Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack(redirect) issue


  • This topic is locked This topic is locked
21 replies to this topic

#1 kenney1

kenney1

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 15 September 2011 - 02:06 AM

I use Firefox browser and google homepage. When I click on a link am being redirected 50% of the time. I have tried several self help guides with no luck. I would appreciate any help you can offer. I have my system backed up.

Here is my current Logfile using Hijack this:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:44:08 AM, on 9/15/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxducoms.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\SPYCLE~1\SpyWatcher.exe
C:\DOCUME~1\Kenny\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Auslogics\Auslogics BoostSpeed\boostspeed.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Microsoft Forefront Client Security Antimalware Service] "c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Spy Watcher] "C:\PROGRA~1\SPYCLE~1\SpyWatcher.exe" -S
O4 - HKCU\..\Run: [Auslogics BoostSpeed] C:\Program Files\Auslogics\Auslogics BoostSpeed\boostspeed.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kenny\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265032202754
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1265032196082
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxdu_device - - C:\WINDOWS\system32\lxducoms.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - Unknown owner - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (file missing)

--
End of file - 7722 bytes

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:59 PM

Posted 20 September 2011 - 02:10 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/419043 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 kenney1

kenney1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 22 September 2011 - 01:45 AM

I am using XP x86 32 bit. At first I thought I had a hijacker but now I'm not so sure. I think it could be a pop up problem. Basically, most of the time when I click on a link on any page I am either getting a new tab opened with an ad, a new window opened with an ad, or a tab opened with a "302 not found" message. Also my search page continues to run script until I click the stop button. I use the newest firefox version with AdBlock Plus and my popup blockers don't seem to have an affect on the problem.

Here are my logs,

DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Kenny at 1:47:11 on 2011-09-22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1012.388 [GMT

-4:00]
.
AV: Microsoft Forefront Client Security *Enabled/Updated*

{926A3D4F-E4E7-4F47-9902-4EDD55FFE1AF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Forefront\Client

Security\Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Forefront\Client

Security\Client\Antimalware\MSASCui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\SPYCLE~1\SpyWatcher.exe
C:\WINDOWS\system32\igfxext.exe
C:\DOCUME~1\Kenny\LOCALS~1\Temp\RtkBtMnt.exe
svchost.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Auslogics\Auslogics BoostSpeed\boostspeed.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxducoms.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} -

c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} -

c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} -

c:\program files\common files\microsoft shared\windows

live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} -

c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} -

c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Auslogics BoostSpeed] c:\program files\auslogics\auslogics

boostspeed\boostspeed.exe
uRun: [Google Update] "c:\documents and settings\kenny\local

settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe
mRun: [GrooveMonitor] "c:\program files\microsoft

office\office12\GrooveMonitor.exe"
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader

9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Microsoft Forefront Client Security Antimalware Service] "c:\program

files\microsoft forefront\client security\client\antimalware\MSASCui.exe"

-hide
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java

update\jusched.exe"
mRun: [Spy Watcher] "c:\progra~1\spycle~1\SpyWatcher.exe" -S
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\kenny\startm~1\programs\startup\erunta~1.lnk -

c:\program files\erunt\AUTOBACK.EXE
uPolicies-explorer: StartMenuLogOff = 1 (0x1)
uPolicies-explorer: NoFind = 1 (0x1)
uPolicies-explorer: GreyMSIAds = 0 (0x0)
uPolicies-explorer: NoInstrumentation = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program

files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -

{5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows

live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} -

{48E73304-E1D6-4330-914C-F5F514E3486C} -

c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb

_site.cab?1265032202754
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb

_site.cab?1265032196082
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{97EA308F-80F2-43F9-9BD8-DEBAC444BE7D} : DhcpNameServer =

192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program

files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} -

c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\kenny\application

data\mozilla\firefox\profiles\4viroh4j.default\
FF - prefs.js: browser.search.defaulturl -

hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2464976&SearchSource=3&q={se

archTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?rls=ig
FF - plugin: c:\documents and settings\kenny\application

data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\kenny\application

data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\kenny\application

data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec

pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec

pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE

[2011-6-15 249648]
R2 FCSAM;Microsoft Forefront Client Security Antimalware Service;c:\program

files\microsoft forefront\client security\client\antimalware\MsMpEng.exe

[2011-1-8 16896]
R2 FcsSas;Microsoft Forefront Client Security State Assessment

Service;c:\program files\microsoft forefront\client

security\client\ssa\FcsSas.exe [2007-4-6 73120]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-2-1

54752]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service -->

c:\windows\system32\lxducoms.exe -service [?]
R3 M3000Srv;Acer Crystal Eye webcam

Driver;c:\windows\system32\drivers\M3000KNT.sys [2010-2-1 151936]
R3 MpFilter;Microsoft Malware Protection

Driver;c:\windows\system32\drivers\MpFilter.sys [2010-2-1 71296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN

v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe

[2010-3-18 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-2-1 1691480]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE

[2011-7-7 195336]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows

live\family safety\fsssvc.exe [2009-8-5 704864]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2010-2-1 96856]
S3 McComponentHostService;McAfee Security Scan Component Host

Service;"c:\program files\mcafee security scan\2.0.181\mcchsvc.exe" -->

c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [?]
S3 WinRM;Windows Remote Management

(WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache

4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.

exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-09-22 03:00:33 56200 ----a-w- c:\documents and settings\all

users\application data\microsoft\microsoft forefront\client

security\client\antimalware\definition

updates\{8fc57ed7-8f00-496b-9798-bc220e94631d}\offreg.dll
2011-09-22 03:00:29 7269712 ----a-w- c:\documents and settings\all

users\application data\microsoft\microsoft forefront\client

security\client\antimalware\definition

updates\{8fc57ed7-8f00-496b-9798-bc220e94631d}\mpengine.dll
2011-09-15 06:15:50 -------- d-----w- C:\_OTM
2011-09-15 05:45:09 389120 ----a-w-

c:\windows\system32\actskn43.ocx
2011-09-15 05:45:09 143360 ----a-w-

c:\windows\system32\vbuzip10.dll
2011-09-15 05:45:08 147456 ----a-w-

c:\windows\system32\Vbzip11.dll
2011-09-15 05:45:00 10752 ----a-w-

c:\windows\system32\aamd532.dll
2011-09-15 05:44:58 368912 ----a-w-

c:\windows\system32\vbar332.dll
2011-09-15 05:44:57 152848 ----a-w-

c:\windows\system32\COMDLG32.OCX
2011-09-15 05:44:57 -------- d-----w- c:\program files\Spy

Cleaner Gold
2011-09-15 05:40:17 388096 ----a-r- c:\documents and

settings\kenny\application

data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.ex

e
2011-09-15 05:40:15 -------- d-----w- c:\program

files\Trend Micro
2011-09-10 23:06:58 -------- d-----w- c:\program

files\PeerGuardian2
2011-09-09 03:14:06 -------- d-----w- c:\program

files\MSXML 4.0
2011-09-07 18:13:01 312832 ----a-w-

c:\windows\system32\spool\prtprocs\w32x86\hpfpp70v.dll
2011-09-07 18:13:00 123904 ----a-w-

c:\windows\system32\hpf3l70v.dll
2011-09-07 18:12:02 -------- d-----w- c:\program

files\common files\HP
2011-09-07 18:11:44 -------- d-----w- c:\program

files\common files\Hewlett-Packard
2011-09-07 18:11:13 315392 ----a-w-

c:\windows\system32\hposc_p02a.dll
2011-09-07 18:11:12 966656 ----a-w-

c:\windows\system32\hpost_p02d.dll
2011-09-07 18:11:12 712704 ----a-w-

c:\windows\system32\hposwia_p02d.dll
2011-09-07 18:11:12 372736 ----a-w-

c:\windows\system32\hppldcoi.dll
2011-09-07 18:11:11 21568 ----a-w-

c:\windows\system32\drivers\HPZius12.sys
2011-09-07 18:11:10 16496 ----a-w-

c:\windows\system32\drivers\HPZipr12.sys
2011-09-07 18:11:08 49920 ----a-w-

c:\windows\system32\drivers\HPZid412.sys
2011-09-07 18:11:04 452408 ----a-w-

c:\windows\system32\hpzids01.dll
2011-09-07 18:09:17 -------- d-----w- c:\program files\HP
2011-08-26 01:26:33 -------- d-----w- C:\90cd3ed26877892a0c
.
==================== Find3M ====================
.
2011-09-09 09:12:13 599040 ----a-w-

