Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
12 replies to this topic

#1 Michael Rotch

Michael Rotch

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 04 January 2011 - 01:10 PM

I have recently removed some Mal/Spyware from my computer (Hdd Fix), and at the time it was causing different webpages to load when I would click on a hyperlink. I would appreciate any help that you can give on the topic as to how to remove the Hijacking software. Also, if there is any other kind of advice that you can give as to what should and should not be running, please let me know. Any and all help is appreciated.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:00:59 AM, on 1/4/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Conceptworld\NoteZilla\NoteZilla.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070824
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [NoteZilla] C:\Program Files\Conceptworld\NoteZilla\NoteZilla.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192215424399
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: intu-help-qb3 - {C5E479EA-0A65-4B05-8C6C-2FC8CC682EB4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
O18 - Protocol: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9408 bytes

Edited by hamluis, 04 January 2011 - 02:54 PM.
Moved from XP forum to Malware Removal Logs ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:11 AM

Posted 09 January 2011 - 07:16 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


And

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.


Then

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
Posted Image
m0le is a proud member of UNITE

#3 Michael Rotch

Michael Rotch
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 11 January 2011 - 02:30 PM

Okay, Since my first posting I have deleted a lot of old programs on my computer, run a Registry cleaner (registry Mechanic), and deleted the IExplorer.exe file. There was some sort of malware that was opening the program and playing advertising using Internet Explorer. I read on a website that deleting it would stop the annoying part of the malware, and it did. However, there is still something that redirects my any link to obscure websites that have further trojans and such (my Avast usually catches them). Attached are all of the requested files. Let me know if you need any further information or log:

DDS:


DDS (Ver_10-12-12.02) - NTFSx86
Run by Kevin at 9:17:14.71 on Tue 01/11/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1100 [GMT -8:00]

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Conceptworld\NoteZilla\NoteZilla.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\program files\itunes\itunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Kevin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig?hl=en
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [NoteZilla] c:\program files\conceptworld\notezilla\NoteZilla.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\kevin\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\setpoint\SetPoint.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192215424399
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kevin\applic~1\mozilla\firefox\profiles\s6xepgcd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.kongregate.com/
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\kevin\application data\move networks\plugins\npqmp071502000008.dll
FF - plugin: c:\documents and settings\kevin\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\kevin\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\kevin\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\kevin\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\kevin\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google updater\2.4.1691.8062\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\kevin\application data\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-16 165584]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-16 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-16 40384]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2011-1-6 583640]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-16 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-16 40384]
S0 FGXSCSI;FGXSCSI;c:\windows\system32\drivers\fgxscsi.sys --> c:\windows\system32\drivers\fgxscsi.sys [?]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2010-6-18 25856]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2007-8-24 37296]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2010-8-6 42752]
S4 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-2-18 30192]
S4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-8-24 1247600]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-23 24652]
S4 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-7-24 102400]
S4 WGSControl;Worldgroup Server;c:\wg\wgssvc.exe --> c:\wg\wgssvc.exe [?]
S4 WGSMain;WGS Executable;c:\wg\wgserver.exe --> c:\wg\wgserver.exe [?]

