Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser keeps getting redirected


  • This topic is locked This topic is locked
19 replies to this topic

#1 revoli

revoli

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 15 March 2011 - 02:40 PM

Hi

I have something lurking somewhere that causes my browser to be redirected to the most odd sites. I have tried reinstalling firefox, as well as trying explorer. I have also run the following both in networked mode having downloaded latest updtaes and then tried again in safe mode - each time cookies get found but not much more:

Norton antivirus 2011
Spybot
Adaware
Malwarebytes
Superantispyware
Avira

I also disabled add ons and extensions that I found but at the end of the day somethign is redirecting me to a rogue ip address that then seems to run wild and fancy free with my browsers.

Any ideas?

Attached extracts as per instructions:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by David at 17:05:36.73 on 15/03/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.1023.272 [GMT 0:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\WTouch\WTouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe
C:\Windows\system32\mgabg.exe
C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe
C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe
C:\PROGRA~1\SQUEEZ~1\server\SqueezeSvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Norton AntiVirus\Engine\18.5.0.125\ccSvcHst.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\WTouch\WTouchUser.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Bamboo Dock\BambooCore.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
C:\Program Files\DAP\DAP.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\PowerCheck\PowerCheck.exe
C:\Program Files\Squeezebox\SqueezeTray.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\2BrightSparks\SyncBackPro\SyncBackPro.exe
C:\Windows\system32\NMSAccessU.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Users\David\Documents\My DAP Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\18.5.0.125\ips\IPSBHO.DLL
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Download Accelerator Plus Integration: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
uRun: [AdobeBridge]
uRun: [Bamboo Dock] "c:\program files\bamboo dock\bamboo dock\Bamboo Dock.exe"
uRun: [Spyware Doctor] c:\users\david\desktop\sdsetup.exe -min
uRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun: [Matrox PowerDesk SE] "c:\program files\matrox graphics inc\powerdesk se\Matrox.PowerDesk SE.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Syslog]
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking10\ereg\ereg.exe" -r "c:\programdata\nuance\naturallyspeaking10\Ereg.ini
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [BambooCore] c:\program files\bamboo dock\BambooCore.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [USBToolTip] c:\progra~1\pinnacle\shared~1\programs\usbtip\USBTip.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\david\appdata\roaming\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\windows\installer\{f761359c-9ced-45ae-9a51-9d6605cd55c4}\Evernote.ico
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\powerc~1.lnk - c:\program files\powercheck\PowerCheck.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\squeez~1.lnk - c:\program files\squeezebox\SqueezeTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll
DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} - hxxps://internetbankingplus1.firstdirect.com/ibplus/frontdoorFD.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\david\appdata\roaming\mozilla\firefox\profiles\6mzpdu2w.default\
FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\IPSFFPlgn
FF - Ext: Download Accelerator Plus (DAP) extension: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08} - c:\program files\dap\DAPFireFox
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-3-14 64512]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1205000.07d\symds.sys [2011-3-14 340016]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1205000.07d\symefa.sys [2011-3-14 652336]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\bashdefs\20110309.001\BHDrvx86.sys [2011-3-9 800376]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\ipsdefs\20110314.001\IDSvix86.sys [2011-3-15 353912]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1205000.07d\ironx86.sys [2011-3-14 136312]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nav\1205000.07d\symnets.sys [2011-3-14 295032]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-3-14 1405384]
R2 Matrox.Pdesk.ServicesHost;Matrox.Pdesk.ServicesHost;c:\program files\matrox graphics inc\powerdesk se\Matrox.Pdesk.ServicesHost.exe [2009-6-11 344832]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\18.5.0.125\ccsvchst.exe [2011-3-14 130000]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-3-14 1153368]
R2 SqueezeMySQL;SqueezeMySQL;c:\progra~1\squeez~1\server\bin\mswin3~1\mysqld.exe --defaults-file=c:\progra~2\squeez~1\cache\my.cnf squeezemysql --> c:\progra~1\squeez~1\server\bin\mswin3~1\mysqld.exe --defaults-file=c:\progra~2\squeez~1\cache\my.cnf SqueezeMySQL [?]
R2 squeezesvc;Squeezebox Server;c:\progra~1\squeez~1\server\SqueezeSvr.exe [2011-1-29 10494037]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2010-9-14 4497704]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-6-28 173352]
R2 WTouchService;WTouch Service;c:\program files\wtouch\WTouchService.exe [2010-9-14 113448]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-3-14 102448]
R3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
R3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\drivers\WacomVTHid.sys [2010-9-14 13480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-22 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-1-4 79360]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-23 1343400]
.
=============== Created Last 30 ================
.