c:\windows\system32\crypt32.dll
2011-09-08 02:27:11 404640 ----a-w-

c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-19 09:42:36 2768896 ----a-w- c:\windows\yzmatrix.scr
2011-07-19 09:42:31 28672 ----a-w- c:\windows\vidcap.ax
2011-07-19 09:42:25 217088 ----a-w-

c:\windows\system32\yv12vfw.dll
2011-07-19 09:42:21 368640 ----a-w-

c:\windows\system32\WsmRes.dll
2011-07-19 09:42:21 12288 ----a-w-

c:\windows\system32\wsmplpxy.dll
2011-07-19 09:42:20 356352 ----a-w- c:\windows\system32\wpdsp.dll
2011-07-19 09:42:20 225280 ----a-w-

c:\windows\system32\wsmanhttpconfig.exe
2011-07-19 09:42:17 4096 ----a-w-

c:\windows\system32\WMVADVE.DLL
2011-07-19 09:42:17 4096 ----a-w-

c:\windows\system32\WMVADVD.dll
2011-07-19 09:42:16 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-07-19 09:42:14 12288 ----a-w-

c:\windows\system32\winrssrv.dll
2011-07-19 09:42:13 69632 ----a-w- c:\windows\system32\winrs.exe
2011-07-19 09:41:18 712704 ----a-w-

c:\windows\system32\windowscodecs.dll
2011-07-19 09:41:16 4096 ----a-w-

c:\windows\system32\wdfapi.dll
2011-07-19 09:41:07 28672 ----a-w-

c:\windows\system32\verclsid.exe
2011-07-19 09:41:03 258048 ----a-w-

c:\windows\system32\Uninstall_eRecovery.exe
2011-07-19 09:41:02 8192 ----a-w-

c:\windows\system32\tssoft32.acm
2011-07-19 09:41:01 110592 ----a-w-

c:\windows\system32\SynTPCo4.dll
2011-07-19 09:41:00 90112 ----a-w-

c:\windows\system32\sqlsrv32.rll
2011-07-19 09:41:00 442368 ----a-w-

c:\windows\system32\sqlsrv32.dll
2011-07-19 09:41:00 200704 ----a-w-

c:\windows\system32\SynCtrl.dll
2011-07-19 09:40:54 69632 ----a-w-

c:\windows\system32\spool\prtprocs\w32x86\CNMPP8Z.DLL
2011-07-19 09:39:55 86016 ----a-w-

c:\windows\system32\sl_anet.acm
2011-07-19 09:39:51 1056768 ----a-w-

c:\windows\system32\ROBOEX32.DLL
2011-07-19 09:39:15 94208 ----a-w-

c:\windows\system32\QuickTimeVR.qtx
2011-07-19 09:39:15 69632 ----a-w-

c:\windows\system32\QuickTime.qts
2011-07-19 09:39:15 3596288 ----a-w-

c:\windows\system32\qt-dx331.dll
2011-07-19 09:37:53 249856 ----a-w-

c:\windows\system32\drmupgds.exe
2011-07-19 09:37:51 20480 ----a-w-

c:\windows\system32\drivers\secdrv.sys
2011-07-19 09:37:47 90112 ----a-w-

c:\windows\system32\dpl100.dll
2011-07-19 09:37:41 28672 ----a-w-

c:\windows\system32\dbnmpntw.dll
2011-07-19 09:37:41 24576 ----a-w-

c:\windows\system32\dbmsrpcn.dll
2011-07-19 09:37:40 53248 ----a-w- c:\windows\system32\CSVer.dll
2011-07-19 09:37:34 159744 ----a-w-

c:\windows\system32\CloseProcessWindow.dll
2011-07-19 09:37:34 106496 ----a-w-

c:\windows\system32\CNCFMSd.EXE
2011-07-19 09:37:33 77824 ----a-w-

c:\windows\system32\cliconfg.dll
2011-07-19 09:37:33 258048 ----a-w-

c:\windows\system32\CheckD2DSystem.exe
2011-07-19 09:37:33 24576 ----a-w-

c:\windows\system32\cliconfg.rll
2011-07-19 09:37:33 20480 ----a-w-

c:\windows\system32\cliconfg.exe
2011-07-19 09:37:33 16384 ----a-w-

c:\windows\system32\ClearEvent.exe
2011-07-19 09:34:15 118784 ----a-w-

c:\windows\system32\ac3acm.acm
2011-07-19 09:25:09 626688 ----a-w- c:\windows\Image.dll
2011-07-19 09:22:40 155648 ----a-w- c:\windows\AngUinst.exe
2011-07-19 09:22:38 319488 ----a-w- c:\windows\Acer Crystal Eye

webcam.exe
2011-07-15 13:29:31 456320 ----a-w-

c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w-

c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10:36 139656 ----a-w-

c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 1:48:21.39 ===============




GMER:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-22 02:35:03
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600BEVT-22ZCT0 rev.11.01A11
Running: gmer.exe; Driver: C:\DOCUME~1\Kenny\LOCALS~1\Temp\kwtdrpod.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\Kenny\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Auslogics\Auslogics BoostSpeed\boostspeed.exe[976] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 5983D95D C:\Program Files\Auslogics\Auslogics BoostSpeed\madExcept_.bpl
.text C:\Program Files\Mozilla Firefox\firefox.exe[2392] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00401410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

#4 kenney1

kenney1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 22 September 2011 - 01:48 AM

I tried to attach the DDS "attach" file with winrar but it said I am not permitted to attach that type of file. So, I attached it as a txt file. Hope that's ok.

Attached Files



#5 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:59 AM

Posted 22 September 2011 - 07:31 AM

Hello and welcome to BleepingComputer! :)



I am Blind Faith and I will be helping you out with your problem. Firstly, you should know that we are working with specific tools which are destined to idetifying the possible threats present on your system so I will analyze the results they produce.


As a start we need to have some more up-to-date logs than the ones you have already provided. The current state of the files on your system might have changed so we need to get a clear look on that step. DO NOT bring any changes to the system except the ones I tell you to as that may produce more damage than helping us.

If you will encounter a delay of over 2 days from me, please don't hesitate and private message me.
Do not forget to check your topic periodically and subscribe to the topic so that you can receive notifications regarding my replies.



Please generate another DDS log (download it from here if you haven't already) and post it in your next reply along with other changes that may have occured since you last posted.
Also download and run GMER from this link: GMER download link.



Thank you very much for your patience.




Regards,

Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#6 kenney1

kenney1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 22 September 2011 - 07:19 PM

I just ran and posted the dds and gmer logs about 16 hours ago, and I haven't touched my system since then except to check this thread. Do you want me to run another one?

#7 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:59 AM

Posted 23 September 2011 - 12:27 PM

No, this time there is enough information, just wait for my next reply now. :)

I will come back shortly.


Thank you for your patience,


Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#8 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:59 AM

Posted 25 September 2011 - 02:48 AM

Hi there,


I am having a hard time reading your DDS log so I would want you to do me a favour. :)
Run DDS again and when the Notepad window pops up, on the top of it, you will see "Format" and the option WordWrap ticked.
Please untick it and copy paste the log as it is given after the modification.






Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#9 kenney1

kenney1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 25 September 2011 - 05:52 PM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Kenny at 1:47:11 on 2011-09-22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1012.388 [GMT -4:00]
.
AV: Microsoft Forefront Client Security *Enabled/Updated* {926A3D4F-E4E7-4F47-9902-4EDD55FFE1AF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\SPYCLE~1\SpyWatcher.exe
C:\WINDOWS\system32\igfxext.exe
C:\DOCUME~1\Kenny\LOCALS~1\Temp\RtkBtMnt.exe
svchost.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Auslogics\Auslogics BoostSpeed\boostspeed.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxducoms.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Auslogics BoostSpeed] c:\program files\auslogics\auslogics boostspeed\boostspeed.exe
uRun: [Google Update] "c:\documents and settings\kenny\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Microsoft Forefront Client Security Antimalware Service] "c:\program files\microsoft forefront\client security\client\antimalware\MSASCui.exe" -hide
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Spy Watcher] "c:\progra~1\spycle~1\SpyWatcher.exe" -S
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\kenny\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
uPolicies-explorer: StartMenuLogOff = 1 (0x1)
uPolicies-explorer: NoFind = 1 (0x1)
uPolicies-explorer: GreyMSIAds = 0 (0x0)
uPolicies-explorer: NoInstrumentation = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265032202754
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1265032196082
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{97EA308F-80F2-43F9-9BD8-DEBAC444BE7D} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\kenny\application data\mozilla\firefox\profiles\4viroh4j.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2464976&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?rls=ig
FF - plugin: c:\documents and settings\kenny\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\kenny\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\kenny\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
R2 FCSAM;Microsoft Forefront Client Security Antimalware Service;c:\program files\microsoft forefront\client security\client\antimalware\MsMpEng.exe [2011-1-8 16896]
R2 FcsSas;Microsoft Forefront Client Security State Assessment Service;c:\program files\microsoft forefront\client security\client\ssa\FcsSas.exe [2007-4-6 73120]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-2-1 54752]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R3 M3000Srv;Acer Crystal Eye webcam Driver;c:\windows\system32\drivers\M3000KNT.sys [2010-2-1 151936]
R3 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-2-1 71296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-2-1 1691480]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2010-2-1 96856]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\mcafee security scan\2.0.181\mcchsvc.exe" --> c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-09-22 03:00:33 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft forefront\client security\client\antimalware\definition updates\{8fc57ed7-8f00-496b-9798-bc220e94631d}\offreg.dll
2011-09-22 03:00:29 7269712 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft forefront\client security\client\antimalware\definition updates\{8fc57ed7-8f00-496b-9798-bc220e94631d}\mpengine.dll
2011-09-15 06:15:50 -------- d-----w- C:\_OTM
2011-09-15 05:45:09 389120 ----a-w- c:\windows\system32\actskn43.ocx
2011-09-15 05:45:09 143360 ----a-w- c:\windows\system32\vbuzip10.dll
2011-09-15 05:45:08 147456 ----a-w- c:\windows\system32\Vbzip11.dll
2011-09-15 05:45:00 10752 ----a-w- c:\windows\system32\aamd532.dll
2011-09-15 05:44:58 368912 ----a-w- c:\windows\system32\vbar332.dll
2011-09-15 05:44:57 152848 ----a-w- c:\windows\system32\COMDLG32.OCX
2011-09-15 05:44:57 -------- d-----w- c:\program files\Spy Cleaner Gold
2011-09-15 05:40:17 388096 ----a-r- c:\documents and settings\kenny\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-09-15 05:40:15 -------- d-----w- c:\program files\Trend Micro
2011-09-10 23:06:58 -------- d-----w- c:\program files\PeerGuardian2
2011-09-09 03:14:06 -------- d-----w- c:\program files\MSXML 4.0
2011-09-07 18:13:01 312832 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpfpp70v.dll
2011-09-07 18:13:00 123904 ----a-w- c:\windows\system32\hpf3l70v.dll
2011-09-07 18:12:02 -------- d-----w- c:\program files\common files\HP
2011-09-07 18:11:44 -------- d-----w- c:\program files\common files\Hewlett-Packard
2011-09-07 18:11:13 315392 ----a-w- c:\windows\system32\hposc_p02a.dll
2011-09-07 18:11:12 966656 ----a-w- c:\windows\system32\hpost_p02d.dll
2011-09-07 18:11:12 712704 ----a-w- c:\windows\system32\hposwia_p02d.dll
2011-09-07 18:11:12 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2011-09-07 18:11:11 21568 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2011-09-07 18:11:10 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2011-09-07 18:11:08 49920 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2011-09-07 18:11:04 452408 ----a-w- c:\windows\system32\hpzids01.dll
2011-09-07 18:09:17 -------- d-----w- c:\program files\HP
2011-08-26 01:26:33 -------- d-----w- C:\90cd3ed26877892a0c
.
==================== Find3M ====================
.
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-08 02:27:11 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-19 09:42:36 2768896 ----a-w- c:\windows\yzmatrix.scr
2011-07-19 09:42:31 28672 ----a-w- c:\windows\vidcap.ax
2011-07-19 09:42:25 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2011-07-19 09:42:21 368640 ----a-w- c:\windows\system32\WsmRes.dll
2011-07-19 09:42:21 12288 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-07-19 09:42:20 356352 ----a-w- c:\windows\system32\wpdsp.dll
2011-07-19 09:42:20 225280 ----a-w- c:\windows\system32\wsmanhttpconfig.exe
2011-07-19 09:42:17 4096 ----a-w- c:\windows\system32\WMVADVE.DLL
2011-07-19 09:42:17 4096 ----a-w- c:\windows\system32\WMVADVD.dll
2011-07-19 09:42:16 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-07-19 09:42:14 12288 ----a-w- c:\windows\system32\winrssrv.dll
2011-07-19 09:42:13 69632 ----a-w- c:\windows\system32\winrs.exe
2011-07-19 09:41:18 712704 ----a-w- c:\windows\system32\windowscodecs.dll
2011-07-19 09:41:16 4096 ----a-w- c:\windows\system32\wdfapi.dll
2011-07-19 09:41:07 28672 ----a-w- c:\windows\system32\verclsid.exe
2011-07-19 09:41:03 258048 ----a-w- c:\windows\system32\Uninstall_eRecovery.exe
2011-07-19 09:41:02 8192 ----a-w- c:\windows\system32\tssoft32.acm
2011-07-19 09:41:01 110592 ----a-w- c:\windows\system32\SynTPCo4.dll
2011-07-19 09:41:00 90112 ----a-w- c:\windows\system32\sqlsrv32.rll
2011-07-19 09:41:00 442368 ----a-w- c:\windows\system32\sqlsrv32.dll
2011-07-19 09:41:00 200704 ----a-w- c:\windows\system32\SynCtrl.dll
2011-07-19 09:40:54 69632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPP8Z.DLL
2011-07-19 09:39:55 86016 ----a-w- c:\windows\system32\sl_anet.acm
2011-07-19 09:39:51 1056768 ----a-w- c:\windows\system32\ROBOEX32.DLL
2011-07-19 09:39:15 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-19 09:39:15 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-07-19 09:39:15 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2011-07-19 09:37:53 249856 ----a-w- c:\windows\system32\drmupgds.exe
2011-07-19 09:37:51 20480 ----a-w- c:\windows\system32\drivers\secdrv.sys
2011-07-19 09:37:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2011-07-19 09:37:41 28672 ----a-w- c:\windows\system32\dbnmpntw.dll
2011-07-19 09:37:41 24576 ----a-w- c:\windows\system32\dbmsrpcn.dll
2011-07-19 09:37:40 53248 ----a-w- c:\windows\system32\CSVer.dll
2011-07-19 09:37:34 159744 ----a-w- c:\windows\system32\CloseProcessWindow.dll
2011-07-19 09:37:34 106496 ----a-w- c:\windows\system32\CNCFMSd.EXE
2011-07-19 09:37:33 77824 ----a-w- c:\windows\system32\cliconfg.dll
2011-07-19 09:37:33 258048 ----a-w- c:\windows\system32\CheckD2DSystem.exe
2011-07-19 09:37:33 24576 ----a-w- c:\windows\system32\cliconfg.rll
2011-07-19 09:37:33 20480 ----a-w- c:\windows\system32\cliconfg.exe
2011-07-19 09:37:33 16384 ----a-w- c:\windows\system32\ClearEvent.exe
2011-07-19 09:34:15 118784 ----a-w- c:\windows\system32\ac3acm.acm
2011-07-19 09:25:09 626688 ----a-w- c:\windows\Image.dll
2011-07-19 09:22:40 155648 ----a-w- c:\windows\AngUinst.exe
2011-07-19 09:22:38 319488 ----a-w- c:\windows\Acer Crystal Eye webcam.exe
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 1:48:21.39 ===============

#10 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:59 AM

Posted 27 September 2011 - 06:25 AM

Hi there :) ,




Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.




Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#11 kenney1

kenney1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 28 September 2011 - 01:04 AM

The TDSS scan said there were no infections. Here is the log:


02:00:14.0859 3096 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43
02:00:15.0765 3096 ============================================================
02:00:15.0765 3096 Current date / time: 2011/09/28 02:00:15.0765
02:00:15.0765 3096 SystemInfo:
02:00:15.0765 3096
02:00:15.0765 3096 OS Version: 5.1.2600 ServicePack: 3.0
02:00:15.0765 3096 Product type: Workstation
02:00:15.0765 3096 ComputerName: ASPIRE
02:00:15.0765 3096 UserName: Kenny
02:00:15.0765 3096 Windows directory: C:\WINDOWS
02:00:15.0765 3096 System windows directory: C:\WINDOWS
02:00:15.0765 3096 Processor architecture: Intel x86
02:00:15.0765 3096 Number of processors: 2
02:00:15.0765 3096 Page size: 0x1000
02:00:15.0765 3096 Boot type: Normal boot
02:00:15.0765 3096 ============================================================
02:00:18.0640 3096 Initialize success
02:00:24.0281 2740 ============================================================
02:00:24.0281 2740 Scan started
02:00:24.0281 2740 Mode: Manual;
02:00:24.0281 2740 ============================================================
02:00:25.0578 2740 Abiosdsk - ok
02:00:25.0593 2740 abp480n5 - ok
02:00:25.0671 2740 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
02:00:25.0718 2740 ACPI - ok
02:00:25.0750 2740 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
02:00:25.0812 2740 ACPIEC - ok
02:00:25.0906 2740 adpu160m - ok
02:00:25.0953 2740 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
02:00:26.0046 2740 aec - ok
02:00:26.0109 2740 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
02:00:26.0109 2740 AFD - ok
02:00:26.0125 2740 Aha154x - ok
02:00:26.0140 2740 aic78u2 - ok
02:00:26.0156 2740 aic78xx - ok
02:00:26.0187 2740 AliIde - ok
02:00:26.0312 2740 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
02:00:26.0484 2740 Ambfilt - ok
02:00:26.0500 2740 amsint - ok
02:00:26.0625 2740 AR5416 (c413e2e549488a5f1969decb5b03187a) C:\WINDOWS\system32\DRIVERS\athw.sys
02:00:26.0828 2740 AR5416 - ok
02:00:26.0843 2740 asc - ok
02:00:26.0859 2740 asc3350p - ok
02:00:26.0875 2740 asc3550 - ok
02:00:26.0984 2740 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
02:00:27.0031 2740 AsyncMac - ok
02:00:27.0109 2740 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
02:00:27.0109 2740 atapi - ok
02:00:27.0125 2740 Atdisk - ok
02:00:27.0140 2740 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
02:00:27.0265 2740 Atmarpc - ok
02:00:27.0312 2740 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
02:00:27.0328 2740 audstub - ok
02:00:27.0375 2740 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
02:00:27.0421 2740 Beep - ok
02:00:27.0453 2740 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
02:00:27.0484 2740 cbidf2k - ok
02:00:27.0500 2740 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
02:00:27.0531 2740 CCDECODE - ok
02:00:27.0531 2740 cd20xrnt - ok
02:00:27.0546 2740 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
02:00:27.0640 2740 Cdaudio - ok
02:00:27.0671 2740 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
02:00:27.0734 2740 Cdfs - ok
02:00:27.0796 2740 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
02:00:27.0859 2740 Cdrom - ok
02:00:27.0875 2740 Changer - ok
02:00:27.0937 2740 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
02:00:27.0968 2740 CmBatt - ok
02:00:27.0984 2740 CmdIde - ok
02:00:28.0000 2740 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
02:00:28.0031 2740 Compbatt - ok
02:00:28.0062 2740 Cpqarray - ok
02:00:28.0078 2740 dac2w2k - ok
02:00:28.0093 2740 dac960nt - ok
02:00:28.0125 2740 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
02:00:28.0171 2740 Disk - ok
02:00:28.0203 2740 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
02:00:28.0265 2740 DKbFltr - ok
02:00:28.0328 2740 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
02:00:28.0437 2740 dmboot - ok
02:00:28.0453 2740 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
02:00:28.0515 2740 dmio - ok
02:00:28.0531 2740 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
02:00:28.0546 2740 dmload - ok
02:00:28.0609 2740 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
02:00:28.0656 2740 DMusic - ok
02:00:28.0687 2740 dpti2o - ok
02:00:28.0718 2740 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
02:00:28.0734 2740 drmkaud - ok
02:00:28.0796 2740 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
02:00:28.0843 2740 Fastfat - ok
02:00:28.0906 2740 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
02:00:28.0953 2740 Fdc - ok
02:00:29.0015 2740 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
02:00:29.0078 2740 Fips - ok
02:00:29.0109 2740 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
02:00:29.0156 2740 Flpydisk - ok
02:00:29.0203 2740 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
02:00:29.0265 2740 FltMgr - ok
02:00:29.0328 2740 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
02:00:29.0390 2740 fssfltr - ok
02:00:29.0421 2740 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
02:00:29.0437 2740 Fs_Rec - ok
02:00:29.0468 2740 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
02:00:29.0500 2740 Ftdisk - ok
02:00:29.0546 2740 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
02:00:29.0609 2740 Gpc - ok
02:00:29.0640 2740 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
02:00:29.0718 2740 HDAudBus - ok
02:00:29.0765 2740 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
02:00:29.0781 2740 HidUsb - ok
02:00:29.0812 2740 hpn - ok
02:00:29.0875 2740 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
02:00:29.0953 2740 HPZid412 - ok
02:00:29.0968 2740 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
02:00:30.0015 2740 HPZipr12 - ok
02:00:30.0031 2740 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
02:00:30.0093 2740 HPZius12 - ok
02:00:30.0171 2740 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
02:00:30.0171 2740 HTTP - ok
02:00:30.0187 2740 i2omgmt - ok
02:00:30.0203 2740 i2omp - ok
02:00:30.0265 2740 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
02:00:30.0328 2740 i8042prt - ok
02:00:30.0671 2740 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
02:00:31.0046 2740 ialm - ok
02:00:31.0171 2740 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
02:00:31.0265 2740 Imapi - ok
02:00:31.0296 2740 ini910u - ok
02:00:31.0343 2740 int15.sys (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Acer\Empowering Technology\eRecovery\int15.sys
02:00:31.0390 2740 int15.sys - ok
02:00:31.0734 2740 IntcAzAudAddService (2e9cdf1766fa55e88443e1ef48923bc8) C:\WINDOWS\system32\drivers\RtkHDAud.sys
02:00:32.0140 2740 IntcAzAudAddService - ok
02:00:32.0171 2740 IntelIde - ok
02:00:32.0218 2740 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
02:00:32.0265 2740 intelppm - ok
02:00:32.0296 2740 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
02:00:32.0343 2740 Ip6Fw - ok
02:00:32.0406 2740 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
02:00:32.0453 2740 IpFilterDriver - ok
02:00:32.0515 2740 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
02:00:32.0546 2740 IpInIp - ok
02:00:32.0593 2740 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
02:00:32.0625 2740 IpNat - ok
02:00:32.0687 2740 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
02:00:32.0781 2740 IPSec - ok
02:00:32.0843 2740 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
02:00:32.0859 2740 IRENUM - ok
02:00:32.0937 2740 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
02:00:33.0000 2740 isapnp - ok
02:00:33.0078 2740 JMCR (da971cfc625d13636e04c405948e9d62) C:\WINDOWS\system32\DRIVERS\jmcr.sys
02:00:33.0203 2740 JMCR - ok
02:00:33.0234 2740 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
02:00:33.0296 2740 Kbdclass - ok
02:00:33.0359 2740 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
02:00:33.0390 2740 kbdhid - ok
02:00:33.0468 2740 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
02:00:33.0484 2740 kmixer - ok
02:00:33.0531 2740 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys
02:00:33.0578 2740 KMWDFILTER - ok
02:00:33.0625 2740 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
02:00:33.0625 2740 KSecDD - ok
02:00:33.0656 2740 lbrtfdc - ok
02:00:33.0734 2740 M3000Srv (29ed05c1dafd2e830dfe48de212dd34f) C:\WINDOWS\system32\Drivers\M3000KNT.sys
02:00:33.0781 2740 M3000Srv - ok
02:00:33.0828 2740 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
02:00:33.0859 2740 mnmdd - ok
02:00:33.0890 2740 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
02:00:33.0921 2740 Modem - ok
02:00:34.0046 2740 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
02:00:34.0156 2740 Monfilt - ok
02:00:34.0203 2740 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
02:00:34.0250 2740 Mouclass - ok
02:00:34.0312 2740 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
02:00:34.0343 2740 mouhid - ok
02:00:34.0375 2740 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
02:00:34.0453 2740 MountMgr - ok
02:00:34.0500 2740 MpFilter (356842aac621ab40f18992c01a590f71) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
02:00:34.0546 2740 MpFilter - ok
02:00:34.0562 2740 mraid35x - ok
02:00:34.0578 2740 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
