Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

xp recovery & google links redirected


  • This topic is locked This topic is locked
11 replies to this topic

#1 chrislamb33

chrislamb33

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 09 June 2011 - 09:48 AM

Hi,
I have the same problem as the topic below. I have removed the xp recovery problem but the redirecting still happens. Below is the unhooker & OTL logs:

OTL Logs:

OTL logfile created on: 09/06/2011 15:41:40 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Owner\Desktop\setups
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.49 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 50.89% Memory free
3.08 Gb Paging File | 1.99 Gb Available in Paging File | 64.79% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 14.55 Gb Free Space | 39.06% Space Free | Partition Type: NTFS

Computer Name: MAXDATA-F66BDED | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/09 15:31:57 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\desktop\setups\OTL.exe
PRC - [2011/06/02 13:17:18 | 001,641,488 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Local Settings\Temp\HouseCall\housecall.bin
PRC - [2011/05/27 08:26:18 | 000,108,344 | ---- | M] (Glarysoft Ltd) -- C:\Program Files\Glary Utilities\memdefrag.exe
PRC - [2011/05/25 02:00:34 | 002,151,128 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/05/25 02:00:34 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/05/24 19:00:18 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/05/18 22:20:24 | 000,142,848 | ---- | M] () -- C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | -HS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/11/27 12:58:28 | 003,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2006/06/01 06:49:38 | 001,196,032 | ---- | M] (Quanta Computer, INC.) -- C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe


========== Modules (SafeList) ==========

MOD - [2011/06/09 15:31:57 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\desktop\setups\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/05/13 10:13:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/25 02:00:34 | 002,151,128 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2007/11/27 12:58:28 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Running] -- -- (Avgtdix)
DRV - File not found [File_System | Disabled | Running] -- -- (Avgrkx86)
DRV - File not found [Kernel | Disabled | Running] -- -- (AVGIDSShim)
DRV - File not found [Kernel | Disabled | Running] -- -- (AVGIDSFilter)
DRV - File not found [Kernel | Disabled | Running] -- -- (AVGIDSEH)
DRV - File not found [Kernel | Disabled | Running] -- -- (AVGIDSDriver)
DRV - [2011/05/25 02:00:36 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/05/25 02:00:36 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/09/06 10:26:20 | 000,189,520 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/05/31 19:43:26 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/19 23:23:44 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/19 23:23:44 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/09/06 18:36:29 | 000,015,172 | ---- | M] (Prassi Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\PzWDM.sys -- (PzWDM)
DRV - [2008/04/13 19:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2007/05/11 04:10:50 | 000,034,704 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2007/05/09 02:59:40 | 000,036,496 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2007/03/05 07:00:04 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2007/03/05 06:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\btnetdrv.sys -- (BT)
DRV - [2007/03/05 06:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2007/03/05 06:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2007/03/05 06:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2007/03/05 06:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\VComm.sys -- (VComm)
DRV - [2006/09/22 04:32:02 | 001,428,224 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2006/02/02 11:43:24 | 000,561,664 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/01/12 17:21:18 | 000,031,872 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\qkbfiltr.sys -- (qkbfiltr)
DRV - [2006/01/04 01:49:00 | 000,243,712 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005/11/30 03:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/05/05 15:27:38 | 000,007,936 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\qmofiltr.sys -- (qmofiltr)
DRV - [2003/09/19 15:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\pfc.sys -- (pfc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2887055782-1908829718-2458293430-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-2887055782-1908829718-2458293430-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=LMW2&o=16046&locale=en_UK&apn_uid=253A84B4-D65D-4367-A92B-C94C04B6500F&apn_ptnrs=OE&apn_sauid=84D52F7A-0521-4EAA-9DBE-E171CD23F7A0&apn_dtid=VIN003YYGB&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/04/02 21:14:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/09 12:21:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/10 22:54:04 | 000,000,000 | ---D | M]

