Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google results/links being redirected


  • This topic is locked This topic is locked
19 replies to this topic

#1 sherlockelly

sherlockelly

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 05 October 2010 - 02:40 PM

Hello, this is a common problem, I can see, haha.

It just started the other night and I ran MWAB and SuperAnti-Spyware, which removed some stuff, but the redirects are still happening.

HiJack This! Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:38:43 PM, on 10/5/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Common Files\Corel\Standby\Standby.exe
C:\Documents and Settings\Kelly\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5643
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CacherBHO - {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Program Files\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Standby] "c:\Program Files\Common Files\Corel\Standby\Standby.exe" -START
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Download All using 4shared Desktop - C:\Program Files\4shared Desktop\down_all.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 8622 bytes

Edited by Noviciate, 05 October 2010 - 04:11 PM.
removed tags


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:50 PM

Posted 12 October 2010 - 06:52 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


And

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.


Then

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
Posted Image
m0le is a proud member of UNITE

#3 sherlockelly

sherlockelly
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 12 October 2010 - 08:39 PM

Thanks for the response. Here is the information:

DDS Log:
QUOTE
DDS (Ver_10-10-10.03) - NTFSx86
Run by Kelly at 16:54:15.34 on Tue 10/12/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.262 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Kelly\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:5643
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: CatcherBHO Class: {9b4df450-dcc7-4b07-935d-0cd757a64583} - c:\program files\moyea\youtube flv downloader\MoyeaCatcher.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ShStatEXE] "c:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE
mRun: [TPSMain] TPSMain.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Standby] "c:\program files\common files\corel\standby\Standby.exe" -START
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: &Download All using 4shared Desktop - c:\program files\4shared desktop\down_all.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kelly\applic~1\mozilla\firefox\profiles\zrwchchq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - plugin: c:\documents and settings\kelly\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

============= SERVICES / DRIVERS ===============

R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2009-4-17 58016]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2009-4-17 102463]
R2 McTaskManager;Network Associates Task Manager;c:\program files\network associates\virusscan\VsTskMgr.exe [2004-8-18 28672]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
S0 bojfjha;bojfjha;c:\windows\system32\drivers\vnxplyj.sys --> c:\windows\system32\drivers\vnxplyj.sys [?]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 JakNDisMP;JakNDisMP;c:\windows\system32\drivers\jakndis.sys --> c:\windows\system32\drivers\JakNDis.sys [?]
S3 McShield;Network Associates McShield;c:\program files\network associates\virusscan\Mcshield.exe [2004-8-18 221191]
S3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2009-4-17 108256]

=============== Created Last 30 ================

2010-10-10 18:09:13 -------- d-----w- c:\program files\Veetle
2010-09-28 19:31:16 -------- d-----w- c:\program files\Moyea
2010-09-28 01:48:09 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-09-28 01:48:09 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-09-27 20:33:00 -------- d-----w- c:\docume~1\kelly\applic~1\Moyea
2010-09-27 20:13:37 -------- d-----w- c:\docume~1\kelly\locals~1\applic~1\Jaksta_LLC
2010-09-27 00:38:10 88 --sh--r- c:\docume~1\alluse~1\applic~1\AD8637D1B6.sys
2010-09-27 00:38:09 5642 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2010-09-27 00:35:44 -------- d-----w- c:\program files\SmartSound Software
2010-09-27 00:35:43 -------- d-----w- c:\docume~1\alluse~1\applic~1\SmartSound Software Inc
2010-09-27 00:33:32 -------- d-----w- c:\windows\system32\windows media
2010-09-27 00:33:05 -------- d-----w- c:\windows\RegisteredPackages
2010-09-27 00:33:04 -------- d--h--w- c:\windows\msdownld.tmp
2010-09-27 00:32:47 -------- d-----w- c:\docume~1\alluse~1\applic~1\InterVideo
2010-09-27 00:29:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\Corel
2010-09-27 00:22:03 -------- d-----w- c:\program files\common files\Corel
2010-09-27 00:20:22 -------- d-----w- c:\program files\Windows Media Components
2010-09-27 00:19:31 -------- d-----w- c:\program files\common files\Ulead Systems
2010-09-27 00:18:08 -------- d-----w- c:\program files\Corel
2010-09-27 00:11:01 297808 ----a-w- c:\windows\system32\TBDC2.tmp
2010-09-26 22:02:43 -------- d-----w- c:\docume~1\kelly\applic~1\WinFF
2010-09-26 22:02:41 -------- d-----w- c:\program files\WinFF
2010-09-26 21:50:39 -------- d-----w- C:\OutputFolder
2010-09-26 21:45:39 -------- d-----w- c:\program files\DebugMode
2010-09-26 21:19:08 -------- d-----w- C:\085878c24386ec657d
2010-09-26 21:06:51 165376 ----a-w- c:\windows\system32\unrar.dll
2010-09-26 19:42:30 -------- d-----w- c:\program files\common files\Adobe Systems Shared
2010-09-19 02:40:10 73728 ----a-w- c:\windows\system32\javacpl.cpl

==================== Find3M ====================

2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-17 12:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll

============= FINISH: 16:55:43.57 ===============



gmer log
QUOTE
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-12 18:37:09
Windows 5.1.2600 Service Pack 3
Running: otyjm78w.exe; Driver: C:\DOCUME~1\Kelly\LOCALS~1\Temp\kwnciaob.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA9153620]

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xB99A4DBF]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[1956] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 00B48328

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)

Device \FileSystem\Cdfs \Cdfs A827D400

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0A 0x97 0xD4 0xE6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x8B 0xCD 0x45 0x4C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x41 0x42 0xBB 0x88 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x89 0x14 0xCC 0x45 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x35 0x92 0x92 0xDE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA4 0x01 0x7D 0xC9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0A 0x97 0xD4 0xE6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x8B 0xCD 0x45 0x4C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x41 0x42 0xBB 0x88 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x89 0x14 0xCC 0x45 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x35 0x92 0x92 0xDE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA4 0x01 0x7D 0xC9 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0A 0x97 0xD4 0xE6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x8B 0xCD 0x45 0x4C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x41 0x42 0xBB 0x88 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x89 0x14 0xCC 0x45 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x35 0x92 0x92 0xDE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA4 0x01 0x7D 0xC9 ...