=============== Created Last 30 ================

2011-01-11 17:00:14 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{f049b9f3-55db-447c-8b00-11112827b238}\mpengine.dll
2011-01-11 00:12:30 -------- d-----w- c:\program files\Cheat Engine 6
2011-01-07 17:05:03 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-01-07 00:31:24 -------- d-----w- c:\docume~1\kevin\applic~1\Registry Mechanic
2011-01-07 00:08:15 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2011-01-07 00:08:15 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2011-01-07 00:08:15 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2011-01-07 00:08:15 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2011-01-07 00:08:06 -------- d-----w- c:\program files\common files\PC Tools
2011-01-07 00:05:45 -------- d-----w- c:\program files\BitTorrent
2011-01-07 00:05:19 -------- d-----w- c:\docume~1\kevin\applic~1\BitTorrent
2011-01-06 21:32:46 -------- d-----w- c:\program files\Eusing Free Registry Defrag
2011-01-06 01:35:41 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-06 01:31:23 -------- d-----w- c:\program files\Microsoft Security Client
2011-01-06 00:52:07 -------- d-----w- C:\Quickbooks Data
2011-01-05 23:46:21 5 ----a-w- c:\windows\system32\lMMLDeleteUserData42107612FX.tmp
2011-01-04 23:36:19 -------- d-----w- c:\docume~1\kevin\applic~1\PFU
2011-01-04 23:35:08 -------- d-----w- c:\docume~1\alluse~1\applic~1\PFU
2011-01-04 23:35:03 35328 ----a-w- c:\windows\system32\pfdvmn.dll
2011-01-04 23:35:03 32768 ----a-w- c:\windows\system32\chksti.dll
2011-01-04 23:35:03 31232 ----a-w- c:\windows\system32\pfusti.dll
2011-01-04 23:33:28 -------- d-----w- c:\program files\PFU
2011-01-04 23:20:48 -------- d-----w- c:\docume~1\kevin\applic~1\DriverFinder
2011-01-04 21:31:39 -------- d-----w- c:\docume~1\alluse~1\applic~1\SITEguard
2011-01-04 21:31:04 -------- d-----w- c:\program files\common files\iS3
2011-01-04 21:31:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
2010-12-30 17:24:58 -------- d-----w- c:\program files\NCH Software
2010-12-30 17:24:58 -------- d-----w- c:\docume~1\kevin\applic~1\NCH Software
2010-12-29 23:41:59 -------- d-----w- c:\docume~1\kevin\locals~1\applic~1\Yahoo
2010-12-27 20:18:26 -------- d-----w- c:\docume~1\kevin\applic~1\Unity
2010-12-15 20:27:27 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 20:27:12 45568 ------w- c:\windows\system32\dllcache\wab.exe

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-08 09:20:24 89088 ----a-w- c:\windows\MBR.exe
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 9:24:31.90 ===============

DeFogger:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:26 on 11/01/2011 (Kevin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Already disabled


-=E.O.F=-


GMER:


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-11 11:25:19
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2 ST332062 rev.3.AD
Running: xjuz8q16.exe; Driver: C:\DOCUME~1\Kevin\LOCALS~1\Temp\uxtdypob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xB1579CF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xB1579BAC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xB157A160]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xB157A08A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xB1579782]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xB1579C86]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xB15796C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xB1579726]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xB1579DA6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB157A22E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xB1579D66]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xB1579EE6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB1586BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xB15869D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xB1586B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP B1586B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB38E 7 Bytes JMP B15869D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP B15825D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP B1583FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP B1586BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB3D5C380, 0x5414D5, 0xE8000020]
? C:\DOCUME~1\Kevin\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[848] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00E5000A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[848] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E2000A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[848] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00E1000A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[848] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E3000A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[848] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00E0000A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[848] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00E4000A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[848] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00B1000A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[948] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00E5000A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[948] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E2000A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[948] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00E1000A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[948] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E3000A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[948] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00E0000A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[948] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00E4000A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[948] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00B1000A
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1920] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1988] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\WINDOWS\system32\SearchIndexer.exe[3940] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5296] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00E6000A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5296] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E3000A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5296] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00E2000A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5296] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E4000A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5296] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00E1000A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5296] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00E5000A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5296] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E0000A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5664] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00E5000A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5664] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E2000A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5664] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00E1000A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5664] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E3000A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5664] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00E0000A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5664] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00E4000A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5664] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00B1000A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[868] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002
IAT C:\WINDOWS\system32\services.exe[868] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000
IAT C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1988] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002E0010
IAT C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5048] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002E0010
IAT C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5884] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002E0010

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device aswSP.SYS (avast! self protection module/AVAST Software)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:160] 89C6C53C
Thread System [4:164] 89C6E52D

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00076194eebe
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x15 0x0F 0xE8 0x96 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x70 0xE7 0x45 0xBF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF8 0x78 0xAB 0xB9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3F 0x64 0xBD 0xE9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD0 0xDE 0x12 0xC1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x2D 0x9D 0x4D 0x9E ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00076194eebe (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x15 0x0F 0xE8 0x96 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x70 0xE7 0x45 0xBF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF8 0x78 0xAB 0xB9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3F 0x64 0xBD 0xE9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD0 0xDE 0x12 0xC1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x2D 0x9D 0x4D 0x9E ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 09: copy of MBR

#4 Michael Rotch

Michael Rotch
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 11 January 2011 - 02:43 PM

Oh, and Thank you for getting back to me! :) I really appreciate any and all help you can give.