[2009/05/27 21:58:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/05/27 21:58:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/05/08 20:32:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0ewkzahl.default\extensions
[2010/05/31 20:21:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0ewkzahl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/11/09 15:37:43 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0ewkzahl.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2011/06/01 20:27:03 | 000,000,000 | ---D | M] ("LimeWire Toolbar") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0ewkzahl.default\extensions\toolbar@ask.com
[2011/06/08 21:18:10 | 000,002,508 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0ewkzahl.default\searchplugins\askcom-1.xml
[2011/06/06 18:34:04 | 000,002,571 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0ewkzahl.default\searchplugins\askcom.xml
[2011/06/09 12:21:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2010/01/25 12:20:13 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/14 17:41:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2008/02/27 17:57:38 | 000,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npBBCPlugin.dll
[2006/01/18 12:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/06/08 22:39:43 | 000,435,104 | R--- | M]) - C:\Windows\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14977 more lines...
O2 - BHO: (no name) - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-2887055782-1908829718-2458293430-1003\..\Toolbar\WebBrowser: (no name) - {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No CLSID value found.
O3 - HKU\S-1-5-21-2887055782-1908829718-2458293430-1003\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-2887055782-1908829718-2458293430-1003\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-2887055782-1908829718-2458293430-1003\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [Keyboard Manager Utility] C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe (Quanta Computer, INC.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKU\S-1-5-21-2887055782-1908829718-2458293430-1003..\Run: [{25F422B2-0179-380E-19F0-C79EED647D01}] C:\Documents and Settings\Owner\Application Data\Yxugzy\ukifm.exe ()
O4 - HKU\S-1-5-21-2887055782-1908829718-2458293430-1003..\Run: [Glary Memory Optimizer] C:\Program Files\Glary Utilities\memdefrag.exe (Glarysoft Ltd)
O4 - HKU\S-1-5-21-2887055782-1908829718-2458293430-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2887055782-1908829718-2458293430-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\PE_C_ALL USERS\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2887055782-1908829718-2458293430-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2887055782-1908829718-2458293430-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161371274265 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (C:\WINDOWS\system32\BCMLogon.dll) - C:\Windows\system32\BCMLogon.dll (Broadcom Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{f021d48e-c19d-11de-a189-0011f5d75fb7}\Shell - "" = AutoRun
O33 - MountPoints2\{f021d48e-c19d-11de-a189-0011f5d75fb7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f021d48e-c19d-11de-a189-0011f5d75fb7}\Shell\AutoRun\command - "" = E:\DTVP_Launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/09 15:17:02 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/06/09 15:03:31 | 000,000,000 | ---D | C] -- C:\Program Files\hyjackthis
[2011/06/09 15:03:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\HiJackThis
[2011/06/09 15:01:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Yxugzy
[2011/06/09 15:01:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Naib
[2011/06/09 14:09:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/06/09 14:08:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/09 13:39:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\AVG Security Toolbar
[2011/06/09 12:39:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG10
[2011/06/09 12:32:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/06/09 12:32:49 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/06/09 11:55:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/09 11:49:19 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2011/06/09 11:49:08 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/06/09 11:49:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2011/06/09 11:48:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
[2011/06/09 11:44:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Spybot - Search & Destroy
[2011/06/08 22:59:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/06/08 22:43:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/06/08 17:03:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\PIF
[2011/06/08 16:25:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/06/08 15:49:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Recent
[2011/06/06 20:00:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AskToolbar
[2011/06/02 21:32:11 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/31 19:42:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\detail.asp_files
[2011/05/18 22:20:48 | 000,000,000 | ---D | C] -- C:\Program Files\BBC iPlayer Desktop
[2011/05/15 15:36:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Turkey
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/09 15:15:09 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2011/06/09 15:03:31 | 000,002,006 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[2011/06/09 15:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/06/09 14:20:37 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/06/09 13:53:15 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/09 13:31:06 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2011/06/09 12:53:27 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011/06/09 12:53:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/09 12:53:03 | 2674,053,120 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/09 12:21:40 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/09 12:21:40 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/09 11:56:10 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/06/09 11:56:09 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/06/09 11:30:26 | 000,442,778 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/09 11:30:26 | 000,072,230 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/08 23:38:13 | 000,000,367 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/06/08 22:39:43 | 000,435,104 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/08 16:59:09 | 000,321,495 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110608-223943.backup