2011-03-15 15:26:37 0 ----a-w- c:\windows\system32\RENF554.tmp
2011-03-15 15:26:37 0 ----a-w- c:\windows\system32\RENF553.tmp
2011-03-15 15:26:37 0 ----a-w- c:\windows\system32\RENF543.tmp
2011-03-15 15:23:30 0 ----a-w- c:\windows\system32\REN17DF.tmp
2011-03-15 15:23:30 0 ----a-w- c:\windows\system32\REN17DE.tmp
2011-03-15 15:23:30 0 ----a-w- c:\windows\system32\REN17CD.tmp
2011-03-15 15:16:37 0 ----a-w- c:\windows\system32\RENCB91.tmp
2011-03-15 15:16:37 0 ----a-w- c:\windows\system32\RENCB90.tmp
2011-03-15 15:16:37 0 ----a-w- c:\windows\system32\RENCB7F.tmp
2011-03-15 14:58:25 71096 ----a-w- c:\windows\system32\NMSAccessU.exe
2011-03-15 14:58:25 17408 ----a-w- c:\windows\system32\SyncBackPro.dll
2011-03-15 14:58:22 -------- d-----w- c:\program files\2BrightSparks
2011-03-14 23:45:34 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-03-14 19:37:00 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-03-14 19:36:54 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-03-14 19:35:54 -------- d-----w- c:\users\david\appdata\local\Sunbelt Software
2011-03-14 19:35:00 -------- dc-h--w- c:\progra~2\{D3450D7D-6D3E-4734-804F-44124D54B5EB}
2011-03-14 19:34:26 -------- d-----w- c:\program files\Lavasoft
2011-03-14 14:48:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-14 14:48:06 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-03-14 14:43:31 -------- d-----w- c:\users\david\appdata\roaming\SUPERAntiSpyware.com
2011-03-14 14:43:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-14 13:38:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-14 13:38:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-14 09:48:02 -------- d-----w- c:\users\david\appdata\local\NPE
2011-03-14 08:01:59 652336 ----a-w- c:\windows\system32\drivers\nav\1205000.07d\symefa.sys
2011-03-14 08:01:59 295032 ----a-w- c:\windows\system32\drivers\nav\1205000.07d\symnets.sys
2011-03-14 08:01:58 509560 ----a-w- c:\windows\system32\drivers\nav\1205000.07d\srtsp.sys
2011-03-14 08:01:58 50168 ----a-w- c:\windows\system32\drivers\nav\1205000.07d\srtspx.sys
2011-03-14 08:01:58 340016 ----a-w- c:\windows\system32\drivers\nav\1205000.07d\symds.sys
2011-03-14 08:01:58 136312 ----a-w- c:\windows\system32\drivers\nav\1205000.07d\ironx86.sys
2011-03-14 08:01:32 -------- d-----w- c:\windows\system32\drivers\nav\1205000.07D
2011-03-14 07:45:13 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-03-14 07:45:12 -------- d-----w- c:\program files\Symantec
2011-03-14 07:45:12 -------- d-----w- c:\program files\common files\Symantec Shared
2011-03-14 07:43:57 -------- d-----w- c:\windows\system32\drivers\NAV
2011-03-14 07:43:49 -------- d-----w- c:\program files\Norton AntiVirus
2011-03-14 07:43:47 -------- d-----w- c:\progra~2\Norton
2011-03-14 07:43:32 -------- d-----w- c:\program files\NortonInstaller
2011-03-14 07:43:32 -------- d-----w- c:\progra~2\NortonInstaller
2011-03-10 17:00:46 -------- d-----w- c:\users\david\appdata\roaming\Malwarebytes
2011-03-10 17:00:40 -------- d-----w- c:\progra~2\Malwarebytes
2011-03-10 17:00:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-10 16:27:28 -------- d-----w- c:\program files\PC Tools Security
2011-03-10 16:23:52 -------- d-----w- c:\progra~2\PC Tools
2011-03-10 11:39:58 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2011-03-10 01:24:23 -------- d-----w- c:\users\david\appdata\local\AlbumArtDownloader
2011-03-10 01:23:57 -------- d-----w- c:\program files\AlbumArtDownloader
2011-03-09 05:04:13 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-03-09 05:04:12 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-03-09 05:04:11 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-09 05:04:08 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-09 05:04:08 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 05:04:07 850432 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 05:04:07 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 05:04:02 2690560 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 05:04:02 1034240 ----a-w- c:\windows\system32\mstsc.exe
2011-03-04 11:27:47 200704 --sha-r- c:\windows\system32\bthcir.dll
2011-03-03 17:06:52 -------- d-----w- c:\users\david\.bliss
2011-03-03 17:04:27 -------- d-----w- c:\program files\bliss
2011-03-01 10:11:30 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{fb098fc0-bb94-4718-a3f4-a4752a925c22}\mpengine.dll
2011-02-23 22:17:41 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-02-23 09:58:32 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-23 09:58:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-16 11:57:47 -------- d-----w- c:\users\david\appdata\roaming\DocumentsToGoDesktop
2011-02-16 11:57:34 -------- d-----w- c:\program files\Documents To Go Desktop
.
==================== Find3M ====================
.
2011-02-02 21:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 17:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-29 17:48:26 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys
2010-12-21 05:38:24 73728 ----a-w- c:\windows\system32\wscsvc.dll
2010-12-21 05:38:24 51200 ----a-w- c:\windows\system32\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- c:\windows\system32\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- c:\windows\system32\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- c:\windows\system32\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- c:\windows\system32\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- c:\windows\system32\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- c:\windows\system32\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- c:\windows\system32\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- c:\windows\system32\davclnt.dll
2010-12-18 05:29:40 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 05:29:31 541184 ----a-w- c:\windows\system32\kerberos.dll
2010-12-18 04:20:55 386048 ----a-w- c:\windows\system32\html.iec
2010-12-18 03:47:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 17:07:45.31 ===============


XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-03-15 19:29:01
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3200822A rev.3.01
Running: gmer.exe; Driver: C:\Users\David\AppData\Local\Temp\pwlcapod.sys


---- System - GMER 1.0.15 ----

SSDT 85A65F90 ZwAlertResumeThread
SSDT 85A69078 ZwAlertThread
SSDT 85A69988 ZwAllocateVirtualMemory
SSDT 8567EBF8 ZwAlpcConnectPort
SSDT 85A65630 ZwAssignProcessToJobObject
SSDT 85A65BD8 ZwCreateMutant
SSDT 85A65350 ZwCreateSymbolicLinkObject
SSDT 85A69E90 ZwCreateThread
SSDT 85A65440 ZwCreateThreadEx
SSDT 85A65710 ZwDebugActiveProcess
SSDT 85A69B58 ZwDuplicateObject
SSDT 85A697A8 ZwFreeVirtualMemory
SSDT 85A65CC8 ZwImpersonateAnonymousToken
SSDT 85A65E08 ZwImpersonateThread
SSDT 8589EB90 ZwLoadDriver
SSDT 85A696A8 ZwMapViewOfSection
SSDT 85A65AF8 ZwOpenEvent
SSDT 85A69D38 ZwOpenProcess
SSDT 85A69A78 ZwOpenProcessToken
SSDT 85A65938 ZwOpenSection
SSDT 85A69C48 ZwOpenThread
SSDT 85A65540 ZwProtectVirtualMemory
SSDT 85A69158 ZwResumeThread
SSDT 85A693F8 ZwSetContextThread
SSDT 85A694D8 ZwSetInformationProcess
SSDT 85A657F0 ZwSetSystemInformation
SSDT 85A65A18 ZwSuspendProcess
SSDT 85A69238 ZwSuspendThread
SSDT 85A69F90 ZwTerminateProcess
SSDT 85A69318 ZwTerminateThread
SSDT 85A695C8 ZwUnmapViewOfSection
SSDT 85A69898 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwSaveKeyEx + 13B1 82C388A9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C58312 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 139B 82C5F5A8 8 Bytes [90, 5F, A6, 85, 78, 90, A6, ...]
.text ntoskrnl.exe!KeRemoveQueueEx + 13B3 82C5F5C0 4 Bytes [88, 99, A6, 85]
.text ntoskrnl.exe!KeRemoveQueueEx + 13BF 82C5F5CC 4 Bytes [F8, EB, 67, 85]
.text ntoskrnl.exe!KeRemoveQueueEx + 1413 82C5F620 4 Bytes [30, 56, A6, 85]
.text ntoskrnl.exe!KeRemoveQueueEx + 148F 82C5F69C 4 Bytes [D8, 5B, A6, 85]
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x9181B340, 0x28CEB7, 0xE8000020]
? C:\Users\David\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[5296] ntdll.dll!NtQueryInformationProcess 778152F0 5 Bytes JMP 00CD0C82
.text C:\Program Files\Mozilla Firefox\firefox.exe[5296] ntdll.dll!LdrLoadDll 7782F5B5 5 Bytes JMP 012C003A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5296] WS2_32.dll!closesocket 77703BED 5 Bytes JMP 00CBC304
.text C:\Program Files\Mozilla Firefox\firefox.exe[5296] WS2_32.dll!recv 777047DF 5 Bytes JMP 00CBC093
.text C:\Program Files\Mozilla Firefox\firefox.exe[5296] WS2_32.dll!GetAddrInfoW 777060F5 2 Bytes JMP 00CBB696
.text C:\Program Files\Mozilla Firefox\firefox.exe[5296] WS2_32.dll!GetAddrInfoW + 3 777060F8 2 Bytes [5B, 89]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5296] WS2_32.dll!getaddrinfo 77706737 5 Bytes JMP 00CBB5B6
.text C:\Program Files\Mozilla Firefox\firefox.exe[5296] WS2_32.dll!WSASend 777068A7 5 Bytes JMP 00CBC13D
.text C:\Program Files\Mozilla Firefox\firefox.exe[5296] WS2_32.dll!WSARecv 7770C29F 5 Bytes JMP 00CBC20E
.text C:\Program Files\Mozilla Firefox\firefox.exe[5296] WS2_32.dll!send 7770C4C8 5 Bytes JMP 00CBBFED
.text C:\Program Files\Mozilla Firefox\firefox.exe[5296] WS2_32.dll!WSAAsyncGetHostByName 77716D2A 5 Bytes JMP 00CBB91A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5296] WS2_32.dll!gethostbyname 77717133 5 Bytes JMP 00CBB4F9
.text C:\Program Files\Mozilla Firefox\firefox.exe[5296] USER32.dll!DrawTextExW 75EF7BDD 5 Bytes JMP 00CBC8DF
.text C:\Program Files\Mozilla Firefox\firefox.exe[5296] USER32.dll!DrawTextW 75EF8220 5 Bytes JMP 00CBC71B
.text C:\Program Files\Mozilla Firefox\firefox.exe[5296] USER32.dll!SetClipboardData 75F04979 5 Bytes JMP 00CBC392
.text C:\Program Files\Mozilla Firefox\firefox.exe[5296] USER32.dll!DrawTextA 75F0A482 5 Bytes JMP 00CBC63F
.text C:\Program Files\Mozilla Firefox\firefox.exe[5296] USER32.dll!DrawTextExA 75F0A4B9 5 Bytes JMP 00CBC7F7
.text C:\Program Files\Mozilla Firefox\firefox.exe[5296] USER32.dll!DialogBoxParamW 75F1564A 5 Bytes JMP 00CBB9F5
.text C:\Program Files\Mozilla Firefox\firefox.exe[5296] GDI32.dll!ExtTextOutW 766A8053 5 Bytes JMP 00CBCAAC
.text C:\Program Files\Mozilla Firefox\firefox.exe[5296] GDI32.dll!GetGlyphIndicesW 766AB521 5 Bytes JMP 00CBCF2D
.text C:\Program Files\Mozilla Firefox\firefox.exe[5296] GDI32.dll!ExtTextOutA 766B0158 5 Bytes JMP 00CBC9C7
.text C:\Program Files\Mozilla Firefox\firefox.exe[5296] GDI32.dll!TextOutA 766B0878 5 Bytes JMP 00CBC4A5
.text C:\Program Files\Mozilla Firefox\firefox.exe[5296] GDI32.dll!TextOutW 766C14B9 5 Bytes JMP 00CBC572
.text C:\Program Files\Mozilla Firefox\firefox.exe[5296] GDI32.dll!GetGlyphIndicesA 766CBC42 5 Bytes JMP 00CBCE63