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:11 AM

Posted 11 January 2011 - 07:21 PM

Still having redirects then. Please run TDSSKiller and MBRCheck

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


And

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#6 Michael Rotch

Michael Rotch
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 11 January 2011 - 07:36 PM

The TDSS removing tool cured the error. I accidentally ran the search again, and it replaced my previous log with a clean one. It did fix some sort of a problem with the Volsnap.sys file though.
As far as I can tell, there is no longer anything wrong with my computer.

Thank you so much for your help. I truly appreciate the help you gave me, and hopefully I will not require your services in the future.

Here is the log that it prepared for me (the clean one)


2011/01/11 16:32:22.0687 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2011/01/11 16:32:22.0687 ================================================================================
2011/01/11 16:32:22.0687 SystemInfo:
2011/01/11 16:32:22.0687
2011/01/11 16:32:22.0687 OS Version: 5.1.2600 ServicePack: 3.0
2011/01/11 16:32:22.0687 Product type: Workstation
2011/01/11 16:32:22.0687 ComputerName: STEVEN
2011/01/11 16:32:22.0687 UserName: Kevin
2011/01/11 16:32:22.0687 Windows directory: C:\WINDOWS
2011/01/11 16:32:22.0687 System windows directory: C:\WINDOWS
2011/01/11 16:32:22.0687 Processor architecture: Intel x86
2011/01/11 16:32:22.0687 Number of processors: 2
2011/01/11 16:32:22.0687 Page size: 0x1000
2011/01/11 16:32:22.0687 Boot type: Normal boot
2011/01/11 16:32:22.0687 ================================================================================
2011/01/11 16:32:22.0921 Initialize success
2011/01/11 16:32:25.0250 ================================================================================
2011/01/11 16:32:25.0250 Scan started
2011/01/11 16:32:25.0250 Mode: Manual;
2011/01/11 16:32:25.0250 ================================================================================
2011/01/11 16:32:25.0515 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/01/11 16:32:25.0640 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/01/11 16:32:25.0734 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/11 16:32:25.0781 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/01/11 16:32:25.0812 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/01/11 16:32:25.0859 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/01/11 16:32:25.0921 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/01/11 16:32:25.0968 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/01/11 16:32:26.0031 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/01/11 16:32:26.0078 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/01/11 16:32:26.0125 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/01/11 16:32:26.0187 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/01/11 16:32:26.0218 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/01/11 16:32:26.0234 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/01/11 16:32:26.0281 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/01/11 16:32:26.0296 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/01/11 16:32:26.0359 androidusb (0a43169e115b5e9346a4ba1effcb04cb) C:\WINDOWS\system32\Drivers\motoandroid.sys
2011/01/11 16:32:26.0390 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/01/11 16:32:26.0406 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/01/11 16:32:26.0421 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/01/11 16:32:26.0484 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/01/11 16:32:26.0515 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/01/11 16:32:26.0578 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/01/11 16:32:26.0625 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys
2011/01/11 16:32:26.0656 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/01/11 16:32:26.0671 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/11 16:32:26.0703 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/11 16:32:26.0781 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/11 16:32:26.0859 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/11 16:32:26.0906 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/11 16:32:27.0000 btaudio (0f249be872f618aaba8d641e81aa3d21) C:\WINDOWS\system32\drivers\btaudio.sys
2011/01/11 16:32:27.0031 BTDriver (07f0a66cfa550b13ad0674ae09e3cba0) C:\WINDOWS\system32\DRIVERS\btport.sys
2011/01/11 16:32:27.0046 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2011/01/11 16:32:27.0093 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2011/01/11 16:32:27.0156 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
2011/01/11 16:32:27.0187 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2011/01/11 16:32:27.0265 BTKRNL (ade37ab15c958f5db2f85431cca8763a) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2011/01/11 16:32:27.0281 btusbflt (24b6f65f80ebe0111e7807769ae3d6c0) C:\WINDOWS\system32\drivers\btusbflt.sys
2011/01/11 16:32:27.0312 btwhid (6beb0adaa3d2b80e6515eec5d03b7540) C:\WINDOWS\system32\DRIVERS\btwhid.sys
2011/01/11 16:32:27.0343 BTWUSB (a01fd9851406de0870c23759e2f7b6ea) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/01/11 16:32:27.0390 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/01/11 16:32:27.0390 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/11 16:32:27.0453 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/01/11 16:32:27.0515 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/11 16:32:27.0593 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/11 16:32:27.0625 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/11 16:32:27.0687 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/01/11 16:32:27.0750 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/01/11 16:32:27.0781 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/01/11 16:32:27.0796 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/01/11 16:32:27.0812 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/11 16:32:27.0921 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