[2011/06/07 00:06:07 | 000,000,054 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/06/07 00:06:07 | 000,000,039 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/06/06 20:08:39 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~17424164r
[2011/06/06 20:08:39 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~17424164
[2011/06/06 20:04:51 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\17424164
[2011/06/06 19:52:11 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/06/02 21:32:11 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/31 19:42:50 | 000,035,306 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\detail.asp.htm
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/25 02:00:36 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/09 15:15:09 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2011/06/09 15:03:31 | 000,002,006 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[2011/06/09 13:53:44 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/06/09 12:21:40 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/09 12:21:40 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/06/09 12:21:40 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/06/06 22:20:43 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/06/06 22:20:43 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/06/06 21:07:27 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/06/06 20:04:54 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17424164r
[2011/06/06 20:04:54 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17424164
[2011/06/06 20:04:51 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\17424164
[2011/05/31 19:42:48 | 000,035,306 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\detail.asp.htm
[2009/09/06 18:36:16 | 000,027,965 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_JP.dat
[2009/08/18 21:01:01 | 000,056,088 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/10/02 20:04:42 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/01 22:45:41 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2008/10/01 22:45:41 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2008/10/01 22:45:41 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2008/10/01 22:45:41 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2008/10/01 22:45:41 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2008/10/01 22:45:41 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2008/10/01 22:45:41 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2008/10/01 22:45:41 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2008/10/01 22:45:41 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2008/10/01 22:45:41 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2008/10/01 22:45:41 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2008/10/01 22:45:41 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2008/10/01 22:45:41 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2008/10/01 22:45:41 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2008/10/01 22:45:41 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2008/10/01 22:45:41 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2008/10/01 22:45:41 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2008/10/01 22:45:41 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2008/10/01 22:45:41 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/10/01 22:31:19 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX8400DEFGIPS.ini
[2008/05/04 23:08:21 | 000,001,152 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/12/09 18:05:33 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2007/12/02 20:41:47 | 000,002,999 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/10/19 19:32:42 | 000,000,367 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/10/05 21:28:54 | 000,000,227 | ---- | C] () -- C:\WINDOWS\ks.ini
[2007/05/05 17:17:00 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/15 19:52:06 | 000,000,291 | ---- | C] () -- C:\WINDOWS\cncscore.ini
[2007/04/05 10:38:16 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/07 10:22:37 | 000,001,807 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/01/25 19:57:03 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\wltrysvc.exe
[2007/01/25 19:57:03 | 000,003,126 | ---- | C] () -- C:\WINDOWS\System32\bcmwlhom.ini
[2007/01/25 19:57:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2007/01/25 19:57:02 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\AegisI2.exe
[2007/01/25 19:08:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/12/18 17:33:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/12/18 16:23:07 | 000,000,998 | ---- | C] () -- C:\WINDOWS\System32\OemInfo.ini
[2006/12/18 16:23:04 | 000,001,769 | ---- | C] () -- C:\WINDOWS\LETTER.DAT
[2006/12/18 16:22:48 | 000,442,778 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/12/18 16:22:48 | 000,072,230 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/12/18 16:22:47 | 000,265,416 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/12/18 16:22:47 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/12/18 16:22:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/12/18 16:22:15 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/12/18 16:21:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/12/18 16:19:47 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/12/18 16:19:44 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/12/18 16:19:44 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/12/18 16:19:42 | 000,004,520 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/12/18 16:19:40 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/12/18 16:19:39 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/12/18 16:19:29 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/12/18 16:19:29 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/12/18 16:19:28 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2006/12/18 16:19:28 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2006/12/18 16:19:27 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2006/12/18 16:19:27 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2006/12/18 16:19:27 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2006/12/18 16:19:20 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/12/18 16:19:14 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/04/14 12:37:36 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\SetupAux.dll
[1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