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000054 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Users\Public\Documents\Pinnacle\Content\MotionTitles\-Looks\Standard\01 \x2013 Soft Shadow Looks.ixLook 1
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- EOF - GMER 1.0.15 ----

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

I also have the file Attach.txt if needed....

Thanks in advance

More info 16th March 2011:

Norton blocked "Blackhole Toolkit Activity". Searching the web this is seen as a serious threat but I cannot find any approrpirate security response. It looks like some sort of Java exploitation so I will turn off Java add ons........

Edited by revoli, 16 March 2011 - 04:59 AM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:50 AM

Posted 20 March 2011 - 05:19 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 revoli

revoli
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 21 March 2011 - 04:50 AM

Hi Mole.

Thanks for picking this up. I am somewhat desperate as this computer is my life line at the moment as I have been laid up for last few months and unable to move much. Anything you can do to get my PC up and running smoothly would be handy. Look forward to hearing from you.

Revoli

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:50 AM

Posted 21 March 2011 - 04:43 PM

Okay, let's check for a specific rootkit first off

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#5 revoli

revoli
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 22 March 2011 - 10:29 AM

Hi Mole

TDS Killer report below. It did not report anything untoward.

Regards
Revoli

2011/03/22 15:07:08.0983 5236 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/22 15:07:09.0318 5236 ================================================================================
2011/03/22 15:07:09.0318 5236 SystemInfo:
2011/03/22 15:07:09.0318 5236
2011/03/22 15:07:09.0318 5236 OS Version: 6.1.7600 ServicePack: 0.0
2011/03/22 15:07:09.0318 5236 Product type: Workstation
2011/03/22 15:07:09.0318 5236 ComputerName: OFFICEPC
2011/03/22 15:07:09.0318 5236 UserName: David
2011/03/22 15:07:09.0319 5236 Windows directory: C:\Windows
2011/03/22 15:07:09.0319 5236 System windows directory: C:\Windows
2011/03/22 15:07:09.0319 5236 Processor architecture: Intel x86
2011/03/22 15:07:09.0319 5236 Number of processors: 2
2011/03/22 15:07:09.0319 5236 Page size: 0x1000
2011/03/22 15:07:09.0319 5236 Boot type: Normal boot
2011/03/22 15:07:09.0319 5236 ================================================================================
2011/03/22 15:07:16.0280 5236 Initialize success
2011/03/22 15:07:36.0225 5828 ================================================================================
2011/03/22 15:07:36.0225 5828 Scan started
2011/03/22 15:07:36.0226 5828 Mode: Manual;
2011/03/22 15:07:36.0226 5828 ================================================================================
2011/03/22 15:07:38.0531 5828 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/03/22 15:07:38.0878 5828 61883 (beb5e6a8c17c3c7485563281e0f9e77e) C:\Windows\system32\DRIVERS\61883.sys
2011/03/22 15:07:39.0013 5828 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/03/22 15:07:39.0072 5828 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/03/22 15:07:39.0189 5828 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/03/22 15:07:39.0340 5828 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/03/22 15:07:39.0468 5828 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/03/22 15:07:39.0625 5828 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/03/22 15:07:39.0936 5828 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/03/22 15:07:40.0242 5828 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/03/22 15:07:40.0414 5828 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/03/22 15:07:40.0487 5828 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/03/22 15:07:40.0546 5828 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/03/22 15:07:40.0669 5828 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/03/22 15:07:40.0814 5828 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/03/22 15:07:41.0010 5828 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/03/22 15:07:41.0166 5828 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/03/22 15:07:41.0229 5828 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/03/22 15:07:41.0386 5828 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/03/22 15:07:41.0652 5828 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/03/22 15:07:41.0737 5828 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/03/22 15:07:41.0856 5828 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/22 15:07:41.0929 5828 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/03/22 15:07:42.0118 5828 Avc (c44bdd77e06053cf5afe046f3a47c16b) C:\Windows\system32\DRIVERS\avc.sys
2011/03/22 15:07:42.0255 5828 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/03/22 15:07:42.0408 5828 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/03/22 15:07:42.0644 5828 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/03/22 15:07:42.0990 5828 BHDrvx86 (32d6e07922d17bed40ae746fc86b8a68) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys
2011/03/22 15:07:43.0203 5828 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/03/22 15:07:43.0340 5828 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/22 15:07:43.0417 5828 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/03/22 15:07:43.0512 5828 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/03/22 15:07:43.0622 5828 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/03/22 15:07:43.0692 5828 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/03/22 15:07:43.0755 5828 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/03/22 15:07:43.0802 5828 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/03/22 15:07:43.0844 5828 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/03/22 15:07:43.0932 5828 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/22 15:07:43.0997 5828 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/22 15:07:44.0056 5828 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/03/22 15:07:44.0125 5828 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/03/22 15:07:44.0377 5828 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/22 15:07:44.0474 5828 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/03/22 15:07:44.0649 5828 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/03/22 15:07:44.0793 5828 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/22 15:07:44.0875 5828 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/03/22 15:07:44.0943 5828 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/03/22 15:07:45.0070 5828 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/03/22 15:07:45.0262 5828 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/03/22 15:07:45.0345 5828 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/03/22 15:07:45.0407 5828 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/03/22 15:07:45.0651 5828 dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