---- EOF - GMER 1.0.15 ----


#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:50 PM

Posted 13 October 2010 - 03:58 PM

There's a few entries there that need to go but we need to check for a rootkit and its possible symptom which will make cleaning the PC impossible
  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


And

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#5 sherlockelly

sherlockelly
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 13 October 2010 - 06:56 PM

TDSS:
QUOTE
2010/10/13 16:51:13.0985 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/13 16:51:13.0985 ================================================================================
2010/10/13 16:51:13.0985 SystemInfo:
2010/10/13 16:51:13.0985
2010/10/13 16:51:13.0985 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/13 16:51:13.0985 Product type: Workstation
2010/10/13 16:51:13.0985 ComputerName: KELLY-DFC7585FE
2010/10/13 16:51:13.0985 UserName: Kelly
2010/10/13 16:51:13.0985 Windows directory: C:\WINDOWS
2010/10/13 16:51:13.0985 System windows directory: C:\WINDOWS
2010/10/13 16:51:13.0985 Processor architecture: Intel x86
2010/10/13 16:51:13.0985 Number of processors: 1
2010/10/13 16:51:13.0985 Page size: 0x1000
2010/10/13 16:51:13.0985 Boot type: Normal boot
2010/10/13 16:51:13.0985 ================================================================================
2010/10/13 16:51:14.0406 Initialize success
2010/10/13 16:51:17.0260 ================================================================================
2010/10/13 16:51:17.0260 Scan started
2010/10/13 16:51:17.0260 Mode: Manual;
2010/10/13 16:51:17.0260 ================================================================================
2010/10/13 16:51:19.0183 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/13 16:51:19.0413 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/10/13 16:51:19.0593 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/13 16:51:19.0693 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/13 16:51:20.0044 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/10/13 16:51:20.0214 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/13 16:51:20.0264 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/13 16:51:20.0314 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/13 16:51:20.0354 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/13 16:51:20.0384 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/13 16:51:20.0665 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/13 16:51:20.0705 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/10/13 16:51:20.0815 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/13 16:51:20.0895 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/13 16:51:20.0935 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/13 16:51:21.0005 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/10/13 16:51:21.0055 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/10/13 16:51:21.0246 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
2010/10/13 16:51:21.0316 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/13 16:51:21.0396 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/13 16:51:21.0586 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
2010/10/13 16:51:21.0626 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/13 16:51:21.0676 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/13 16:51:21.0756 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/13 16:51:21.0827 EntDrv51 (f45717d58b785b18c60c97aa1e9dbafa) C:\WINDOWS\system32\drivers\EntDrv51.sys
2010/10/13 16:51:21.0947 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/13 16:51:22.0017 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/10/13 16:51:22.0047 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/13 16:51:22.0067 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/10/13 16:51:22.0117 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/10/13 16:51:22.0177 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/13 16:51:22.0207 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/13 16:51:22.0257 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/10/13 16:51:22.0427 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/13 16:51:22.0568 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/10/13 16:51:22.0688 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/13 16:51:22.0798 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/10/13 16:51:22.0828 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/10/13 16:51:22.0858 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/10/13 16:51:22.0898 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/13 16:51:23.0038 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/13 16:51:23.0489 ialm (2aae7be67911f4aec9ad28e9cfb9096f) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/10/13 16:51:23.0859 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/13 16:51:24.0140 IntcAzAudAddService (1a5b97b5bffde5742f4209f734c4faf0) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/10/13 16:51:24.0430 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/10/13 16:51:24.0490 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/10/13 16:51:24.0530 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/10/13 16:51:24.0570 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/13 16:51:24.0600 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/13 16:51:24.0651 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/13 16:51:24.0691 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/13 16:51:24.0861 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/13 16:51:24.0921 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/13 16:51:25.0001 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/13 16:51:25.0041 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/13 16:51:25.0091 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/13 16:51:25.0191 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys
2010/10/13 16:51:25.0251 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/13 16:51:25.0352 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/13 16:51:25.0402 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/13 16:51:25.0462 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/13 16:51:25.0522 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/13 16:51:25.0602 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/13 16:51:25.0672 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/13 16:51:25.0752 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/13 16:51:25.0832 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/13 16:51:25.0872 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/13 16:51:25.0942 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/13 16:51:26.0003 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/10/13 16:51:26.0043 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/13 16:51:26.0123 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/10/13 16:51:26.0153 NaiAvFilter1 (b7334eee4ad6d63daea7ce109a0dc7ae) C:\WINDOWS\system32\drivers\naiavf5x.sys