< End of report >


Unhooker Logs:


RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2069376 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2069376 bytes
0x804D7000 RAW 2069376 bytes
0x804D7000 WMIxWDM 2069376 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB923D000 C:\WINDOWS\system32\DRIVERS\w39n51.sys 1429504 bytes (Intel® Corporation, Intel® Wireless LAN Driver)
0xB962A000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1400832 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xA89E7000 C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys 1011712 bytes (Conexant Systems, Inc., HSF_DP driver)
0xBF07C000 C:\WINDOWS\System32\ialmdd5.DLL 978944 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xA8930000 C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys 749568 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xA8B18000 C:\WINDOWS\system32\drivers\CHDAud.sys 598016 bytes (Conexant Systems Inc., High Definition Audio Function Driver)
0xB9E1E000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0x9C7B5000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB8DCE000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA0F53000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0x9C419000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF16B000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA0F0C000 C:\WINDOWS\system32\DRIVERS\avgtdix.sys 290816 bytes
0x9BC10000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB9150000 C:\WINDOWS\system32\DRIVERS\yk51x86.sys 245760 bytes (Marvell, NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller)
0xA8ADE000 C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys 237568 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0xBF043000 C:\WINDOWS\System32\ialmdev5.DLL 233472 bytes (Intel Corporation, Component GHAL Driver)
0x9B451000 C:\WINDOWS\system32\drivers\tmcomm.sys 212992 bytes (Trend Micro Inc., TrendMicro Common Module)
0xB8F1E000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 192512 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0x9C6E4000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9DF1000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0x9B4D5000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0x9C825000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB95AB000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0x9C894000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB90B3000 C:\WINDOWS\system32\drivers\tifm21.sys 163840 bytes (Texas Instruments, tifm21.sys)
0x9C8BC000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB8E54000 C:\WINDOWS\system32\DRIVERS\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB910A000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB8E93000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0x9C872000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBF021000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0x9C850000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806D1000 ACPI_HAL 131840 bytes
0x806D1000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x9C3D1000 C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 131072 bytes
0xB9EC2000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F2B000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB9F4A000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xB9DD7000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9EE2000 adpu160m.sys 102400 bytes (Microsoft Corporation, Adaptec Ultra160 SCSI miniport)
0xB9F13000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0x9C761000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB9EFB000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB9EAB000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB8E3D000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x9C657000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB9069000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 81920 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xB9616000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA0FAC000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB8E2C000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xA3030000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA1F8000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA168000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xBA128000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x9E772000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xBA238000 C:\WINDOWS\system32\DRIVERS\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 61440 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xBA118000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0xBA208000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA310F000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB8F8D000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA138000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA0E8000 aic78u2.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra2 SCSI miniport)
0xBA0D8000 aic78xx.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra SCSI miniport)
0xBA108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA1C8000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA248000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA268000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x9E064000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA1E8000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA258000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA298000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA288000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA218000 C:\WINDOWS\System32\Drivers\VcommMgr.sys 40960 bytes (IVT Corporation., Bluetooth VcommMgr Driver)
0x9BB80000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xBA0F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA2D8000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA278000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0x9E762000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0x9E782000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA3D8000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xBA4A8000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA4A0000 C:\WINDOWS\system32\drivers\qkbfiltr.sys 32768 bytes (Quanta Computer, Inc., qkbfiltr.sys)
0xBA338000 symc8xx.sys 32768 bytes (LSI Logic, Symbios 8XX SCSI Miniport Driver)
0xBA340000 sym_u3.sys 32768 bytes (LSI Logic, Symbios Ultra3 SCSI Miniport Driver)
0xBA418000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA350000 avgrkx86.sys 28672 bytes
0xBA468000 C:\WINDOWS\system32\DRIVERS\blueletaudio.sys 28672 bytes (IVT Corporation., Bluelet Audio Driver)
0xBA348000 BTHidMgr.sys 28672 bytes (IVT Corporation., Bluetooth HID Manager Device Driver)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA458000 C:\WINDOWS\system32\DRIVERS\VComm.sys 28672 bytes (IVT Corporation., Bluetooth Serial Port Driver)
0xBA3A0000 C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys 24576 bytes (IVT Corporation., Bluelet Audio Driver)
0xBA3F0000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xBA378000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA3E0000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA400000 C:\WINDOWS\system32\drivers\pfc.sys 24576 bytes (Padus, Inc., Padus® ASPI Shell)
0x9E509000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xBA480000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA440000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x9E511000 C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 20480 bytes
0xA323A000 C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 20480 bytes
0xBA448000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA398000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA3D0000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA370000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xA341D000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0x9EFB5000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 16384 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xBA4D0000 AVGIDSEH.Sys 16384 bytes
0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xBA57C000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x9C6D4000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface DRIVER)
0xB9D56000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA0196000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB9D5E000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xBA4CC000 vbtenum.sys 16384 bytes (IVT Corporation., Bluetooth HID Enumerator Driver)
0xBA4C4000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB9D66000 C:\WINDOWS\system32\DRIVERS\btnetdrv.sys 12288 bytes (IVT Corporation., Bluetooth PAN Network Adapter Driver)
0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xA32E7000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0x9B832000 C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys 12288 bytes
0xB9D76000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xBA4C8000 PzWDM.sys 12288 bytes (Prassi Technology, PzWDM.sys)
0xB9DAF000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA5C6000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0x9DE1F000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xBA5C2000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5AE000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA5CA000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA5CE000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5D6000 C:\WINDOWS\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0xBA5DE000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5D0000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AC000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA6AC000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xA0412000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA7B6000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA671000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
0x8A673A91 Unknown page with executable code, 1391 bytes
0x8A672288 Unknown page with executable code, 3448 bytes
0x8A674191 Unknown page with executable code, 3695 bytes
0xBA0C8000 WARNING: Virus alike driver modification [VolSnap.sys], 53248 bytes
0x8A676E7A Unknown thread object [ ETHREAD 0x8A636720 ] TID: 124, 600 bytes
0x8A679008 Unknown thread object [ ETHREAD 0x8A6364A8 ] TID: 128, 600 bytes
0x8A678CDC Unknown page with executable code, 804 bytes


