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209752488453
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CEDDF50D-9FA7-41A8-BCD0-6350D1ED2306} - hxxps://care.windstream.com/lwp/static/installers/WebflowActiveXInstaller_3-0-0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} - hxxps://care.windstream.com/lwp/static/installers/ALLTELControls.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {2F8C6D1F-1995-40EF-9CAA-3ECC40F19A87} - No File
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 aaatimeo;aaatimeo;c:\windows\system32\drivers\aaatimeo.sys [2006-2-26 4928]
R0 afamgt;afamgt;c:\windows\system32\drivers\afamgt.sys [2006-3-28 91707]
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2008-1-21 21512]
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2010-2-11 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2010-2-11 15856]
R0 siwinacc;siwinacc;c:\windows\system32\drivers\siwinacc.sys [2004-11-1 10368]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-3-15 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-3-15 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-3-15 243024]
R1 c2scsi;c2scsi;c:\windows\system32\drivers\c2scsi.sys [2009-11-20 244608]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2010-2-11 25584]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\roxio\backontrack\disaster recovery\SaibSVC.exe [2009-6-2 457200]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
R2 CinemaNow Service;CinemaNow Service;c:\program files\cinemanow\cinemanow media manager\CinemaNowSvc.exe [2009-6-23 127352]
R2 EyelineService;Eyeline Video System;c:\program files\nch software\eyeline\eyeline.exe [2010-8-27 675844]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-8-26 10448]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-3-15 47640]
R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2009-9-19 91392]
R2 OKI OPHD DCS Loader;OKI OPHD DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHDLDCS.EXE [2008-5-2 24576]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2007-11-30 5120]
R3 SymSnapService;SymSnapService;c:\program files\norton ghost\shared\drivers\SymSnapService.exe [2007-12-20 1553904]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-23 135664]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\12.0\sharedcom\RoxWatch12.exe [2009-7-24 219632]
S3 cpuz132;cpuz132;\??\c:\docume~1\admini~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\admini~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-1-21 26248]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-12-7 42112]
S3 Normandy;Normandy SR2; [x]
S3 RoxMediaDB12;RoxMediaDB12;c:\program files\common files\roxio shared\12.0\sharedcom\RoxMediaDB12.exe [2009-7-24 1116656]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\j:\ntglm7x.sys --> j:\NTGLM7X.sys [?]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2008-7-4 2077840]
S3 WLRAWMp50x86;WLRAWMp50x86 NDIS Protocol Driver;c:\windows\system32\drivers\wlrawmp50x86.sys --> c:\windows\system32\drivers\WLRAWMp50x86.sys [?]
S3 WLRAWSp50x86;WLRAWSp50x86 NDIS Protocol Driver;c:\windows\system32\drivers\wlrawsp50x86.sys --> c:\windows\system32\drivers\WLRAWSp50x86.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2010-09-02 20:54:06 0 ----a-w- c:\documents and settings\administrator\defogger_reenable
2010-09-02 14:56:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-02 14:56:36 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-28 15:34:37 0 d-----w- c:\program files\Trend Micro
2010-08-28 15:03:20 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-27 13:27:02 0 d-----w- c:\program files\NCH Swift Sound
2010-08-27 13:25:08 0 d-----w- c:\program files\NCH Software
2010-08-26 21:29:40 0 d-----w- c:\program files\WiLife Command Center
2010-08-26 21:29:23 0 d-----w- c:\docume~1\alluse~1\applic~1\WiLife
2010-08-26 20:39:18 10448 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2010-08-26 20:37:20 0 d-----w- c:\docume~1\admini~1\applic~1\Logishrd
2010-08-26 14:01:17 0 d-----w- c:\docume~1\alluse~1\applic~1\magicJack
2010-08-26 13:58:19 0 d-----w- c:\docume~1\admini~1\applic~1\mjusbsp
2010-08-26 13:32:39 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-08-26 13:32:39 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-08-26 13:32:39 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-08-26 13:32:39 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-08-26 13:32:39 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-08-26 13:32:37 0 d-----w- c:\program files\Trojan Remover
2010-08-26 13:32:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Simply Super Software
2010-08-26 13:32:37 0 d-----w- c:\docume~1\admini~1\applic~1\Simply Super Software
2010-08-23 17:58:42 91648 --sha-r- c:\windows\system32\scredirx.dll
2010-08-10 16:37:07 0 d-----w- c:\program files\iPod
2010-08-10 16:36:35 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-10 16:28:16 0 d-----w- c:\program files\Bonjour
2010-08-09 16:21:49 0 d-----w- c:\docume~1\admini~1\applic~1\GetRightToGo
2010-08-09 16:16:10 0 d-----w- c:\program files\Microsoft
2010-08-09 16:15:08 0 d-----w- c:\docume~1\alluse~1\applic~1\Driver Whiz