2010/10/13 16:51:26.0193 NaiAvTdi1 (8ae511ab181f63b72273ba41cb37f818) C:\WINDOWS\system32\drivers\mvstdi5x.sys
2010/10/13 16:51:26.0253 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/13 16:51:26.0373 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/10/13 16:51:26.0423 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/13 16:51:26.0453 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/13 16:51:26.0473 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/13 16:51:26.0513 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/13 16:51:26.0533 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/13 16:51:26.0553 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/13 16:51:26.0603 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/10/13 16:51:26.0683 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/13 16:51:26.0724 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/13 16:51:26.0814 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/13 16:51:26.0864 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/13 16:51:26.0894 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/13 16:51:26.0944 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/10/13 16:51:26.0994 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/10/13 16:51:27.0084 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/13 16:51:27.0114 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/13 16:51:27.0174 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/13 16:51:27.0274 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2010/10/13 16:51:27.0364 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/10/13 16:51:27.0745 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/13 16:51:27.0835 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/13 16:51:27.0875 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/13 16:51:28.0096 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/13 16:51:28.0136 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/13 16:51:28.0166 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/13 16:51:28.0186 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/13 16:51:28.0226 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/13 16:51:28.0246 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/13 16:51:28.0316 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/10/13 16:51:28.0426 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/13 16:51:28.0466 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/13 16:51:28.0546 s24trans (96b4494d4734970f47c566e098c4f527) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2010/10/13 16:51:28.0666 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/10/13 16:51:28.0676 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/10/13 16:51:28.0897 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/10/13 16:51:28.0967 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/13 16:51:29.0017 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/10/13 16:51:29.0057 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2010/10/13 16:51:29.0097 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2010/10/13 16:51:29.0127 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/13 16:51:29.0297 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/10/13 16:51:29.0397 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/13 16:51:29.0508 sptd (7f1b7c4d446cd3f926af45b8c48bd593) C:\WINDOWS\system32\Drivers\sptd.sys
2010/10/13 16:51:29.0568 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/13 16:51:29.0668 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/13 16:51:29.0758 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/10/13 16:51:29.0828 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/13 16:51:29.0898 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/13 16:51:30.0048 SynTP (e295fffff3aaf9a6a40b29497901908f) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/10/13 16:51:30.0108 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/13 16:51:30.0199 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/13 16:51:30.0359 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/13 16:51:30.0449 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/13 16:51:30.0509 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/13 16:51:30.0579 tifm21 (0edc3cf7b38f4260eb006c38e4a44de4) C:\WINDOWS\system32\drivers\tifm21.sys
2010/10/13 16:51:30.0699 TVALD (676db15ddf2e0ff6ec03068dea428b8b) C:\WINDOWS\system32\DRIVERS\NBSMI.sys
2010/10/13 16:51:30.0779 Tvs (cc6763889198ef975b143d49789bcfa9) C:\WINDOWS\system32\DRIVERS\Tvs.sys
2010/10/13 16:51:30.0849 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/13 16:51:30.0950 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/13 16:51:31.0040 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/10/13 16:51:31.0130 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/10/13 16:51:31.0260 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/13 16:51:31.0340 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/13 16:51:31.0410 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/13 16:51:31.0490 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/13 16:51:31.0550 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/13 16:51:31.0621 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/13 16:51:31.0691 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/13 16:51:31.0781 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/10/13 16:51:31.0851 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/13 16:51:31.0901 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/13 16:51:32.0071 w29n51 (f0608f3b5b6d16f4870e867f9d069b6b) C:\WINDOWS\system32\DRIVERS\w29n51.sys
2010/10/13 16:51:32.0372 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/13 16:51:32.0592 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/10/13 16:51:32.0782 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/13 16:51:32.0892 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/10/13 16:51:33.0023 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/10/13 16:51:33.0123 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/10/13 16:51:33.0203 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/10/13 16:51:33.0283 yukonwxp (7d1def979b4e536e12882ee84f7c719a) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
2010/10/13 16:51:33.0563 ================================================================================
2010/10/13 16:51:33.0563 Scan finished
2010/10/13 16:51:33.0563 ================================================================================
2010/10/13 16:53:04.0464 Deinitialize success