02:00:34.0625 2740 MRxDAV - ok
02:00:34.0718 2740 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
02:00:34.0734 2740 MRxSmb - ok
02:00:34.0781 2740 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
02:00:34.0828 2740 Msfs - ok
02:00:34.0890 2740 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
02:00:34.0906 2740 MSKSSRV - ok
02:00:34.0921 2740 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
02:00:34.0953 2740 MSPCLOCK - ok
02:00:34.0968 2740 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
02:00:35.0000 2740 MSPQM - ok
02:00:35.0031 2740 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
02:00:35.0078 2740 mssmbios - ok
02:00:35.0093 2740 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
02:00:35.0125 2740 MSTEE - ok
02:00:35.0156 2740 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
02:00:35.0156 2740 Mup - ok
02:00:35.0203 2740 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
02:00:35.0296 2740 NABTSFEC - ok
02:00:35.0359 2740 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
02:00:35.0453 2740 NDIS - ok
02:00:35.0468 2740 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
02:00:35.0515 2740 NdisIP - ok
02:00:35.0562 2740 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
02:00:35.0562 2740 NdisTapi - ok
02:00:35.0609 2740 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
02:00:35.0656 2740 Ndisuio - ok
02:00:35.0718 2740 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
02:00:35.0812 2740 NdisWan - ok
02:00:35.0843 2740 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
02:00:35.0843 2740 NDProxy - ok
02:00:35.0890 2740 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
02:00:35.0937 2740 NetBIOS - ok
02:00:35.0968 2740 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
02:00:36.0031 2740 NetBT - ok
02:00:36.0078 2740 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
02:00:36.0140 2740 Npfs - ok
02:00:36.0218 2740 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
02:00:36.0296 2740 Ntfs - ok
02:00:36.0359 2740 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
02:00:36.0390 2740 Null - ok
02:00:36.0453 2740 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
02:00:36.0500 2740 NwlnkFlt - ok
02:00:36.0546 2740 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
02:00:36.0609 2740 NwlnkFwd - ok
02:00:36.0656 2740 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
02:00:36.0765 2740 Parport - ok
02:00:36.0781 2740 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
02:00:36.0828 2740 PartMgr - ok
02:00:36.0875 2740 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
02:00:36.0890 2740 ParVdm - ok
02:00:36.0921 2740 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
02:00:36.0984 2740 PCI - ok
02:00:37.0000 2740 PCIDump - ok
02:00:37.0015 2740 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
02:00:37.0031 2740 PCIIde - ok
02:00:37.0062 2740 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
02:00:37.0109 2740 Pcmcia - ok
02:00:37.0109 2740 PDCOMP - ok
02:00:37.0125 2740 PDFRAME - ok
02:00:37.0140 2740 PDRELI - ok
02:00:37.0156 2740 PDRFRAME - ok
02:00:37.0171 2740 perc2 - ok
02:00:37.0187 2740 perc2hib - ok
02:00:37.0265 2740 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
02:00:37.0312 2740 PptpMiniport - ok
02:00:37.0328 2740 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
02:00:37.0406 2740 PSched - ok
02:00:37.0468 2740 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
02:00:37.0500 2740 Ptilink - ok
02:00:37.0515 2740 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
02:00:37.0578 2740 PxHelp20 - ok
02:00:37.0578 2740 ql1080 - ok
02:00:37.0593 2740 Ql10wnt - ok
02:00:37.0609 2740 ql12160 - ok
02:00:37.0625 2740 ql1240 - ok
02:00:37.0640 2740 ql1280 - ok
02:00:37.0656 2740 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
02:00:37.0671 2740 RasAcd - ok
02:00:37.0687 2740 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
02:00:37.0750 2740 Rasl2tp - ok
02:00:37.0781 2740 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
02:00:37.0828 2740 RasPppoe - ok
02:00:37.0843 2740 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
02:00:37.0859 2740 Raspti - ok
02:00:37.0890 2740 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
02:00:37.0984 2740 Rdbss - ok
02:00:38.0000 2740 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
02:00:38.0015 2740 RDPCDD - ok
02:00:38.0078 2740 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
02:00:38.0187 2740 rdpdr - ok
02:00:38.0234 2740 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
02:00:38.0234 2740 RDPWD - ok
02:00:38.0281 2740 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
02:00:38.0343 2740 redbook - ok
02:00:38.0406 2740 RTLE8023xp (c6d34a1874cd2b212dc3e788091c64b4) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
02:00:38.0515 2740 RTLE8023xp - ok
02:00:38.0578 2740 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
02:00:38.0609 2740 Secdrv - ok
02:00:38.0671 2740 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
02:00:38.0812 2740 Serial - ok
02:00:38.0859 2740 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
02:00:38.0875 2740 Sfloppy - ok
02:00:38.0906 2740 Simbad - ok
02:00:38.0937 2740 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
02:00:38.0968 2740 SLIP - ok
02:00:38.0984 2740 Sparrow - ok
02:00:39.0046 2740 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
02:00:39.0062 2740 splitter - ok
02:00:39.0140 2740 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
02:00:39.0234 2740 sr - ok
02:00:39.0312 2740 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
02:00:39.0328 2740 Srv - ok
02:00:39.0375 2740 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
02:00:39.0406 2740 streamip - ok
02:00:39.0437 2740 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
02:00:39.0453 2740 swenum - ok
02:00:39.0515 2740 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
02:00:39.0593 2740 swmidi - ok
02:00:39.0609 2740 symc810 - ok
02:00:39.0625 2740 symc8xx - ok
02:00:39.0640 2740 sym_hi - ok
02:00:39.0656 2740 sym_u3 - ok
02:00:39.0718 2740 SynTP (409f7eeb079d6154ccb26a02e6e27844) C:\WINDOWS\system32\DRIVERS\SynTP.sys
02:00:39.0812 2740 SynTP - ok
02:00:39.0890 2740 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
02:00:39.0968 2740 sysaudio - ok
02:00:40.0062 2740 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
02:00:40.0062 2740 Tcpip - ok
02:00:40.0125 2740 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
02:00:40.0156 2740 TDPIPE - ok
02:00:40.0187 2740 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
02:00:40.0234 2740 TDTCP - ok
02:00:40.0265 2740 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
02:00:40.0312 2740 TermDD - ok
02:00:40.0343 2740 TosIde - ok
02:00:40.0406 2740 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
02:00:40.0468 2740 Udfs - ok
02:00:40.0484 2740 ultra - ok
02:00:40.0546 2740 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
02:00:40.0578 2740 Update - ok
02:00:40.0656 2740 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
02:00:40.0703 2740 usbccgp - ok
02:00:40.0750 2740 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
02:00:40.0796 2740 usbehci - ok
02:00:40.0843 2740 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
02:00:40.0921 2740 usbhub - ok
02:00:40.0968 2740 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
02:00:41.0015 2740 usbprint - ok
02:00:41.0062 2740 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
02:00:41.0078 2740 usbscan - ok
02:00:41.0125 2740 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
02:00:41.0156 2740 usbstor - ok
02:00:41.0218 2740 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
02:00:41.0250 2740 usbuhci - ok
02:00:41.0296 2740 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
02:00:41.0328 2740 usbvideo - ok
02:00:41.0390 2740 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
02:00:41.0421 2740 VgaSave - ok
02:00:41.0437 2740 ViaIde - ok
02:00:41.0500 2740 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
02:00:41.0562 2740 VolSnap - ok
02:00:41.0625 2740 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
02:00:41.0671 2740 Wanarp - ok
02:00:41.0687 2740 WDICA - ok
02:00:41.0734 2740 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
02:00:41.0812 2740 wdmaud - ok
02:00:41.0906 2740 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
02:00:41.0937 2740 WmiAcpi - ok
02:00:42.0000 2740 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
02:00:42.0046 2740 WpdUsb - ok
02:00:42.0093 2740 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
02:00:42.0125 2740 WSTCODEC - ok
02:00:42.0156 2740 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
02:00:42.0265 2740 WudfPf - ok
02:00:42.0265 2740 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
02:00:42.0359 2740 WudfRd - ok
02:00:42.0406 2740 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
02:00:42.0593 2740 \Device\Harddisk0\DR0 - ok
02:00:42.0609 2740 Boot (0x1200) (2175c8748c42d0fff44dfe57967e0531) \Device\Harddisk0\DR0\Partition0
02:00:42.0609 2740 \Device\Harddisk0\DR0\Partition0 - ok
02:00:42.0609 2740 ============================================================
02:00:42.0609 2740 Scan finished
02:00:42.0609 2740 ============================================================
02:00:42.0625 1512 Detected object count: 0
02:00:42.0625 1512 Actual detected object count: 0