Thanks in advance

Chris

BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:11 PM

Posted 09 June 2011 - 02:06 PM

Good evening. :)

Download aswMBR.exe from here and save it to your Desktop.

  • Double click the tool to run it.
  • Click the Scan button to, well, start the scan - obvious really!
  • Once the scan reports "Scan finished successfully", which takes less than a minute on my system, click Save log.
  • On my system it offers to save it to the Desktop, which may or may not be it's default behaviour, but it's as handy a place as any.
  • You'll also see a file called MBR.dat appear as well - this is a backup that it created, just in case it's needed. Keep it handy for now.

I'd like the contents of aswMBR.txt in your next reply, if you'd be so kind.

So long, and thanks for all the fish.

 

 


#3 chrislamb33

chrislamb33
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 09 June 2011 - 04:14 PM

Thanks for the quick response, below is the log:

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-06-09 22:12:36
-----------------------------
22:12:36.546 OS Version: Windows 5.1.2600 Service Pack 3
22:12:36.546 Number of processors: 1 586 0xE08
22:12:36.546 ComputerName: MAXDATA-F66BDED UserName: Owner
22:12:40.484 Initialize success
22:12:43.671 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:12:43.671 Disk 0 Vendor: FUJITSU_MHV2040BH 00000029 Size: 38154MB BusType: 3
22:12:45.734 Disk 0 MBR read successfully
22:12:45.734 Disk 0 MBR scan
22:12:45.734 Disk 0 Windows XP default MBR code
22:12:47.843 Disk 0 scanning sectors +78124095
22:12:48.125 Disk 0 scanning C:\WINDOWS\system32\drivers
22:12:57.125 Service scanning
22:12:58.609 Disk 0 trace - called modules:
22:12:58.625 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8a67d1ed]<<
22:12:58.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a713ab8]
22:12:58.625 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a751d98]
22:12:58.625 \Driver\atapi[0x8a69d9a0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x8a67d1ed
22:12:58.625 Scan finished successfully
22:13:13.046 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
22:13:13.046 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"




#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:11 PM

Posted 09 June 2011 - 04:39 PM

Download TDSSKiller.zip from Kaspersky from here and save it to your Desktop.

  • You will then need to extract the file(s) from the zipped folder.
  • To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...
    In the Extraction Wizard window that opens, click on Next> and in the next window that appears, click on Next> again.
    In the final window, click on Finish

  • Please close all open programs as this may result in a reboot being necessary.
  • Double click TDSSKiller.exe to begin.
  • Click Start scan and allow the tool to do just that.
  • One the scan has completed, if the tool has identified anything allow it to carry out it's default action(s) - you'll need to click Continue where appropriate.
  • Finally, if it prompts you to reboot your machine, please click Reboot Now and ensure that your machine does so.
  • If the scan finds nothing, please click the Report button and let me have a copy of the text file that opens.
  • If you reboot your machine, the log, which i'd like to see, will be located at the root of you hard drive as C:\TDSSKiller.Version_Date_Time_log.txt.
    Please check that you get the one with the right date and time. :)

So long, and thanks for all the fish.

 

 


#5 chrislamb33

chrislamb33
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 11 June 2011 - 02:36 PM

hi, I downloaded that file extracted & clicked on the K file, but nothing happened!

I did do another rootkit scan and came up with this:

Type: Key
Object: {E8E27A66-A1AF-4B7A-A54A-00820A1A5093}
Location: HKLM\SYSTEM\ControlSet002\Services\
Details: Invisible to Win32


Edited by chrislamb33, 11 June 2011 - 03:12 PM.