MBRCheck:
QUOTE
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 134):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF7AD6000 \WINDOWS\system32\KDCOM.DLL
0xF79E6000 \WINDOWS\system32\BOOTVID.dll
0xF7587000 ACPI.sys
0xF7AD8000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7576000 pci.sys
0xF75D6000 isapnp.sys
0xF75E6000 ohci1394.sys
0xF75F6000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7461000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF79EA000 compbatt.sys
0xF79EE000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7B9E000 PCIIde.sys
0xF7856000 \WINDOWS\System32\Drivers\PCIIDEX.SYS
0xF7ADA000 intelide.sys
0xF7443000 pcmcia.sys
0xF7606000 MountMgr.sys
0xF7424000 ftdisk.sys
0xF7ADC000 dmload.sys
0xF73FE000 dmio.sys
0xF79F2000 ACPIEC.sys
0xF7B9F000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF785E000 PartMgr.sys
0xF7616000 VolSnap.sys
0xF73E6000 atapi.sys
0xF7626000 disk.sys
0xF7636000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF73C6000 fltMgr.sys
0xF73B4000 sr.sys
0xF739D000 KSecDD.sys
0xF7310000 Ntfs.sys
0xF72E3000 NDIS.sys
0xF72C9000 Mup.sys
0xF76C6000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xBA7FC000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB9C61000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB9C4D000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB9C25000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB9BEA000 \SystemRoot\system32\DRIVERS\yk51x86.sys
0xF791E000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9BC6000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7926000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB99A8000 \SystemRoot\system32\DRIVERS\w29n51.sys
0xF76E6000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB9980000 \SystemRoot\system32\drivers\tifm21.sys
0xB996C000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF76F6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF794E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB993D000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7B04000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF795E000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7706000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7716000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7726000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB991A000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7976000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF7CAA000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF77D6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA1E6000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9903000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF77E6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF77F6000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF78A6000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB98F2000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7806000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF78B6000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF78C6000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB98C2000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7816000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7B0A000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB9864000 \SystemRoot\system32\DRIVERS\update.sys
0xF7A76000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7B0C000 \SystemRoot\system32\DRIVERS\NBSMI.sys
0xF7826000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA92DD000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xA92B9000 \SystemRoot\system32\drivers\portcls.sys
0xF7666000 \SystemRoot\system32\drivers\drmk.sys
0xF7676000 \SystemRoot\system32\DRIVERS\Tvs.sys
0xF78E6000 \SystemRoot\system32\DRIVERS\tsxt_kern_i386.sys
0xF78F6000 \SystemRoot\system32\DRIVERS\wowhd_kern_i386.sys
0xF7686000 \SystemRoot\system32\DRIVERS\csiidecoder_kern_i386.sys
0xF76A6000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B2C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7BD6000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B2E000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7936000 \SystemRoot\System32\drivers\vga.sys
0xF7B32000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B36000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA9280000 \SystemRoot\System32\Drivers\meiudf.sys
0xA926F000 \SystemRoot\System32\Drivers\Udfs.SYS
0xF7946000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7966000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA7E0000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA925C000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA9203000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF76B6000 \SystemRoot\system32\drivers\mvstdi5x.sys
0xA91DD000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA91B5000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF76D6000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA9193000 \SystemRoot\System32\drivers\afd.sys
0xF7736000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA9149000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF7746000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF797E000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xA907E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA900E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7756000 \SystemRoot\System32\Drivers\Fips.SYS
0xA8FF6000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B3C000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7AA6000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7996000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C20000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04E000 \SystemRoot\System32\igxpdv32.DLL
0xBF1CC000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA8EC2000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA8EB2000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xA8C49000 \SystemRoot\system32\drivers\wdmaud.sys
0xA8D86000 \SystemRoot\system32\drivers\sysaudio.sys
0xA8654000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA837D000 \SystemRoot\system32\DRIVERS\srv.sys
0xA80BC000 \SystemRoot\System32\Drivers\HTTP.sys
0xF79CE000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xA7DC6000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xA7CE7000 \??\C:\DOCUME~1\Kelly\LOCALS~1\Temp\kwnciaob.sys
0xA827D000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF7B9A000 \SystemRoot\System32\Drivers\hiber_WMILIB.SYS
0xA7338000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 53):
0 System Idle Process
4 System
776 C:\WINDOWS\system32\smss.exe
824 csrss.exe
852 C:\WINDOWS\system32\winlogon.exe
904 C:\WINDOWS\system32\services.exe
916 C:\WINDOWS\system32\lsass.exe
1072 C:\WINDOWS\system32\svchost.exe
1148 svchost.exe
1188 C:\WINDOWS\system32\svchost.exe
1308 C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
1352 svchost.exe
1444 svchost.exe
1664 C:\WINDOWS\system32\spoolsv.exe
1956 C:\WINDOWS\explorer.exe
548 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
556 C:\Program Files\Network Associates\VirusScan\shstat.exe
616 C:\WINDOWS\system32\TPSMain.exe
688 C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe
1112 C:\WINDOWS\system32\hkcmd.exe
1216 C:\WINDOWS\RTHDCPL.exe
1248 C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
1256 C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
1276 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
1576 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1608 C:\WINDOWS\system32\ctfmon.exe
1752 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
164 C:\WINDOWS\system32\TPSBattM.exe
196 C:\WINDOWS\system32\RAMASST.exe
764 svchost.exe
808 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
920 C:\Program Files\Bonjour\mDNSResponder.exe
1104 C:\WINDOWS\system32\DVDRAMSV.exe
1756 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
1696 C:\Program Files\Java\jre6\bin\jqs.exe
276 C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
316 C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
456 naPrdMgr.exe
520 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
540 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
636 C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
668 C:\WINDOWS\system32\svchost.exe
700 C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
2392 wmiprvse.exe
2772 C:\WINDOWS\system32\wbem\unsecapp.exe