2011/03/22 15:07:45.0792 5828 Dot4Print (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/03/22 15:07:46.0035 5828 Dot4Scan (9f7de667c505ce6500becdd8e11644d7) C:\Windows\system32\DRIVERS\Dot4Scan.sys
2011/03/22 15:07:46.0328 5828 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/03/22 15:07:46.0673 5828 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/03/22 15:07:46.0939 5828 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/22 15:07:47.0611 5828 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/03/22 15:07:47.0851 5828 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/03/22 15:07:48.0044 5828 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/03/22 15:07:48.0136 5828 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/03/22 15:07:48.0201 5828 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/03/22 15:07:48.0298 5828 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/03/22 15:07:48.0419 5828 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/03/22 15:07:48.0601 5828 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/22 15:07:48.0677 5828 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/03/22 15:07:48.0748 5828 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/03/22 15:07:48.0792 5828 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/22 15:07:48.0865 5828 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/03/22 15:07:48.0953 5828 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/03/22 15:07:48.0998 5828 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/22 15:07:49.0087 5828 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/03/22 15:07:49.0171 5828 G400DH (2dd3d27e36ebf6804c40b843ff10872f) C:\Windows\system32\DRIVERS\g400dhm.sys
2011/03/22 15:07:49.0246 5828 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/03/22 15:07:49.0326 5828 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/03/22 15:07:49.0439 5828 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/03/22 15:07:49.0501 5828 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/22 15:07:49.0548 5828 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/03/22 15:07:49.0610 5828 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/03/22 15:07:49.0652 5828 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/03/22 15:07:49.0731 5828 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/22 15:07:49.0826 5828 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/03/22 15:07:49.0884 5828 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/03/22 15:07:49.0933 5828 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/03/22 15:07:49.0988 5828 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/22 15:07:50.0079 5828 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/03/22 15:07:50.0435 5828 IDSVix86 (33ca0e61eab15d439a1f592ddc020712) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110317.005\IDSvix86.sys
2011/03/22 15:07:50.0559 5828 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/03/22 15:07:50.0628 5828 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/03/22 15:07:50.0687 5828 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/22 15:07:50.0743 5828 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/22 15:07:50.0805 5828 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/03/22 15:07:50.0854 5828 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/03/22 15:07:50.0916 5828 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/03/22 15:07:50.0966 5828 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/03/22 15:07:51.0019 5828 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/22 15:07:51.0082 5828 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/22 15:07:51.0143 5828 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/03/22 15:07:51.0199 5828 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/22 15:07:51.0342 5828 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/03/22 15:07:51.0548 5828 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/03/22 15:07:51.0678 5828 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
2011/03/22 15:07:51.0766 5828 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/22 15:07:51.0847 5828 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/03/22 15:07:51.0904 5828 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/03/22 15:07:51.0949 5828 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/03/22 15:07:51.0993 5828 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/03/22 15:07:52.0062 5828 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/03/22 15:07:52.0136 5828 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\Windows\system32\DRIVERS\MarvinBus.sys
2011/03/22 15:07:52.0218 5828 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/03/22 15:07:52.0286 5828 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/03/22 15:07:52.0366 5828 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/03/22 15:07:52.0438 5828 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/22 15:07:52.0518 5828 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/22 15:07:52.0577 5828 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/22 15:07:52.0620 5828 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/03/22 15:07:52.0690 5828 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/03/22 15:07:52.0735 5828 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/22 15:07:52.0792 5828 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/03/22 15:07:52.0874 5828 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/22 15:07:53.0199 5828 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/22 15:07:53.0676 5828 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/22 15:07:54.0000 5828 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/03/22 15:07:54.0190 5828 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/03/22 15:07:54.0473 5828 MSDV (114b67c324d64c8195fd3bf93b4df02a) C:\Windows\system32\DRIVERS\msdv.sys