2011/01/11 16:32:27.0937 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/01/11 16:32:27.0953 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/01/11 16:32:27.0984 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS
2011/01/11 16:32:28.0015 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/01/11 16:32:28.0062 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/01/11 16:32:28.0078 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/01/11 16:32:28.0093 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
2011/01/11 16:32:28.0140 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/01/11 16:32:28.0187 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/01/11 16:32:28.0250 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/11 16:32:28.0281 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/11 16:32:28.0343 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/11 16:32:28.0375 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/11 16:32:28.0421 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/01/11 16:32:28.0468 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/11 16:32:28.0515 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/01/11 16:32:28.0546 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/01/11 16:32:28.0671 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/01/11 16:32:28.0765 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2011/01/11 16:32:28.0812 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/01/11 16:32:28.0890 e1express (00192f0c612591d585594e9467e6ca8b) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2011/01/11 16:32:29.0171 eeCtrl (47ce4e650d91dc095a2fddb15631a78a) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/01/11 16:32:29.0265 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/11 16:32:29.0312 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/01/11 16:32:29.0359 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/11 16:32:29.0406 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/01/11 16:32:29.0453 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/01/11 16:32:29.0515 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/11 16:32:29.0546 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/11 16:32:29.0625 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/01/11 16:32:29.0640 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/11 16:32:29.0703 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/01/11 16:32:29.0765 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/01/11 16:32:29.0812 hitmanpro35 (30b90793a568281bef70fa57dde305a2) C:\WINDOWS\system32\drivers\hitmanpro35.sys
2011/01/11 16:32:29.0828 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/01/11 16:32:29.0890 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/11 16:32:29.0921 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/01/11 16:32:29.0968 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/01/11 16:32:29.0984 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/11 16:32:30.0046 iaStor (019cf5f31c67030841233c545a0e217a) C:\WINDOWS\system32\drivers\iaStor.sys
2011/01/11 16:32:30.0125 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/11 16:32:30.0156 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/01/11 16:32:30.0218 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/01/11 16:32:30.0296 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/01/11 16:32:30.0343 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/01/11 16:32:30.0375 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/11 16:32:30.0421 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/11 16:32:30.0468 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/11 16:32:30.0531 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/11 16:32:30.0593 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/11 16:32:30.0640 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/11 16:32:30.0671 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/11 16:32:30.0718 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/01/11 16:32:30.0734 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/11 16:32:30.0781 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/11 16:32:30.0875 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2011/01/11 16:32:30.0921 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2011/01/11 16:32:31.0000 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/11 16:32:31.0078 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/11 16:32:31.0156 MotDev (e190ed75bcc7928143f8f2af4c34d91d) C:\WINDOWS\system32\DRIVERS\motodrv.sys
2011/01/11 16:32:31.0203 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/11 16:32:31.0312 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/01/11 16:32:31.0375 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/11 16:32:31.0406 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/01/11 16:32:31.0437 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/01/11 16:32:31.0468 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/11 16:32:31.0515 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/11 16:32:31.0546 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/11 16:32:31.0593 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/11 16:32:31.0609 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/11 16:32:31.0640 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/11 16:32:31.0656 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/11 16:32:31.0671 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/11 16:32:31.0687 n558 (861ba8b055d5115dbc347e24ffa1d5dc) C:\WINDOWS\system32\Drivers\n558.sys