#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:50 PM

Posted 13 October 2010 - 07:31 PM

The MBR log is missing the end. Check and either report or rerun and then post.

If after that it still doesn't generate the whole log run RKU

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

Posted Image
m0le is a proud member of UNITE

#7 sherlockelly

sherlockelly
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 13 October 2010 - 09:09 PM

MBRCheck
QUOTE
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 133):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF7AD6000 \WINDOWS\system32\KDCOM.DLL
0xF79E6000 \WINDOWS\system32\BOOTVID.dll
0xF7587000 ACPI.sys
0xF7AD8000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7576000 pci.sys
0xF75D6000 isapnp.sys
0xF75E6000 ohci1394.sys
0xF75F6000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7461000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF79EA000 compbatt.sys
0xF79EE000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7B9E000 PCIIde.sys
0xF7856000 \WINDOWS\System32\Drivers\PCIIDEX.SYS
0xF7ADA000 intelide.sys
0xF7443000 pcmcia.sys
0xF7606000 MountMgr.sys
0xF7424000 ftdisk.sys
0xF7ADC000 dmload.sys
0xF73FE000 dmio.sys
0xF79F2000 ACPIEC.sys
0xF7B9F000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF785E000 PartMgr.sys
0xF7616000 VolSnap.sys
0xF73E6000 atapi.sys
0xF7626000 disk.sys
0xF7636000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF73C6000 fltMgr.sys
0xF73B4000 sr.sys
0xF739D000 KSecDD.sys
0xF7310000 Ntfs.sys
0xF72E3000 NDIS.sys
0xF72C9000 Mup.sys
0xF76C6000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xBA7FC000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB9C61000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB9C4D000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB9C25000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB9BEA000 \SystemRoot\system32\DRIVERS\yk51x86.sys
0xF791E000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9BC6000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7926000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF76E6000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB9980000 \SystemRoot\system32\drivers\tifm21.sys
0xB996C000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF76F6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF794E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB993D000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7B04000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF795E000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7706000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7716000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7726000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB991A000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7976000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF7CAA000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF77D6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA1E6000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9903000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF77E6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF77F6000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF78A6000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB98F2000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7806000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF78B6000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF78C6000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB98C2000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7816000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7B0A000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB9864000 \SystemRoot\system32\DRIVERS\update.sys
0xF7A76000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7B0C000 \SystemRoot\system32\DRIVERS\NBSMI.sys
0xF7826000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA92DD000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xA92B9000 \SystemRoot\system32\drivers\portcls.sys
0xF7666000 \SystemRoot\system32\drivers\drmk.sys
0xF7676000 \SystemRoot\system32\DRIVERS\Tvs.sys
0xF78E6000 \SystemRoot\system32\DRIVERS\tsxt_kern_i386.sys
0xF78F6000 \SystemRoot\system32\DRIVERS\wowhd_kern_i386.sys
0xF7686000 \SystemRoot\system32\DRIVERS\csiidecoder_kern_i386.sys
0xF76A6000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B2C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7BD6000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B2E000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7936000 \SystemRoot\System32\drivers\vga.sys
0xF7B32000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B36000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA9280000 \SystemRoot\System32\Drivers\meiudf.sys
0xA926F000 \SystemRoot\System32\Drivers\Udfs.SYS
0xF7946000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7966000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA7E0000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA925C000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA9203000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF76B6000 \SystemRoot\system32\drivers\mvstdi5x.sys
0xA91DD000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA91B5000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF76D6000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA9193000 \SystemRoot\System32\drivers\afd.sys
0xF7736000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA9149000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF7746000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF797E000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xA907E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA900E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7756000 \SystemRoot\System32\Drivers\Fips.SYS
0xA8FF6000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B3C000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7AA6000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7996000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C20000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04E000 \SystemRoot\System32\igxpdv32.DLL
0xBF1CC000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA8EC2000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA8EB2000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xA8C49000 \SystemRoot\system32\drivers\wdmaud.sys
0xA8D86000 \SystemRoot\system32\drivers\sysaudio.sys
0xA8654000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA837D000 \SystemRoot\system32\DRIVERS\srv.sys
0xA80BC000 \SystemRoot\System32\Drivers\HTTP.sys
0xF79CE000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xA7DC6000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xA7CE7000 \??\C:\DOCUME~1\Kelly\LOCALS~1\Temp\kwnciaob.sys
0xA827D000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF7B9A000 \SystemRoot\System32\Drivers\hiber_WMILIB.SYS
0xA7157000 \SystemRoot\system32\DRIVERS\w29n51.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 53):
0 System Idle Process
4 System
776 C:\WINDOWS\system32\smss.exe
824 csrss.exe
852 C:\WINDOWS\system32\winlogon.exe
904 C:\WINDOWS\system32\services.exe
916 C:\WINDOWS\system32\lsass.exe
1072 C:\WINDOWS\system32\svchost.exe
1148 svchost.exe
1188 C:\WINDOWS\system32\svchost.exe
1308 C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
1352 svchost.exe
1444 svchost.exe
1664 C:\WINDOWS\system32\spoolsv.exe
1956 C:\WINDOWS\explorer.exe
548 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
556 C:\Program Files\Network Associates\VirusScan\shstat.exe
616 C:\WINDOWS\system32\TPSMain.exe
688 C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe
1112 C:\WINDOWS\system32\hkcmd.exe
1216 C:\WINDOWS\RTHDCPL.exe
1248 C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
1256 C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
1276 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
1576 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1608 C:\WINDOWS\system32\ctfmon.exe
1752 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
164 C:\WINDOWS\system32\TPSBattM.exe
196 C:\WINDOWS\system32\RAMASST.exe
764 svchost.exe
808 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
920 C:\Program Files\Bonjour\mDNSResponder.exe
1104 C:\WINDOWS\system32\DVDRAMSV.exe
1756 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
1696 C:\Program Files\Java\jre6\bin\jqs.exe
276 C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
316 C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
456 naPrdMgr.exe
520 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
540 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
636 C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
668 C:\WINDOWS\system32\svchost.exe
700 C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
2392 wmiprvse.exe
2772 C:\WINDOWS\system32\wbem\unsecapp.exe
3092 wmiprvse.exe
3172 alg.exe
3232 C:\WINDOWS\system32\wscntfy.exe
3028 C:\WINDOWS\system32\wuauclt.exe
4048 C:\WINDOWS\system32\svchost.exe
1940 C:\Program Files\Mozilla Firefox\firefox.exe
372 C:\Program Files\Mozilla Firefox\plugin-container.exe
2788 C:\Documents and Settings\Kelly\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK1234GSX, Rev: AH001A

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!