2011/03/22 15:07:54.0719 5828 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/03/22 15:07:54.0927 5828 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/03/22 15:07:55.0128 5828 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/03/22 15:07:55.0419 5828 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/22 15:07:55.0710 5828 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/22 15:07:55.0932 5828 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/03/22 15:07:56.0138 5828 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/03/22 15:07:56.0373 5828 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/22 15:07:56.0627 5828 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/03/22 15:07:56.0737 5828 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/03/22 15:07:56.0905 5828 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/03/22 15:07:57.0182 5828 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/22 15:07:57.0713 5828 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110321.033\NAVENG.SYS
2011/03/22 15:07:58.0467 5828 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110321.033\NAVEX15.SYS
2011/03/22 15:07:58.0944 5828 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/03/22 15:07:59.0397 5828 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/03/22 15:07:59.0686 5828 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/22 15:07:59.0971 5828 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/22 15:08:00.0217 5828 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/22 15:08:00.0307 5828 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/03/22 15:08:00.0447 5828 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/22 15:08:00.0571 5828 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/22 15:08:00.0823 5828 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/03/22 15:08:01.0017 5828 NPF (b15e0180c43d8b5219196d76878cc2dd) C:\Windows\system32\DRIVERS\aztech_npf32.sys
2011/03/22 15:08:01.0087 5828 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/03/22 15:08:01.0160 5828 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/22 15:08:01.0261 5828 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/03/22 15:08:01.0340 5828 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/03/22 15:08:01.0593 5828 nvlddmkm (d37174e8014da46be1a81e7b02237ac0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/03/22 15:08:01.0828 5828 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/03/22 15:08:01.0887 5828 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/03/22 15:08:01.0951 5828 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/03/22 15:08:02.0003 5828 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/22 15:08:02.0125 5828 P17 (f2519d547a6ac2afe0df0dc826a085a7) C:\Windows\system32\drivers\P17.sys
2011/03/22 15:08:02.0268 5828 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/03/22 15:08:02.0318 5828 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/03/22 15:08:02.0376 5828 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/03/22 15:08:02.0435 5828 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/03/22 15:08:02.0486 5828 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/03/22 15:08:02.0537 5828 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/03/22 15:08:02.0584 5828 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/03/22 15:08:02.0675 5828 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/03/22 15:08:02.0983 5828 Point32 (60a044879c4fa76314494f5fddc43b93) C:\Windows\system32\DRIVERS\point32.sys
2011/03/22 15:08:03.0083 5828 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/22 15:08:03.0145 5828 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/03/22 15:08:03.0224 5828 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/22 15:08:03.0309 5828 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/03/22 15:08:03.0405 5828 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/03/22 15:08:03.0475 5828 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/22 15:08:03.0530 5828 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/22 15:08:03.0577 5828 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/03/22 15:08:03.0663 5828 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/22 15:08:03.0756 5828 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/22 15:08:03.0803 5828 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/22 15:08:03.0842 5828 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/22 15:08:03.0897 5828 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/03/22 15:08:03.0944 5828 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/22 15:08:04.0022 5828 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/03/22 15:08:04.0077 5828 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/22 15:08:04.0131 5828 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/03/22 15:08:04.0334 5828 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/03/22 15:08:04.0397 5828 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/03/22 15:08:04.0506 5828 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/22 15:08:04.0592 5828 RTL8023xp (166911eada13cd34dd8f8c667707be94) C:\Windows\system32\DRIVERS\Rtnicxp.sys
2011/03/22 15:08:04.0663 5828 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/03/22 15:08:04.0815 5828 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/03/22 15:08:04.0893 5828 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/03/22 15:08:04.0991 5828 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/03/22 15:08:05.0071 5828 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/03/22 15:08:05.0159 5828 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/03/22 15:08:05.0252 5828 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/03/22 15:08:05.0311 5828 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/03/22 15:08:05.0356 5828 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/03/22 15:08:05.0469 5828 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/03/22 15:08:05.0506 5828 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/03/22 15:08:05.0561 5828 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/03/22 15:08:05.0604 5828 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/03/22 15:08:05.0678 5828 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/03/22 15:08:05.0745 5828 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/03/22 15:08:05.0793 5828 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/03/22 15:08:05.0850 5828 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/03/22 15:08:05.0946 5828 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/03/22 15:08:06.0145 5828 SRTSP (a7a104a61c4e30de9c58f8c372a5c209) C:\Windows\System32\Drivers\NAV\1205000.07D\SRTSP.SYS