2011/01/11 16:32:31.0734 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/11 16:32:31.0765 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/11 16:32:31.0781 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/11 16:32:31.0796 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/11 16:32:31.0828 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/11 16:32:31.0859 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/11 16:32:31.0921 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/11 16:32:31.0968 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/11 16:32:32.0000 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/11 16:32:32.0046 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/11 16:32:32.0359 nv (a05d99cbf55eb493c9e82b4bca848ef5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/01/11 16:32:32.0468 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/11 16:32:32.0515 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/11 16:32:32.0609 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2011/01/11 16:32:32.0625 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2011/01/11 16:32:32.0640 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2011/01/11 16:32:32.0687 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/01/11 16:32:32.0718 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/11 16:32:32.0750 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/11 16:32:32.0765 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/11 16:32:32.0843 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/11 16:32:32.0906 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/01/11 16:32:33.0000 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/01/11 16:32:33.0031 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/01/11 16:32:33.0093 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/11 16:32:33.0109 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/11 16:32:33.0140 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/11 16:32:33.0187 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/01/11 16:32:33.0250 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/01/11 16:32:33.0296 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/01/11 16:32:33.0375 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/01/11 16:32:33.0437 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/01/11 16:32:33.0515 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/01/11 16:32:33.0578 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/11 16:32:33.0625 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/11 16:32:33.0640 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/11 16:32:33.0656 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/11 16:32:33.0687 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/11 16:32:33.0718 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/11 16:32:33.0765 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/01/11 16:32:33.0828 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/11 16:32:33.0875 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/11 16:32:33.0937 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2011/01/11 16:32:34.0000 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/01/11 16:32:34.0046 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/01/11 16:32:34.0140 SCDEmu (c23dbd9bfba8b1170706e0896b3cf7da) C:\WINDOWS\system32\drivers\SCDEmu.sys
2011/01/11 16:32:34.0203 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/11 16:32:34.0250 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/01/11 16:32:34.0296 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/01/11 16:32:34.0359 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/01/11 16:32:34.0437 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/01/11 16:32:34.0468 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/01/11 16:32:34.0484 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/11 16:32:34.0562 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2011/01/11 16:32:34.0593 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/11 16:32:34.0625 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/11 16:32:34.0734 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys
2011/01/11 16:32:34.0812 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/01/11 16:32:34.0890 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/11 16:32:34.0953 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/11 16:32:35.0031 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/01/11 16:32:35.0046 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/01/11 16:32:35.0187 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
2011/01/11 16:32:35.0203 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/01/11 16:32:35.0265 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/01/11 16:32:35.0328 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/11 16:32:35.0421 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/11 16:32:35.0484 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/11 16:32:35.0531 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/11 16:32:35.0593 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/11 16:32:35.0671 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/01/11 16:32:35.0750 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/11 16:32:35.0812 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/01/11 16:32:35.0921 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/11 16:32:36.0015 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/01/11 16:32:36.0078 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/11 16:32:36.0140 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/11 16:32:36.0156 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/11 16:32:36.0203 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/01/11 16:32:36.0218 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/11 16:32:36.0234 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/01/11 16:32:36.0265 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/01/11 16:32:36.0328 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/01/11 16:32:36.0375 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/01/11 16:32:36.0437 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/11 16:32:36.0484 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/11 16:32:36.0562 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/01/11 16:32:36.0656 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/11 16:32:36.0750 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
2011/01/11 16:32:36.0843 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/01/11 16:32:36.0937 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/01/11 16:32:37.0015 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/01/11 16:32:37.0187 ================================================================================
2011/01/11 16:32:37.0187 Scan finished
2011/01/11 16:32:37.0187 ================================================================================