#12 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:59 AM

Posted 29 September 2011 - 05:32 AM

Hi there,



Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.






Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#13 kenney1

kenney1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 29 September 2011 - 11:13 AM

ComboFix log:

ComboFix 11-09-29.03 - Kenny 09/29/2011 11:55:08.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1012.565 [GMT -4:00]
Running from: c:\documents and settings\Kenny\My Documents\Downloads FF\ComboFix.exe
AV: Microsoft Forefront Client Security *Enabled/Updated* {926A3D4F-E4E7-4F47-9902-4EDD55FFE1AF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Kenny\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Kenny\Local Settings\Application Data\ApplicationHistory\ClearEvent.exe.63cbec34.ini.inuse
c:\documents and settings\Kenny\Local Settings\Application Data\ApplicationHistory\eRecoveryUI.exe.2bfa3c13.ini
c:\documents and settings\Kenny\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Kenny\WINDOWS
c:\windows\system32\autorun.ini
.
.
((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-29 )))))))))))))))))))))))))))))))
.
.
2011-09-29 15:40 . 2011-09-29 15:40 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-09-29 15:40 . 2011-09-29 15:40 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-09-29 15:40 . 2011-09-29 15:40 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2011-09-29 15:40 . 2011-09-29 15:40 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2011-09-29 15:40 . 2011-09-29 15:40 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2011-09-29 15:40 . 2011-09-29 15:40 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2011-09-29 15:40 . 2011-09-29 15:40 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2011-09-29 15:40 . 2011-09-29 15:40 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2011-09-29 15:40 . 2011-09-29 15:40 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2011-09-29 15:40 . 2011-09-29 15:40 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2011-09-29 15:40 . 2011-09-29 15:40 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2011-09-29 15:40 . 2011-09-29 15:40 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2011-09-29 15:39 . 2011-09-29 15:39 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2011-09-29 15:39 . 2011-09-29 15:39 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2011-09-29 15:39 . 2011-09-29 15:39 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2011-09-29 15:39 . 2011-09-29 15:39 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2011-09-29 15:39 . 2011-09-29 15:39 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2011-09-29 07:03 . 2011-09-29 15:39 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\{2D7D7545-B00F-4435-BDDF-7FE8F85157C3}\offreg.dll
2011-09-29 07:02 . 2011-09-12 23:14 7269712 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\{2D7D7545-B00F-4435-BDDF-7FE8F85157C3}\mpengine.dll
2011-09-28 13:11 . 2011-09-28 13:11 -------- d-----w- c:\documents and settings\Kenny\Local Settings\Application Data\uTorrent
2011-09-27 08:41 . 2011-09-27 09:13 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-09-27 08:41 . 2011-09-27 08:41 -------- d-----w- c:\program files\AVAST Software
2011-09-15 06:15 . 2011-09-15 06:15 -------- d-----w- C:\_OTM
2011-09-15 06:08 . 2011-09-15 06:09 -------- d-----w- c:\program files\ERUNT
2011-09-15 05:45 . 2003-05-15 01:07 389120 ----a-w- c:\windows\system32\actskn43.ocx
2011-09-15 05:45 . 1998-12-02 13:11 143360 ----a-w- c:\windows\system32\vbuzip10.dll
2011-09-15 05:45 . 2003-01-26 19:48 147456 ----a-w- c:\windows\system32\Vbzip11.dll
2011-09-15 05:45 . 1999-04-18 03:36 10752 ----a-w- c:\windows\system32\aamd532.dll
2011-09-15 05:44 . 1998-04-24 04:00 368912 ----a-w- c:\windows\system32\vbar332.dll
2011-09-15 05:44 . 2011-09-28 13:23 -------- d-----w- c:\program files\Spy Cleaner Gold
2011-09-15 05:44 . 2004-03-09 07:30 152848 ----a-w- c:\windows\system32\COMDLG32.OCX
2011-09-15 05:40 . 2011-09-15 05:40 388096 ----a-r- c:\documents and settings\Kenny\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-15 05:40 . 2011-09-15 05:40 -------- d-----w- c:\program files\Trend Micro
2011-09-10 23:06 . 2011-09-29 14:29 -------- d-----w- c:\program files\PeerGuardian2
2011-09-09 03:14 . 2011-09-09 03:14 -------- d-----w- c:\program files\MSXML 4.0
2011-09-07 18:13 . 2009-04-16 18:08 312832 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp70v.dll
2011-09-07 18:13 . 2009-04-16 18:08 123904 ----a-w- c:\windows\system32\hpf3l70v.dll
2011-09-07 18:12 . 2011-09-07 18:12 -------- d-----w- c:\program files\Common Files\HP
2011-09-07 18:11 . 2011-09-07 18:11 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2011-09-07 18:11 . 2009-02-11 11:03 315392 ----a-w- c:\windows\system32\hposc_p02a.dll
2011-09-07 18:11 . 2009-02-11 11:03 966656 ----a-w- c:\windows\system32\hpost_p02d.dll
2011-09-07 18:11 . 2009-02-11 11:03 712704 ----a-w- c:\windows\system32\hposwia_p02d.dll
2011-09-07 18:11 . 2008-10-29 00:27 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2011-09-07 18:11 . 2008-10-29 00:27 21568 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2011-09-07 18:11 . 2008-10-29 00:27 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2011-09-07 18:11 . 2008-10-29 00:27 49920 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2011-09-07 18:11 . 2009-04-16 11:53 452408 ----a-w- c:\windows\system32\hpzids01.dll
2011-09-07 18:09 . 2011-09-07 18:11 -------- d-----w- c:\program files\HP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-27 09:04 . 2011-05-13 22:53 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-12 23:14 . 2010-02-01 17:34 7269712 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Forefront\Client Security\Client\Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-09 09:12 . 2008-04-14 09:41 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-19 09:42 . 2006-09-15 06:39 2768896 ----a-w- c:\windows\yzmatrix.scr
2011-07-19 09:42 . 2010-02-01 13:43 28672 ----a-w- c:\windows\vidcap.ax