2011/03/22 15:08:06.0196 5828 SRTSPX (2833445f786bd000bb14c84a9d91347a) C:\Windows\system32\drivers\NAV\1205000.07D\SRTSPX.SYS
2011/03/22 15:08:06.0268 5828 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2011/03/22 15:08:06.0336 5828 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/22 15:08:06.0420 5828 SrvHsfPCI (682fcf7d2eb5158cd30408e976562408) C:\Windows\system32\DRIVERS\VSTBS23.SYS
2011/03/22 15:08:06.0497 5828 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/03/22 15:08:06.0581 5828 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/03/22 15:08:06.0668 5828 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/22 15:08:06.0752 5828 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/03/22 15:08:06.0831 5828 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/03/22 15:08:06.0879 5828 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/03/22 15:08:06.0930 5828 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/22 15:08:07.0122 5828 SymDS (bdf077b897b5f9f929b6bf0cfd436962) C:\Windows\system32\drivers\NAV\1205000.07D\SYMDS.SYS
2011/03/22 15:08:07.0186 5828 SymEFA (7732298ad2eddd364c1d4f439d99ae7c) C:\Windows\system32\drivers\NAV\1205000.07D\SYMEFA.SYS
2011/03/22 15:08:07.0262 5828 SymEvent (5c76a63fac8a5580c5a1c4a4ed827782) C:\Windows\system32\Drivers\SYMEVENT.SYS
2011/03/22 15:08:07.0329 5828 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\NAV\1205000.07D\Ironx86.SYS
2011/03/22 15:08:07.0389 5828 SymNetS (d4636a051890a92d1c8c2d9e7a5c8381) C:\Windows\System32\Drivers\NAV\1205000.07D\SYMNETS.SYS
2011/03/22 15:08:07.0565 5828 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/03/22 15:08:07.0723 5828 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/22 15:08:07.0799 5828 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/22 15:08:07.0864 5828 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/03/22 15:08:07.0911 5828 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/03/22 15:08:07.0961 5828 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/22 15:08:08.0041 5828 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/22 15:08:08.0172 5828 truecrypt (aceb4f4f83b895e15c8c1a2f55009783) C:\Windows\system32\drivers\truecrypt.sys
2011/03/22 15:08:08.0264 5828 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/22 15:08:08.0319 5828 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/22 15:08:08.0368 5828 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/03/22 15:08:08.0442 5828 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/22 15:08:08.0581 5828 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/03/22 15:08:08.0639 5828 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/22 15:08:08.0690 5828 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/03/22 15:08:08.0788 5828 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2011/03/22 15:08:08.0858 5828 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
2011/03/22 15:08:08.0936 5828 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/22 15:08:08.0987 5828 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/03/22 15:08:09.0034 5828 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/22 15:08:09.0108 5828 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/22 15:08:09.0163 5828 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/03/22 15:08:09.0217 5828 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/03/22 15:08:09.0272 5828 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/22 15:08:09.0323 5828 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/22 15:08:09.0476 5828 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/03/22 15:08:09.0541 5828 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/22 15:08:09.0604 5828 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/03/22 15:08:09.0677 5828 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/03/22 15:08:09.0784 5828 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/03/22 15:08:09.0846 5828 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/03/22 15:08:09.0903 5828 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/03/22 15:08:09.0962 5828 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/03/22 15:08:10.0030 5828 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/03/22 15:08:10.0087 5828 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/03/22 15:08:10.0153 5828 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/03/22 15:08:10.0234 5828 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/03/22 15:08:10.0297 5828 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/03/22 15:08:10.0365 5828 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/03/22 15:08:10.0488 5828 wacmoumonitor (8724531219ae3f9e3729012b61dce527) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
2011/03/22 15:08:10.0549 5828 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
2011/03/22 15:08:10.0614 5828 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/03/22 15:08:10.0680 5828 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\Windows\system32\DRIVERS\wacomvhid.sys
2011/03/22 15:08:10.0761 5828 WacomVTHid (6d95cb7cefe61b62472076187277edf6) C:\Windows\system32\DRIVERS\WacomVTHid.sys
2011/03/22 15:08:10.0846 5828 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/22 15:08:10.0885 5828 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/22 15:08:11.0002 5828 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/03/22 15:08:11.0064 5828 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/22 15:08:11.0213 5828 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/03/22 15:08:11.0258 5828 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/03/22 15:08:11.0482 5828 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/03/22 15:08:11.0552 5828 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/03/22 15:08:11.0654 5828 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/22 15:08:11.0763 5828 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/03/22 15:08:11.0826 5828 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/22 15:08:11.0982 5828 ================================================================================
2011/03/22 15:08:11.0982 5828 Scan finished
2011/03/22 15:08:11.0982 5828 ================================================================================