#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:11 PM

Posted 12 June 2011 - 02:17 PM

Good evening. :)

Do you have a flashdrive of at least 128 Mb that you can wipe clean for a little tool to tackle this issue?

So long, and thanks for all the fish.

 

 


#7 chrislamb33

chrislamb33
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 14 June 2011 - 02:22 PM

yes I do

#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:11 PM

Posted 14 June 2011 - 02:37 PM

Please read through all the instructions BEFORE you begin and ask any questions that you may have first. Be aware that an active infection may interfere with the first part of this procedure. If it doesn't go according to instructions, you may have to use a different PC to write the software to the flash drive.

  • Download both this file and this file and save them to your Desktop.
  • Insert your USB flash drive into your PC.
  • Click Start > My Computer, right click your flash drive's icon and select Format > Quick format - this will wipe the contents of the flash drive, so make sure there is nothing of value on there!
  • Double click unetbootin-xpud-windows-version number.exe that you just downloaded and OK any Security Warning that Windows may offer.
  • Select the Diskimage radio button and then click the browse button (the one with three dots on) located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded above by double clicking it.
  • Verify the correct drive letter is selected for your USB device at the bottom and then click OK.
  • The program will install a little bootable OS onto your flash drive.
  • Once the files have been written to the drive you will be prompted to reboot - this isn't necessary, so just click Exit.
  • Next download http://noahdfear.net/downloads/driver.sh to your USB - directly or drag it there when it's downloaded.

The next part is somewhat tricky as it differs on different machines. If you are lucky, then the following will work - if it doesn't, let me know and we'll go for a different angle.
  • If it isn't already there, insert the flash drive into the sick PC and then reboot it.
  • You need to select the OS that is on the stick rather than let Windows take charge, so press F12 and choose to boot from the USB drive before Windows starts loading.
  • Follow the prompts and eventually a Welcome to xPUD screen will appear.
  • Click the File icon on the left.
  • Open the mnt folder by clicking it, just as you do in Windows.
  • You are going to identify the folder that represents to your flash drive.
  • sda1, sda2 etc... will usually be your hard drive(s); sdb1 is likely to be your flash drive.
  • Click on the flash drive folder and check that you can see driver.sh that you downloaded earlier.
  • Next click Tool at the top.
  • Choose Open Terminal - this will open the Linux equivalent of a Command Window in all it's fashionable black livery.
  • Type bash driver.sh and then <ENTER>
  • You now get to sit and watch some text scroll down the Terminal window until it reports Done - which doesn't need any explanation, hopefully!
  • A report will be located on your flash drive called report.txt (an uninspired choice of name I know!), which is the purpose of this little adventure.
  • Click the Home icon on the left and Power off the machine
  • Remove the USB drive and insert back in your working computer and navigate to report.txt

    Please note - all text entries are case sensitive

    Copy and paste the contents of report.txt into your next reply, or let me know if you had any problems.

So long, and thanks for all the fish.

 

 


#9 chrislamb33

chrislamb33
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 14 June 2011 - 04:03 PM

sdb1 folder has no sub folders in; sda1 folder seems to be my current hard drive.

It is also showing device removal popups top right.

Edited by chrislamb33, 14 June 2011 - 04:06 PM.


#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:04:11 PM

Posted 14 June 2011 - 04:37 PM

Try again and this time, if you don't see the flashdrive folder, pull the flashdrive out, count to ten and reinsert it - it should autodetect, fingers crossed! It seems to be an issue that xPud has for some people.

So long, and thanks for all the fish.

 

 


#11 chrislamb33

chrislamb33
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 14 June 2011 - 04:48 PM

tried t twice, light is on on the usb stick but it's not showing up. It says mtn/sg2 unmounted when I remove it.

Edited by chrislamb33, 14 June 2011 - 04:50 PM.


#12 chrislamb33

chrislamb33
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 14 June 2011 - 07:01 PM

Just to let you know, I went on Malwarebytes forum, & someone with the same problem used combofix.exe, they tried it & it worked. I also tried it & it worked, so maybe people with this google redirecting problem should use this process: http://forums.malwarebytes.org/index.php?showtopic=87173&view=findpost&p=441051

Thanks for your time.

Chris




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users