==================== Find3M ====================

2010-07-18 00:45:01 203776 --sh--w- c:\windows\system32\unrar.exe
2010-07-17 23:46:52 146432 ----a-w- c:\windows\system32\fxsapi32.dll
2010-07-17 09:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-16 13:03:22 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 13:03:17 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 13:02:13 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ------w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll

============= FINISH: 16:56:53.98 ===============


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-04 12:38:48
Windows 5.1.2600 Service Pack 3, v.5973
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdypoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\disk.sys entry point in ".rsrc" section [0xF7584514]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF5684360, 0x37388D, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!DrawTextExW 7E41E413 5 Bytes JMP 00DCCB0A
.text C:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!CreateWindowExW 7E41F32B 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!UnhookWindowsHookEx 7E41F883 5 Bytes JMP 3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!DrawTextW 7E41FA72 5 Bytes JMP 00DCC94C
.text C:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!CallNextHookEx 7E42054E 5 Bytes JMP 3E2DD135 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!DialogBoxParamW 7E425204 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!SetWindowsHookExW 7E42DFFE 5 Bytes JMP 3E2E9AD5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!SetClipboardData 7E430FAE 5 Bytes JMP 00DCC5D4
.text C:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!DialogBoxIndirectParamW 7E432082 5 Bytes JMP 3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!MessageBoxIndirectA 7E43A08A 5 Bytes JMP 3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!DialogBoxParamA 7E43B14C 5 Bytes JMP 3E3E4B0C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!DrawTextA 7E43C70A 5 Bytes JMP 00DCC873
.text C:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!DrawTextExA 7E43C741 5 Bytes JMP 00DCCA25
.text C:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!MessageBoxExW 7E4507F8 5 Bytes JMP 3E3E4972 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!MessageBoxExA 7E45081C 5 Bytes JMP 3E3E49D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!DialogBoxIndirectParamA 7E456D78 5 Bytes JMP 3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2908] USER32.dll!MessageBoxIndirectW 7E4664CD 5 Bytes JMP 3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2908] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 00DCC7A9
.text C:\Program Files\Internet Explorer\iexplore.exe[2908] GDI32.dll!ExtTextOutW 77F18086 5 Bytes JMP 00DCCCD1
.text C:\Program Files\Internet Explorer\iexplore.exe[2908] GDI32.dll!TextOutA 77F1BA4F 5 Bytes JMP 00DCC6DF
.text C:\Program Files\Internet Explorer\iexplore.exe[2908] GDI32.dll!ExtTextOutA 77F1D3FA 5 Bytes JMP 00DCCBEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2908] GDI32.dll!GetGlyphIndicesA 77F3DFE3 5 Bytes JMP 00DCD07C
.text C:\Program Files\Internet Explorer\iexplore.exe[2908] GDI32.dll!GetGlyphIndicesW 77F52604 5 Bytes JMP 00DCD143
.text C:\Program Files\Internet Explorer\iexplore.exe[2908] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2908] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4EF0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2908] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00DCB833
.text C:\Program Files\Internet Explorer\iexplore.exe[2908] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00DCC549
.text C:\Program Files\Internet Explorer\iexplore.exe[2908] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00DCC25D
.text C:\Program Files\Internet Explorer\iexplore.exe[2908] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00DCC465
.text C:\Program Files\Internet Explorer\iexplore.exe[2908] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00DCB779
.text C:\Program Files\Internet Explorer\iexplore.exe[2908] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00DCC300
.text C:\Program Files\Internet Explorer\iexplore.exe[2908] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00DCC3A7
.text C:\Program Files\Internet Explorer\iexplore.exe[2908] WS2_32.dll!WSAAsyncGetHostByName 71ABE99D 5 Bytes JMP 00DCBBA6
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] USER32.dll!DrawTextExW 7E41E413 5 Bytes JMP 00A7CB0A
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] USER32.dll!CreateWindowExW 7E41F32B 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] USER32.dll!DrawTextW 7E41FA72 5 Bytes JMP 00A7C94C
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] USER32.dll!DialogBoxParamW 7E425204 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] USER32.dll!SetClipboardData 7E430FAE 5 Bytes JMP 00A7C5D4
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] USER32.dll!DialogBoxIndirectParamW 7E432082 5 Bytes JMP 3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] USER32.dll!MessageBoxIndirectA 7E43A08A 5 Bytes JMP 3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] USER32.dll!DialogBoxParamA 7E43B14C 5 Bytes JMP 3E3E4B0C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] USER32.dll!DrawTextA 7E43C70A 5 Bytes JMP 00A7C873