2011-07-19 09:42 . 2010-02-17 22:19 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2011-07-19 09:42 . 2009-10-09 20:22 368640 ----a-w- c:\windows\system32\WsmRes.dll
2011-07-19 09:42 . 2009-10-09 18:56 12288 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-07-19 09:42 . 2009-10-09 18:56 225280 ----a-w- c:\windows\system32\wsmanhttpconfig.exe
2011-07-19 09:42 . 2006-10-19 02:47 356352 ----a-w- c:\windows\system32\wpdsp.dll
2011-07-19 09:42 . 2006-10-19 02:47 4096 ----a-w- c:\windows\system32\WMVADVE.DLL
2011-07-19 09:42 . 2006-10-19 02:47 4096 ----a-w- c:\windows\system32\WMVADVD.dll
2011-07-19 09:42 . 2010-10-14 02:54 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-07-19 09:42 . 2009-10-09 18:56 12288 ----a-w- c:\windows\system32\winrssrv.dll
2011-07-19 09:42 . 2009-10-09 20:22 69632 ----a-w- c:\windows\system32\winrs.exe
2011-07-19 09:41 . 2008-04-14 09:42 712704 ----a-w- c:\windows\system32\windowscodecs.dll
2011-07-19 09:41 . 2006-10-19 02:47 4096 ----a-w- c:\windows\system32\wdfapi.dll
2011-07-19 09:41 . 2008-04-14 09:42 28672 ----a-w- c:\windows\system32\verclsid.exe
2011-07-19 09:41 . 2010-06-11 19:00 258048 ----a-w- c:\windows\system32\Uninstall_eRecovery.exe
2011-07-19 09:41 . 2004-08-04 12:00 8192 ----a-w- c:\windows\system32\tssoft32.acm
2011-07-19 09:41 . 2010-02-01 13:38 110592 ----a-w- c:\windows\system32\SynTPCo4.dll
2011-07-19 09:41 . 2010-02-01 13:38 200704 ----a-w- c:\windows\system32\SynCtrl.dll
2011-07-19 09:41 . 2008-04-14 09:42 442368 ----a-w- c:\windows\system32\sqlsrv32.dll
2011-07-19 09:41 . 2008-04-14 02:56 90112 ----a-w- c:\windows\system32\sqlsrv32.rll
2011-07-19 09:40 . 2010-04-06 13:04 69632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP8Z.DLL
2011-07-19 09:39 . 2008-04-14 09:40 86016 ----a-w- c:\windows\system32\sl_anet.acm
2011-07-19 09:39 . 2010-04-15 00:29 1056768 ----a-w- c:\windows\system32\ROBOEX32.DLL
2011-07-19 09:39 . 2010-09-08 15:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-19 09:39 . 2010-09-08 15:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-07-19 09:39 . 2010-02-17 22:19 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2011-07-19 09:38 . 2009-01-07 23:20 24576 ----a-w- c:\windows\system32\nlsdl.dll
2011-07-19 09:38 . 2010-02-17 22:09 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-07-19 09:38 . 2010-02-17 22:09 344064 ----a-w- c:\windows\system32\msvcr70.dll
2011-07-19 09:38 . 2010-02-17 22:19 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-07-19 09:38 . 2004-08-04 12:00 1355776 ----a-w- c:\windows\system32\msvbvm50.dll
2011-07-19 09:38 . 2010-01-29 17:28 188416 ----a-w- c:\windows\system32\msh261.drv
2011-07-19 09:38 . 2009-03-08 19:22 49152 ----a-w- c:\windows\system32\msrating.dll.mui
2011-07-19 09:38 . 2008-04-14 05:42 294912 ----a-w- c:\windows\system32\msh263.drv
2011-07-19 09:38 . 2010-01-29 17:29 118784 ----a-w- c:\windows\system32\msg723.acm
2011-07-19 09:38 . 2006-10-19 02:47 212992 ----a-w- c:\windows\system32\MFPLAT.dll
2011-07-19 09:38 . 2010-02-01 13:43 233472 ----a-w- c:\windows\system32\M3000DIF.dll
2011-07-19 09:38 . 2010-07-21 18:52 860160 ----a-w- c:\windows\system32\lxduusb1.dll
2011-07-19 09:38 . 2010-07-21 18:52 40960 ----a-w- c:\windows\system32\lxduvs.dll
2011-07-19 09:38 . 2009-07-14 12:59 544768 ----a-w- c:\windows\system32\lxduutil.dll
2011-07-19 09:38 . 2010-07-21 18:52 1069056 ----a-w- c:\windows\system32\lxduserv.dll
2011-07-19 09:38 . 2010-07-21 18:52 651264 ----a-w- c:\windows\system32\lxdupmui.dll
2011-07-19 09:38 . 2010-07-21 18:52 364544 ----a-w- c:\windows\system32\lxduinpa.dll
2011-07-19 09:38 . 2009-07-14 13:06 106496 ----a-w- c:\windows\system32\lxduinsr.dll
2011-07-19 09:38 . 2009-07-14 13:06 147456 ----a-w- c:\windows\system32\lxdujswr.dll
2011-07-19 09:38 . 2009-07-14 13:04 200704 ----a-w- c:\windows\system32\lxduinsb.dll
2011-07-19 09:38 . 2009-07-14 13:02 176128 ----a-w- c:\windows\system32\lxduins.dll
2011-07-19 09:38 . 2010-07-21 18:52 323584 ----a-w- c:\windows\system32\lxduih.exe
2011-07-19 09:38 . 2010-07-21 18:52 684032 ----a-w- c:\windows\system32\lxduhbn3.dll
2011-07-19 09:38 . 2010-07-21 18:52 339968 ----a-w- c:\windows\system32\lxduiesc.dll
2011-07-19 09:38 . 2010-07-21 18:52 208896 ----a-w- c:\windows\system32\lxdugrd.dll
2011-07-19 09:38 . 2010-07-21 18:48 1036288 ----a-w- c:\windows\system32\lxdudrs.dll
2011-07-19 09:38 . 2009-07-14 13:06 36864 ----a-w- c:\windows\system32\lxducur.dll
2011-07-19 09:38 . 2010-07-21 18:52 376832 ----a-w- c:\windows\system32\lxducomm.dll
2011-07-19 09:38 . 2009-07-14 13:04 90112 ----a-w- c:\windows\system32\lxducub.dll
2011-07-19 09:38 . 2009-07-14 13:02 77824 ----a-w- c:\windows\system32\lxducu.dll
2011-07-19 09:38 . 2009-10-16 01:32 409600 ----a-w- c:\windows\system32\lxducoin.dll
2011-07-19 09:38 . 2010-07-21 18:52 364544 ----a-w- c:\windows\system32\lxducfg.exe
2011-07-19 09:38 . 2010-07-21 18:48 69632 ----a-w- c:\windows\system32\lxducnv4.dll
2011-07-19 09:38 . 2010-07-21 18:48 81920 ----a-w- c:\windows\system32\lxducaps.dll
2011-07-19 09:38 . 2010-02-17 22:19 839680 ----a-w- c:\windows\system32\lameACM.acm
2011-07-19 09:38 . 2004-08-04 12:00 65536 ----a-w- c:\windows\system32\jgsh400.dll
2011-07-19 09:38 . 2010-04-23 21:19 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-19 09:38 . 2010-04-15 00:29 49152 ----a-w- c:\windows\system32\INETWH32.dll
2011-07-19 09:38 . 2008-04-14 09:39 16384 ----a-w- c:\windows\system32\imaadp32.acm
2011-07-19 09:38 . 2010-02-01 13:36 294912 ----a-w- c:\windows\system32\igldev32.dll
2011-07-19 09:38 . 2010-02-01 13:36 2334720 ----a-w- c:\windows\system32\iglicd32.dll
2011-07-19 09:38 . 2010-02-01 13:36 172032 ----a-w- c:\windows\system32\igfxrtrk.lrc
2011-07-19 09:38 . 2010-02-01 13:36 172032 ----a-w- c:\windows\system32\igfxrsve.lrc
2011-07-19 09:38 . 2010-02-01 13:36 163840 ----a-w- c:\windows\system32\igfxrtha.lrc
2011-07-19 09:38 . 2010-02-01 13:36 172032 ----a-w- c:\windows\system32\igfxrslv.lrc
2011-07-19 09:38 . 2010-02-01 13:36 180224 ----a-w- c:\windows\system32\igfxrrus.lrc
2011-07-19 09:38 . 2010-02-01 13:36 180224 ----a-w- c:\windows\system32\igfxrptg.lrc
2011-07-19 09:38 . 2010-02-01 13:36 180224 ----a-w- c:\windows\system32\igfxrptb.lrc