#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:50 PM

Posted 13 October 2010 - 09:23 PM

No rootkits to watch out for, there may still be another type or a trojan - something is controlling the redirects - so please run Combofix

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#9 sherlockelly

sherlockelly
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 13 October 2010 - 09:48 PM

ComboFix:
QUOTE
ComboFix 10-10-12.03 - Kelly 10/13/2010 19:34:49.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.140 [GMT -7:00]
Running from: c:\documents and settings\Kelly\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Kelly\Local Settings\Application Data\Windows Server
c:\documents and settings\Kelly\Local Settings\Application Data\Windows Server\flags.ini
c:\documents and settings\Kelly\Local Settings\Application Data\Windows Server\uses32.dat
C:\feed.txt

Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\winlogon.exe

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\explorer.exe

.
((((((((((((((((((((((((( Files Created from 2010-09-14 to 2010-10-14 )))))))))))))))))))))))))))))))
.

2010-10-10 18:09 . 2010-10-10 18:09 -------- d-----w- c:\program files\Veetle
2010-09-28 19:31 . 2010-09-28 19:31 -------- d-----w- c:\program files\Moyea
2010-09-28 18:38 . 2010-09-28 18:38 -------- d-----w- c:\program files\Common Files\Java
2010-09-28 01:48 . 2010-09-28 01:48 -------- d-----w- c:\documents and settings\Kelly\Application Data\Leawo
2010-09-28 01:48 . 2010-09-28 01:48 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-09-28 01:48 . 2006-07-18 07:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-09-28 01:48 . 2004-04-05 17:31 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-09-28 01:48 . 2010-09-28 01:48 -------- d-----w- c:\program files\Leawo
2010-09-27 20:33 . 2010-09-27 20:33 -------- d-----w- c:\documents and settings\Kelly\Application Data\Moyea
2010-09-27 20:13 . 2010-09-27 20:13 -------- d-----w- c:\documents and settings\Kelly\Local Settings\Application Data\Jaksta_LLC
2010-09-27 03:48 . 2010-09-27 03:49 -------- d-----w- c:\documents and settings\Kelly\Application Data\Mp3tag
2010-09-27 03:47 . 2010-09-27 03:47 -------- d-----w- c:\program files\Mp3tag
2010-09-27 00:38 . 2010-09-28 01:42 88 --sh--r- c:\documents and settings\All Users\Application Data\AD8637D1B6.sys
2010-09-27 00:38 . 2010-09-27 00:38 -------- d-----w- c:\documents and settings\Kelly\Application Data\Corel
2010-09-27 00:38 . 2010-09-28 02:46 5642 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-09-27 00:36 . 2010-09-27 05:14 -------- d-----w- c:\documents and settings\Kelly\Application Data\Ulead Systems
2010-09-27 00:35 . 2010-09-27 00:36 -------- d-----w- c:\program files\SmartSound Software
2010-09-27 00:35 . 2010-09-27 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2010-09-27 00:34 . 2010-09-27 00:35 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-09-27 00:33 . 2010-09-27 00:33 -------- d-----w- c:\windows\system32\windows media
2010-09-27 00:33 . 2010-09-27 00:33 -------- d--h--w- c:\windows\msdownld.tmp
2010-09-27 00:32 . 2010-09-27 00:32 -------- d-----w- c:\documents and settings\All Users\Application Data\InterVideo
2010-09-27 00:29 . 2010-09-27 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2010-09-27 00:22 . 2010-09-27 00:22 -------- d-----w- c:\program files\Common Files\Protexis
2010-09-27 00:22 . 2010-09-27 00:22 -------- d-----w- c:\program files\Common Files\Corel
2010-09-27 00:20 . 2010-09-27 00:20 -------- d-----w- c:\program files\Windows Media Components
2010-09-27 00:19 . 2010-09-27 00:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2010-09-27 00:19 . 2010-09-27 00:19 -------- d-----w- c:\program files\Common Files\Ulead Systems
2010-09-27 00:18 . 2010-09-27 00:31 -------- d-----w- c:\program files\Corel
2010-09-27 00:11 . 2009-11-07 08:07 297808 ----a-w- c:\windows\system32\TBDC2.tmp
2010-09-26 22:02 . 2010-09-26 22:52 -------- d-----w- c:\documents and settings\Kelly\Application Data\WinFF
2010-09-26 22:02 . 2010-09-26 22:02 -------- d-----w- c:\program files\WinFF
2010-09-26 21:50 . 2010-09-26 21:52 -------- d-----w- C:\OutputFolder
2010-09-26 21:50 . 2010-09-26 21:50 -------- d-----w- c:\program files\Digiarty
2010-09-26 21:45 . 2010-09-26 21:45 -------- d-----w- c:\program files\Pure Motion
2010-09-26 21:45 . 2010-09-26 21:45 -------- d-----w- c:\program files\Sonic Foundry
2010-09-26 21:45 . 2010-09-26 21:45 -------- d-----w- c:\program files\DebugMode
2010-09-26 21:26 . 2010-09-26 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-09-26 21:19 . 2010-09-26 21:19 -------- d-----w- C:\085878c24386ec657d
2010-09-26 21:06 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll
2010-09-26 19:42 . 2010-09-26 19:42 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2010-09-19 02:40 . 2010-07-17 09:42 73728 ----a-w- c:\windows\system32\javacpl.cpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-28 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-08-18 94208]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-03-06 356352]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-10 15473664]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-11-03 1372160]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-11-03 1202448]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" [2010-06-26 105632]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-9-26 113664]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2009-4-17 155648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Kelly^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Kelly\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-17 06:24 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:42 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-01-13 16:47 131072 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 22:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
2004-08-06 10:50 139320 ----a-w- c:\program files\Network Associates\Common Framework\UpdaterUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Associates Error Reporting Service]
2003-10-07 16:48 147514 ----a-w- c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-01-13 16:46 135168 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 04:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 18:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-09-28 14:04 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
2005-11-30 19:25 73728 ----a-w- c:\program files\Toshiba\Tvs\TvsTray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Documents and Settings\\Kelly\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\RUNSAS.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2850:TCP"= 2850:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [4/17/2009 4:13 PM 58016]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
S0 bojfjha;bojfjha;c:\windows\system32\drivers\vnxplyj.sys --> c:\windows\system32\drivers\vnxplyj.sys [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/22/2009 8:03 PM 716272]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S3 JakNDisMP;JakNDisMP;c:\windows\system32\DRIVERS\JakNDis.sys --> c:\windows\system32\DRIVERS\JakNDis.sys [?]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:5643
IE: &Download All using 4shared Desktop - c:\program files\4shared Desktop\down_all.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Kelly\Application Data\Mozilla\Firefox\Profiles\zrwchchq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - plugin: c:\documents and settings\Kelly\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-RunOnce-tscuninstall - c:\windows\system32\tscupgrd.exe
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-ISTray - c:\program files\Spyware Doctor\pctsTray.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(848)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1716)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\VirusScan\VsTskMgr.exe
c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\TPSMain.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\TPSBattM.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2010-10-13 19:46:32 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-14 02:46
ComboFix2.txt 2010-03-13 01:39