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] USER32.dll!DrawTextExA 7E43C741 5 Bytes JMP 00A7CA25
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] USER32.dll!MessageBoxExW 7E4507F8 5 Bytes JMP 3E3E4972 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] USER32.dll!MessageBoxExA 7E45081C 5 Bytes JMP 3E3E49D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] USER32.dll!DialogBoxIndirectParamA 7E456D78 5 Bytes JMP 3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] USER32.dll!MessageBoxIndirectW 7E4664CD 5 Bytes JMP 3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 00A7C7A9
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] GDI32.dll!ExtTextOutW 77F18086 5 Bytes JMP 00A7CCD1
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] GDI32.dll!TextOutA 77F1BA4F 5 Bytes JMP 00A7C6DF
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] GDI32.dll!ExtTextOutA 77F1D3FA 5 Bytes JMP 00A7CBEF
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] GDI32.dll!GetGlyphIndicesA 77F3DFE3 5 Bytes JMP 00A7D07C
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] GDI32.dll!GetGlyphIndicesW 77F52604 5 Bytes JMP 00A7D143
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00A7B833
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00A7C549
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00A7C25D
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00A7C465
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00A7B779
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00A7C300
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00A7C3A7
.text C:\Program Files\Internet Explorer\iexplore.exe[5548] WS2_32.dll!WSAAsyncGetHostByName 71ABE99D 5 Bytes JMP 00A7BBA6
.text C:\Program Files\Internet Explorer\iexplore.exe[5760] USER32.dll!DrawTextExW 7E41E413 5 Bytes JMP 00A7CB0A
.text C:\Program Files\Internet Explorer\iexplore.exe[5760] USER32.dll!CreateWindowExW 7E41F32B 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5760] USER32.dll!UnhookWindowsHookEx 7E41F883 5 Bytes JMP 3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5760] USER32.dll!DrawTextW 7E41FA72 5 Bytes JMP 00A7C94C
.text C:\Program Files\Internet Explorer\iexplore.exe[5760] USER32.dll!CallNextHookEx 7E42054E 5 Bytes JMP 3E2DD135 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5760] USER32.dll!DialogBoxParamW 7E425204 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5760] USER32.dll!SetWindowsHookExW 7E42DFFE 5 Bytes JMP 3E2E9AD5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5760] USER32.dll!SetClipboardData 7E430FAE 5 Bytes JMP 00A7C5D4
.text C:\Program Files\Internet Explorer\iexplore.exe[5760] USER32.dll!DialogBoxIndirectParamW 7E432082 5 Bytes JMP 3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5760] USER32.dll!MessageBoxIndirectA 7E43A08A 5 Bytes JMP 3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5760] USER32.dll!DialogBoxParamA 7E43B14C 5 Bytes JMP 3E3E4B0C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5760] USER32.dll!DrawTextA 7E43C70A 5 Bytes JMP 00A7C873
.text C:\Program Files\Internet Explorer\iexplore.exe[5760] USER32.dll!DrawTextExA 7E43C741 5 Bytes JMP 00A7CA25
.text C:\Program Files\Internet Explorer\iexplore.exe[5760] USER32.dll!MessageBoxExW 7E4507F8 5 Bytes JMP 3E3E4972 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5760] USER32.dll!MessageBoxExA 7E45081C 5 Bytes JMP 3E3E49D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5760] USER32.dll!DialogBoxIndirectParamA 7E456D78 5 Bytes JMP 3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5760] USER32.dll!MessageBoxIndirectW 7E4664CD 5 Bytes JMP 3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5760] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 00A7C7A9
.text C:\Program Files\Internet Explorer\iexplore.exe[5760] GDI32.dll!ExtTextOutW 77F18086 5 Bytes JMP 00A7CCD1
.text C:\Program Files\Internet Explorer\iexplore.exe[5760] GDI32.dll!TextOutA 77F1BA4F 5 Bytes JMP 00A7C6DF
.text C:\Program Files\Internet Explorer\iexplore.exe[5760] GDI32.dll!ExtTextOutA 77F1D3FA 5 Bytes JMP 00A7CBEF
.text C:\Program Files\Internet Explorer\iexplore.exe[5760] GDI32.dll!GetGlyphIndicesA 77F3DFE3 5 Bytes JMP 00A7D07C
.text C:\Program Files\Internet Explorer\iexplore.exe[5760] GDI32.dll!GetGlyphIndicesW 77F52604 5 Bytes JMP 00A7D143
.text C:\Program Files\Internet Explorer\iexplore.exe[5760] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5760] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4EF0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5760] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00A7B833
.text C:\Program Files\Internet Explorer\iexplore.exe[5760] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00A7C549
.text C:\Program Files\Internet Explorer\iexplore.exe[5760] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00A7C25D
.text C:\Program Files\Internet Explorer\iexplore.exe[5760] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00A7C465
.text C:\Program Files\Internet Explorer\iexplore.exe[5760] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00A7B779
.text C:\Program Files\Internet Explorer\iexplore.exe[5760] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00A7C300
.text C:\Program Files\Internet Explorer\iexplore.exe[5760] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00A7C3A7
.text C:\Program Files\Internet Explorer\iexplore.exe[5760] WS2_32.dll!WSAAsyncGetHostByName 71ABE99D 5 Bytes JMP 00A7BBA6