#7 Michael Rotch

Michael Rotch
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 11 January 2011 - 07:38 PM

This is the MBRcheck report:


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0200001c

Kernel Drivers (total 139):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7F79000 ACPI.sys
0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB7F68000 pci.sys
0xB80A8000 isapnp.sys
0xB80B8000 MountMgr.sys
0xB7F49000 ftdisk.sys
0xB8328000 PartMgr.sys
0xB80C8000 VolSnap.sys
0xB7E92000 iaStor.sys
0xB80D8000 disk.sys
0xB80E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB7E72000 fltmgr.sys
0xB7E60000 sr.sys
0xB7E4A000 DRVMCDB.SYS
0xB80F8000 PxHelp20.sys
0xB7E33000 KSecDD.sys
0xB7E20000 WudfPf.sys
0xB7D93000 Ntfs.sys
0xB7D66000 NDIS.sys
0xB7D4C000 Mup.sys
0xB82D8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB3DD5000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB3DC1000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB3D88000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xB83D0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB3D64000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB8400000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB3D3C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB82E8000 \SystemRoot\system32\DRIVERS\serial.sys
0xB56DB000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB82F8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB8632000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xB8308000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB8318000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB3D19000 \SystemRoot\system32\DRIVERS\ks.sys
0xB84A0000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xB3BCE000 \SystemRoot\system32\DRIVERS\btkrnl.sys
0xB863C000 \SystemRoot\system32\DRIVERS\serscan.sys
0xB8740000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB8138000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB7CFB000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB3BB7000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB8148000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB8158000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB8430000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB3BA6000 \SystemRoot\system32\DRIVERS\psched.sys
0xB8168000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB8458000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB8488000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB8178000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB8478000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB8490000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB8642000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB3B48000 \SystemRoot\system32\DRIVERS\update.sys
0xB47FD000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB8188000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB8646000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB3AF9000 \SystemRoot\system32\drivers\btaudio.sys
0xB3AD5000 \SystemRoot\system32\drivers\portcls.sys
0xB8198000 \SystemRoot\system32\drivers\drmk.sys
0xB81A8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB18A5000 \SystemRoot\system32\drivers\sthda.sys
0xB857C000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xB187E000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xB85AE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB86D7000 \SystemRoot\System32\Drivers\Null.SYS
0xB85B2000 \SystemRoot\System32\Drivers\Beep.SYS
0xB83B8000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0xB83E8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB83F8000 \SystemRoot\System32\drivers\vga.sys
0xB85B6000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB85BA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB8410000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB8420000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB56E7000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB184B000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB17F2000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB81E8000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xB17A4000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB81F8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB177C000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB175A000 \SystemRoot\System32\drivers\afd.sys
0xB8208000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB8218000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0xB16DF000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB166F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB8228000 \SystemRoot\System32\Drivers\Fips.SYS
0xB1611000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xB15EA000 \SystemRoot\System32\Drivers\aswSP.SYS
0xB8388000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xB83F0000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xB1742000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB8258000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB8428000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0xB8268000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xB1546000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xB173A000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB1732000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB8448000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0xB8468000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB8278000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB148F000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xB1752000 \SystemRoot\System32\drivers\Dxapi.sys
0xB8398000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB873E000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB103B000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xB8128000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xB8799000 \SystemRoot\System32\DLA\DLADResM.SYS
0xB0FAF000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xB47A1000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xB8612000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xB8438000 \SystemRoot\System32\DLA\DLABMFSM.SYS
0xB8470000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xB0F99000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xB0F82000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xB0E2C000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys
0xB593C000 \SystemRoot\system32\DRIVERS\nwlnknb.sys
0xB0E5E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB0CFD000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xB603D000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys
0xB0AA0000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB85C2000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xB0868000 \SystemRoot\system32\DRIVERS\srv.sys
0xB84B0000 \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
0xB47C9000 \??\C:\WINDOWS\system32\drivers\hitmanpro35.sys
0xB83C8000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xB02EF000 \SystemRoot\system32\drivers\wdmaud.sys
0xB0600000 \SystemRoot\system32\drivers\sysaudio.sys
0xB02A1000 \SystemRoot\system32\drivers\kmixer.sys
0xAFF5F000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 62):
0 System Idle Process
4 System
720 C:\WINDOWS\system32\smss.exe
788 csrss.exe
812 C:\WINDOWS\system32\winlogon.exe
856 C:\WINDOWS\system32\services.exe
868 C:\WINDOWS\system32\lsass.exe
1072 C:\WINDOWS\system32\nvsvc32.exe
1112 C:\WINDOWS\system32\svchost.exe
1180 svchost.exe
1276 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
1312 C:\WINDOWS\system32\svchost.exe
1356 C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
1388 C:\WINDOWS\system32\svchost.exe
1624 svchost.exe
1760 svchost.exe
1920 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
420 C:\WINDOWS\system32\spoolsv.exe
1804 svchost.exe
1844 svchost.exe
1696 PresentationFontCache.exe
560 C:\WINDOWS\system32\svchost.exe
548 C:\WINDOWS\system32\svchost.exe
1228 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
1332 C:\WINDOWS\system32\svchost.exe
1604 C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
1672 C:\WINDOWS\system32\svchost.exe
1716 C:\WINDOWS\system32\svchost.exe
2140 C:\WINDOWS\system32\searchindexer.exe
2488 HP1006MC.EXE
3008 alg.exe
292 C:\WINDOWS\explorer.exe
2072 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
2092 C:\Program Files\Microsoft Security Client\msseces.exe
1580 C:\Program Files\Conceptworld\NoteZilla\NoteZilla.exe
1712 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
2232 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2464 C:\WINDOWS\system32\ctfmon.exe
4084 C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
3840 C:\Program Files\SetPoint\SetPoint.exe
1456 C:\WINDOWS\system32\wuauclt.exe
2480 C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe
512 C:\Program Files\Windows Live\Contacts\wlcomm.exe
1560 C:\Program Files\iTunes\iTunes.exe
3756 C:\Program Files\iPod\bin\iPodService.exe
3308 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
344 C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
4440 C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
6096 C:\Ame 2.0\Amewin.exe
4912 C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
5028 C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
5128 C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3872 C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
5528 C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3720 C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
4328 C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
1888 C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
6136 C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
6060 C:\WINDOWS\system32\searchprotocolhost.exe
1096 searchfilterhost.exe
2404 C:\WINDOWS\system32\notepad.exe
1796 C:\Documents and Settings\Kevin\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00 (NTFS)