Pre-Run: 79,856,128,000 bytes free
Post-Run: 82,394,939,392 bytes free

- - End Of File - - 9118ACFE4DCEB1A1A5EE0A884C027235


#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:50 PM

Posted 14 October 2010 - 05:29 PM

We need to rerun Combofix to clear up some things there

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

QUOTE
File::
c:\windows\system32\drivers\vnxplyj.sys

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5643

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

Driver::
bojfjha


Save this as CFScript.txt, in the same location as Comfix.exe (called ComboFix.exe in the below graphic)




Refering to the picture above, drag CFScript into ComboFix.exe

If the program requests for you to update Combofix then click Yes.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Posted Image
m0le is a proud member of UNITE

#11 sherlockelly

sherlockelly
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 14 October 2010 - 06:42 PM

QUOTE
ComboFix 10-10-12.03 - Kelly 10/14/2010 16:28:07.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.556 [GMT -7:00]
Running from: c:\documents and settings\Kelly\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kelly\Desktop\CFScript.txt.txt

FILE ::
"c:\windows\system32\drivers\vnxplyj.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_bojfjha


((((((((((((((((((((((((( Files Created from 2010-09-14 to 2010-10-14 )))))))))))))))))))))))))))))))
.

2010-10-10 18:09 . 2010-10-10 18:09 -------- d-----w- c:\program files\Veetle
2010-09-28 19:31 . 2010-09-28 19:31 -------- d-----w- c:\program files\Moyea
2010-09-28 18:38 . 2010-09-28 18:38 -------- d-----w- c:\program files\Common Files\Java
2010-09-28 01:48 . 2010-09-28 01:48 -------- d-----w- c:\documents and settings\Kelly\Application Data\Leawo
2010-09-28 01:48 . 2010-09-28 01:48 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-09-28 01:48 . 2006-07-18 07:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-09-28 01:48 . 2004-04-05 17:31 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-09-28 01:48 . 2010-09-28 01:48 -------- d-----w- c:\program files\Leawo
2010-09-27 20:33 . 2010-09-27 20:33 -------- d-----w- c:\documents and settings\Kelly\Application Data\Moyea
2010-09-27 20:13 . 2010-09-27 20:13 -------- d-----w- c:\documents and settings\Kelly\Local Settings\Application Data\Jaksta_LLC
2010-09-27 03:48 . 2010-09-27 03:49 -------- d-----w- c:\documents and settings\Kelly\Application Data\Mp3tag
2010-09-27 03:47 . 2010-09-27 03:47 -------- d-----w- c:\program files\Mp3tag
2010-09-27 00:38 . 2010-09-28 01:42 88 --sh--r- c:\documents and settings\All Users\Application Data\AD8637D1B6.sys
2010-09-27 00:38 . 2010-09-27 00:38 -------- d-----w- c:\documents and settings\Kelly\Application Data\Corel
2010-09-27 00:38 . 2010-09-28 02:46 5642 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-09-27 00:36 . 2010-09-27 05:14 -------- d-----w- c:\documents and settings\Kelly\Application Data\Ulead Systems
2010-09-27 00:35 . 2010-09-27 00:36 -------- d-----w- c:\program files\SmartSound Software
2010-09-27 00:35 . 2010-09-27 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2010-09-27 00:34 . 2010-09-27 00:35 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-09-27 00:33 . 2010-09-27 00:33 -------- d-----w- c:\windows\system32\windows media
2010-09-27 00:33 . 2010-09-27 00:33 -------- d--h--w- c:\windows\msdownld.tmp
2010-09-27 00:32 . 2010-09-27 00:32 -------- d-----w- c:\documents and settings\All Users\Application Data\InterVideo
2010-09-27 00:29 . 2010-09-27 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2010-09-27 00:22 . 2010-09-27 00:22 -------- d-----w- c:\program files\Common Files\Protexis
2010-09-27 00:22 . 2010-09-27 00:22 -------- d-----w- c:\program files\Common Files\Corel
2010-09-27 00:20 . 2010-09-27 00:20 -------- d-----w- c:\program files\Windows Media Components
2010-09-27 00:19 . 2010-09-27 00:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2010-09-27 00:19 . 2010-09-27 00:19 -------- d-----w- c:\program files\Common Files\Ulead Systems
2010-09-27 00:18 . 2010-09-27 00:31 -------- d-----w- c:\program files\Corel
2010-09-27 00:11 . 2009-11-07 08:07 297808 ----a-w- c:\windows\system32\TBDC2.tmp
2010-09-26 22:02 . 2010-09-26 22:52 -------- d-----w- c:\documents and settings\Kelly\Application Data\WinFF
2010-09-26 22:02 . 2010-09-26 22:02 -------- d-----w- c:\program files\WinFF
2010-09-26 21:50 . 2010-09-26 21:52 -------- d-----w- C:\OutputFolder
2010-09-26 21:50 . 2010-09-26 21:50 -------- d-----w- c:\program files\Digiarty
2010-09-26 21:45 . 2010-09-26 21:45 -------- d-----w- c:\program files\Pure Motion
2010-09-26 21:45 . 2010-09-26 21:45 -------- d-----w- c:\program files\Sonic Foundry
2010-09-26 21:45 . 2010-09-26 21:45 -------- d-----w- c:\program files\DebugMode
2010-09-26 21:26 . 2010-09-26 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-09-26 21:19 . 2010-09-26 21:19 -------- d-----w- C:\085878c24386ec657d
2010-09-26 21:06 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll
2010-09-26 19:42 . 2010-09-26 19:42 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2010-09-19 02:40 . 2010-07-17 09:42 73728 ----a-w- c:\windows\system32\javacpl.cpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-28 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-08-18 94208]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-03-06 356352]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-10 15473664]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-11-03 1372160]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-11-03 1202448]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" [2010-06-26 105632]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-9-26 113664]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2009-4-17 155648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Kelly^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Kelly\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-17 06:24 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:42 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-01-13 16:47 131072 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 22:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
2004-08-06 10:50 139320 ----a-w- c:\program files\Network Associates\Common Framework\UpdaterUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Associates Error Reporting Service]
2003-10-07 16:48 147514 ----a-w- c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-01-13 16:46 135168 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 04:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 18:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-09-28 14:04 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
2005-11-30 19:25 73728 ----a-w- c:\program files\Toshiba\Tvs\TvsTray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Documents and Settings\\Kelly\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\RUNSAS.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2850:TCP"= 2850:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [4/17/2009 4:13 PM 58016]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/22/2009 8:03 PM 716272]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S3 JakNDisMP;JakNDisMP;c:\windows\system32\DRIVERS\JakNDis.sys --> c:\windows\system32\DRIVERS\JakNDis.sys [?]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>;*.local
IE: &Download All using 4shared Desktop - c:\program files\4shared Desktop\down_all.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Kelly\Application Data\Mozilla\Firefox\Profiles\zrwchchq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - plugin: c:\documents and settings\Kelly\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(852)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3212)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\VirusScan\VsTskMgr.exe
c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
c:\windows\system32\TPSMain.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\TPSBattM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-10-14 16:40:59 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-14 23:40
ComboFix2.txt 2010-10-14 02:46
ComboFix3.txt 2010-03-13 01:39

Pre-Run: 82,228,822,016 bytes free
Post-Run: 82,128,330,752 bytes free

- - End Of File - - 1A3D295418FC2FCAFE8EBED431E68217


#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:50 PM

Posted 14 October 2010 - 06:48 PM

Please run the PC through ESET's online scanner
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Leave the top box checked and then check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
Posted Image
m0le is a proud member of UNITE

#13 sherlockelly

sherlockelly
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 15 October 2010 - 08:25 AM

ESET Scan:
QUOTE
C:\Documents and Settings\All Users\Documents\Server\hlp.dat Win32/Bamital.EB trojan cleaned by deleting - quarantined
C:\Documents and Settings\HelpAssistant\Local Settings\Temp\plugtmp-31\plugin-pdfNode.php PDF/Exploit.Gen trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\explorer.exe.vir Win32/Bamital.EC trojan deleted - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\winlogon.exe.vir Win32/Bamital.EC trojan deleted - quarantined
C:\System Volume Information\_restore{4D4F4768-A953-4DC2-8702-7F3587BE3E3B}\RP15\A0001405.exe Win32/Bamital.EC trojan deleted - quarantined
C:\System Volume Information\_restore{4D4F4768-A953-4DC2-8702-7F3587BE3E3B}\RP15\A0001406.exe Win32/Bamital.EC trojan deleted - quarantined
C:\System Volume Information\_restore{4D4F4768-A953-4DC2-8702-7F3587BE3E3B}\RP15\A0001408.exe Win32/Bamital.EC trojan deleted - quarantined
C:\System Volume Information\_restore{4D4F4768-A953-4DC2-8702-7F3587BE3E3B}\RP15\A0001409.exe Win32/Bamital.EC trojan deleted - quarantined


#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:50 PM

Posted 15 October 2010 - 07:23 PM

How's the PC running now?
Posted Image
m0le is a proud member of UNITE

#15 sherlockelly

sherlockelly
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 15 October 2010 - 08:01 PM

Seems to be better! Haven't noticed any redirects at all!

Thanks so much!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users