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 SaibIa32.sys (Disk Filter Driver/Sonic Solutions)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 SaibIa32.sys (Disk Filter Driver/Sonic Solutions)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device -> \Driver\atapi \Device\Harddisk0\DR0 86E30ECC

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs C:\WINDOWS\system32\acaptuser32.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0xC1 0xA6 0x41 0xAE ...
Reg HKLM\SOFTWARE\Classes\CLSID\{e84340bd-4104-462f-a489-f5ef11d3c4a0}@Model 200
Reg HKLM\SOFTWARE\Classes\CLSID\{e84340bd-4104-462f-a489-f5ef11d3c4a0}@Therad 16
Reg HKLM\SOFTWARE\Classes\CLSID\{e84340bd-4104-462f-a489-f5ef11d3c4a0}@MData 0x2B 0x8F 0x78 0x29 ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\disk.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:42 PM

Posted 04 September 2010 - 02:38 PM

Good evening. smile.gif

Take a trip to this webpage for download links and instructions for running Combofix by sUBs.*
  • Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start.
  • When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste it into your next reply.
  • Let me know how the PC is behaving.
* There are two points to note from the instructions page:

1) The Recovery Console.

It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.
CF will complete some, but not all, of it's removal tasks without the installation of the Console so, should you choose not to allow the installation, you may not get the results you hoped for.

2) Disabling your Anti-Virus.

CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for either.

So long, and thanks for all the fish.

 

 


#3 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:42 PM

Posted 09 September 2010 - 02:22 PM

As there has been no response for five days this thread is now closed.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users