PhysicalDrive0 Model Number: ST3320620AS, Rev: 3.ADG

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:11 AM

Posted 11 January 2011 - 08:09 PM

The MBRCheck and TDSSKiller logs are good.

Thanks for letting me know about the original run too.

I would like to see an ESET scan as well

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Leave the top box checked and then check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
Posted Image
m0le is a proud member of UNITE

#9 Michael Rotch

Michael Rotch
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 11 January 2011 - 09:06 PM

I am running it now. I will be away from my computer for the remainder of the day, so I will post the log first thing tomorrow morning. Thank you for all your help.

#10 Michael Rotch

Michael Rotch
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 12 January 2011 - 12:30 PM

Windows decided to restart my computer last night automatically because there was an update. I restarted the scan, but it said it took 3 hours to complete last night. If history is an example of the present, I should have a log for you in 2 hours. Or, I will post back in 2 hours letting you know that there was no log.

#11 Michael Rotch

Michael Rotch
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 12 January 2011 - 08:28 PM

I apologize for the delay. My day ran away from me. The scan came up with no problems found. Thanks for all your help!

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:11 AM

Posted 14 January 2011 - 08:03 PM

Yep, we are at that stage...

You're clean. Good stuff! :thumbup2:

Let's do some clearing up

We Need to Clean Up our Mess
Download and Run OTC

We will now remove the tools we used during this fix using OTC.

  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
------------------------------------------------------------------------------------------------------------------------

Here's some advice on how you can keep your PC clean


Use and update your AntiVirus Software

You must have a good antivirus. There are plenty to choose from but I personally recommend the free options of Avast and Avira Antivir. If you want to purchase a security program then I recommend any of the following: AVG, Norton, McAfee, Kaspersky and ESET Nod32.

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

Use this next program to check for updates for programs already on your system. Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically, make sure that updates on any that are flagged are carried out as soon as possible

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Finally, here's a treasure trove of antivirus, antimalware and antispyware resources


That's it, happy surfing!

Cheers.

m0le
Posted Image
m0le is a proud member of UNITE

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:11 AM

Posted 20 January 2011 - 07:12 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users