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:50 AM

Posted 22 March 2011 - 06:51 PM

Please run Combofix next

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#7 revoli

revoli
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 23 March 2011 - 05:15 PM

Hi Mole

I ran Combo fix, unfortunately it got interrupted by another user strolling in when I was not looking...

Just to be certain it did run completely I ran it again. I failed to save the log file under different name so lost that. Attached is the log from 2nd run. Checking with the browser after a reboot looks promising, it has not redirected me! There is tons of disc activity but that may just be because of all the antivirus software I have been loading up. I am not going to do anything until you tell me....

Attached file.

Attached Files



#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:50 AM

Posted 23 March 2011 - 09:06 PM

Please run Combofix again, as shown

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

File::
c:\windows\system32\RENEBC8.tmp
c:\windows\system32\RENEBC7.tmp
c:\windows\system32\RENEBB6.tmp
c:\windows\system32\RENF554.tmp
c:\windows\system32\RENF553.tmp
c:\windows\system32\RENF543.tmp
c:\windows\system32\REN17DF.tmp
c:\windows\system32\REN17DE.tmp
c:\windows\system32\REN17CD.tmp
c:\windows\system32\RENCB91.tmp
c:\windows\system32\RENCB90.tmp
c:\windows\system32\RENCB7F.tmp


Save this as CFScript.txt, in the same location as Comfix.exe (called ComboFix.exe in the below graphic)


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

If the program requests for you to update Combofix then click Yes.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Posted Image
m0le is a proud member of UNITE

#9 revoli

revoli
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 24 March 2011 - 02:34 PM

Greeting Mole

Another combofix log attached. It seemed to run OK. I noticed that somewhere in this my Java has been corrupted (I am pretty sure it is connected to the virus). I have not tried to reinstall this since starting this process but previously it would crash out every time. Just thought would mention it.

Attached Files



#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:50 AM

Posted 24 March 2011 - 06:12 PM

Let's move on to the ESET online scanner.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Posted Image
m0le is a proud member of UNITE

#11 revoli

revoli
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 25 March 2011 - 05:38 PM

Ok, have run ESET scanner, it came back after a long run to report no threats found. I could not see an option for a report - is this because it found nothing exciting?

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:50 AM

Posted 25 March 2011 - 09:10 PM

Yes, no log is a clean log :)

How is the PC running?
Posted Image
m0le is a proud member of UNITE

#13 revoli

revoli
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 25 March 2011 - 10:19 PM

The browser is no longer being redirected :-). If I leave PC running it eventually falls over but that may just be all the extra anti virus software I have loaded up. It probably needs me to go through and remove redundant software?

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:50 AM

Posted 26 March 2011 - 04:32 AM

Yes, please remove the redundant security programs and also, update your Java

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Jdk 6 Update 24 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u24-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.


Now run ATF

Please download ATF Cleaner by Atribune. Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

NB: If you are using Firefox and this has caused page loading problems then please clear your private data. To do this go
to the Tools menu, select Clear Private Data, and then check Cache. Click Clear Private Data Now.

This could also be Clear Recent History or similar

Then close Firefox and then reopen it.

Posted Image
m0le is a proud member of UNITE

#15 revoli

revoli
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 27 March 2011 - 01:52 PM

Mmm

Cannot gvet Java to uninstall. I think this may be where my problem has been lurking. Java does not work on my PC. Whem trying to uninstall I gert an Error 1723 ...problem windows installer package... a dll required could not be run...

So cannot do it from add remove programs. Tried to install new package over the top of it, it tells me that software already installed and even though I tell it to install again it starts by trying to uninstall existing version which results in same errort message.

I cannot find anything that removes Java on the web. There were some Micorsoft utilities for unsitalling software that is bothersome but they appear to have been withdrawn...

Any bright ideas?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users