2011-07-19 09:38 . 2010-02-01 13:36 180224 ----a-w- c:\windows\system32\igfxrplk.lrc
2011-07-19 09:38 . 2010-02-01 13:36 176128 ----a-w- c:\windows\system32\igfxrsky.lrc
2011-07-19 09:38 . 2010-02-01 13:36 188416 ----a-w- c:\windows\system32\igfxrita.lrc
2011-07-19 09:38 . 2010-02-01 13:36 131072 ----a-w- c:\windows\system32\igfxrjpn.lrc
2011-07-19 09:38 . 2010-02-01 13:36 126976 ----a-w- c:\windows\system32\igfxrkor.lrc
2011-07-19 09:38 . 2010-02-01 13:36 188416 ----a-w- c:\windows\system32\igfxrnld.lrc
2011-07-19 09:38 . 2010-02-01 13:36 176128 ----a-w- c:\windows\system32\igfxrnor.lrc
2011-07-19 09:38 . 2010-02-01 13:36 184320 ----a-w- c:\windows\system32\igfxrfra.lrc
2011-07-19 09:38 . 2010-02-01 13:36 155648 ----a-w- c:\windows\system32\igfxrheb.lrc
2011-07-19 09:38 . 2010-02-01 13:36 188416 ----a-w- c:\windows\system32\igfxresp.lrc
2011-07-19 09:38 . 2010-02-01 13:36 180224 ----a-w- c:\windows\system32\igfxrhun.lrc
2011-07-19 09:38 . 2010-02-01 13:36 176128 ----a-w- c:\windows\system32\igfxrfin.lrc
2011-07-19 09:38 . 2010-02-01 13:36 172032 ----a-w- c:\windows\system32\igfxrenu.lrc
2011-07-19 09:38 . 2010-02-01 13:36 176128 ----a-w- c:\windows\system32\igfxrcsy.lrc
2011-07-19 09:38 . 2010-02-01 13:36 172032 ----a-w- c:\windows\system32\igfxrdan.lrc
2011-07-19 09:38 . 2010-02-01 13:36 192512 ----a-w- c:\windows\system32\igfxrell.lrc
2011-07-19 09:38 . 2010-02-01 13:36 192512 ----a-w- c:\windows\system32\igfxrdeu.lrc
2011-07-19 09:38 . 2010-02-01 13:36 110592 ----a-w- c:\windows\system32\igfxrcht.lrc
2011-07-19 09:38 . 2010-02-01 13:36 110592 ----a-w- c:\windows\system32\igfxrchs.lrc
2011-07-19 09:38 . 2010-02-01 13:36 159744 ----a-w- c:\windows\system32\igfxrara.lrc
2011-07-19 09:38 . 2010-02-01 13:36 204800 ----a-w- c:\windows\system32\igfxpph.dll
2011-07-19 09:38 . 2010-02-01 13:36 135168 ----a-w- c:\windows\system32\igfxdo.dll
2011-09-08 02:24 . 2011-03-28 10:53 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Auslogics BoostSpeed"="c:\program files\Auslogics\Auslogics BoostSpeed\boostspeed.exe" [2010-02-10 480368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1044480]
"RTHDCPL"="RTHDCPL.EXE" [2009-12-23 18789920]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2009-12-11 59936]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-09-04 425984]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-14 821768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Spy Watcher"="c:\progra~1\SPYCLE~1\SpyWatcher.exe" [2005-04-07 557056]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\Kenny\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"GreyMSIAds"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FCSAM]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M3000Mnt]
M3000Rmv.dll [X]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\lxducoms.exe"=
"c:\\Documents and Settings\\Kenny\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3443:TCP"= 3443:TCP:https://webconnect.csx.com/
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 5:33 PM 249648]
R2 FCSAM;Microsoft Forefront Client Security Antimalware Service;c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe [1/8/2011 5:06 PM 16896]
R2 FcsSas;Microsoft Forefront Client Security State Assessment Service;c:\program files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe [4/6/2007 5:12 AM 73120]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2/1/2010 9:41 AM 1691480]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 7:31 PM 195336]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2/1/2010 9:41 AM 96856]
S3 M3000Srv;Acer Crystal Eye webcam Driver;c:\windows\system32\drivers\M3000KNT.sys [2/1/2010 9:43 AM 151936]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/14/2008 5:42 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2011-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-413027322-299502267-1004Core.job
- c:\documents and settings\Kenny\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-18 01:22]
.
2011-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-413027322-299502267-1004UA.job
- c:\documents and settings\Kenny\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-18 01:22]
.
2011-09-29 c:\windows\Tasks\MP Scheduled Quick Scan.job
- c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe [2011-01-08 21:06]
.
2011-09-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe [2011-01-08 21:06]
.
2011-09-29 c:\windows\Tasks\MP Scheduled Signature Update.job
- c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe [2011-01-08 21:06]
.
2011-09-29 c:\windows\Tasks\User_Feed_Synchronization-{FA9BFCE8-2C93-4A05-B933-FB0A2B9F1F82}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Kenny\Application Data\Mozilla\Firefox\Profiles\4viroh4j.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2464976&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?rls=ig
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-29 12:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-09-29 12:06:59
ComboFix-quarantined-files.txt 2011-09-29 16:06
.
Pre-Run: 51,307,175,936 bytes free
Post-Run: 51,275,919,360 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 85D46A1ED529CC76C757A6EDEAFE7E07

#14 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:59 AM

Posted 30 September 2011 - 01:41 PM

Hi there,



Please tell me which are the remaining problems, are you still encountering redirects?






Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#15 kenney1

kenney1
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 01 October 2011 - 04:26 AM

Yes, I am still getting redirects. It's confusing to me though. Sometimes I will get a redirect in a new tab, and sometimes it will be in a new window like a pop-up. In the original window the correct page opens and there is an incorrect window opening on top like a pop-up. When a new tab opens it is the incorrect window and the original tab stays on the original page. It's confusing to me whether this is a pop-up or a hijacker, or both. It's so strange to me that I even questioned myself if my ISP could somehow be sending me ads. I don't know. Just really confused.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users