Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

REDIRECTION TO ADVERTISING SITE (ALWAYS SAME)


  • This topic is locked This topic is locked
51 replies to this topic

#1 Perun

Perun

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 10 November 2011 - 04:02 PM

Hello,
you guys are my last chance (before clean install, & similar solutions).

I came into troubles about 10 days ago - using "hydemyass.com" (anonimous proxy surfing service). Until then, I fot redirected every time I try to type "hyde...) to "secredir.com/?sov=hydemyass.com" and than to advertising
site "http://videorewardspace.com/?sov=124991", some kind of fake advertising - this happens in Firefox, Chrome, IE6, even installed some unknown browser).
Since I am not new to PCs (over 20 years since DOS etc) hoped I'll solve this on my own.
After 5 or more lost days, I'm in dilemma "to format or not to format".
According to www and advises from your and some similar sites, I tried a lot of tools proposed- from TDSS killer, RootRepeal,Gmer, Eset Online Scanner, Hijack This, even Combofix...long list.
None of it found anything, maybe some of them made some damage. Now some of my icons are lost from systray (like Avira-free), from time to time crashes of Win Explorer. etc
Guess I was lucky to use hydemy... otherwise I could'nt yous google searches.
Not to forget: desktop, dual Intel processors 2932, Win PRO 5.1.2600, service pack 2600, IE 6 (I dont use it, never updated), 2 HDD 540&600 Gb
After reading about MBR viruses (non of tools detected it) I got pretty scarry
Protection: Avira free edition, Super Antispyware free, Prevx free, Online Armour Free (I know, all free editions, but everything worked fine for 2 years...)

For the beggining this is tonight Hijack This log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:01:55, on 10/11/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Emsisoft\Online Armor\OAcat.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Emsisoft\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\VMSnap3.exe
C:\Program Files\MultiScreen\MultiScreen.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Emsisoft\Online Armor\oaui.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Emsisoft\Online Armor\OAhlp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: SafeOnline BHO - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\WINDOWS\system32\PxSecure.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.exe
O4 - HKLM\..\Run: [MultiScreen] C:\Program Files\MultiScreen\MultiScreen.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Emsisoft\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [ASUS Update Checker] C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O15 - Trusted IP range: http://192.168.1.1
O15 - ESC Trusted IP range: http://192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Emsisoft Anti-Malware 6.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Emsisoft\Online Armor\OAcat.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Emsisoft\Online Armor\oasrv.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe

I can enclose some other ones, but TDSS, MBAM and a lot of them found nothing.

Of course, I'm not worried cause I can't go to "hydemy..." but because my machine is not clean.

Thanks in advance

BC AdBot (Login to Remove)

 


#2 Perun

Perun
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 12 November 2011 - 12:03 PM

In adittion, waiting for reply, I'm sending DDS and GMER logs as per instructions (first post was written in hurry, slowly getting sick of everything :cold: )

-Ark_txt.zip - GMER log file (had to zip-it, cause of warning "file too big to upload...or something"
-DDS - dds.txt and attach.txt

Looking forward for your reply &all the best

Attached Files



#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:42 PM

Posted 13 November 2011 - 10:39 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 Perun

Perun
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 15 November 2011 - 03:26 PM

Hello,
thanks for replying anyway, I see you guys has a lot of work.
As per instructions, I used Defogger to stop CD emulations, next follows DDS logs:

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_29
Run by Milan at 21:05:56 on 2011-11-15
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.413 [GMT 1:00]
.
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *Disabled*
FW: Norton Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Emsisoft\Online Armor\OAcat.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\VMSnap3.exe
C:\Program Files\MultiScreen\MultiScreen.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://google.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: SafeOnline BHO: {69d72956-317c-44bd-b369-8e44d4ef9801} - c:\windows\system32\PxSecure.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [VMSnap3] c:\windows\VMSnap3.exe
mRun: [MultiScreen] c:\program files\multiscreen\MultiScreen.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [@OnlineArmor GUI] "c:\program files\emsisoft\online armor\oaui.exe"
mRun: [ASUS Update Checker] c:\program files\asus\asusupdate\updatechecker\UpdateChecker.exe
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\DownloadPDF.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.1/jinstall-1_4_1_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C1955FEB-7EC3-4253-9C85-7A2FE792E798} : DhcpNameServer = 192.168.1.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: TPSvc - TPSvc.dll
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\emsisoft\online~1\oaevent.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\milan\application data\mozilla\firefox\profiles\xq163d71.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\3.0.40818.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-3-16 32008]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-11-2 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-11-2 69392]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\emsisoft anti-malware\a2ddax86.sys [2011-11-8 17904]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-11-11 11608]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrv.sys [2011-9-2 22312]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-7-24 202064]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-7-24 25000]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2010-7-24 29272]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2011-11-8 2979280]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-11-11 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-11-11 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-11-11 66616]
R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2010-3-16 6416120]
R2 OAcat;Online Armor Helper Service;c:\program files\emsisoft\online armor\oacat.exe [2010-7-24 380784]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-3-16 76696]
R2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-3-16 26096]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-11-2 33552]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-2-15 2134256]
R3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [2010-3-6 480128]
R3 ZSMC0303;A4 TECH PC Camera H;c:\windows\system32\drivers\usbVM303.sys [2010-3-6 1472768]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;c:\windows\system32\drivers\szkg.sys --> c:\windows\system32\drivers\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2010-11-19 38856]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-4 136176]
S2 SvcOnlineArmor;Online Armor;c:\program files\emsisoft\online armor\oasrv.exe [2010-7-24 3652696]
S3 avisfltr;avisfltr;c:\windows\system32\drivers\avisfltr.sys [2011-11-11 327368]
S3 cpuz134;cpuz134;\??\c:\program files\cpuid\pc wizard 2010\pcwiz_x32.sys --> c:\program files\cpuid\pc wizard 2010\pcwiz_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-4 136176]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-10-31 23624]
S3 IOCTLfuzzer;IOCTLfuzzer;\??\c:\windows\system32\drivers\ioctlfuzzer.sys --> c:\windows\system32\drivers\IOCTLfuzzer.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\7a.tmp --> c:\windows\system32\7A.tmp [?]
S3 Normandy;Normandy SR2; [x]
S3 protecter.sys;protecter.sys;c:\documents and settings\milan\local settings\temp\bdremovaltool\protecter.sys [2011-11-11 11520]
S3 rk_remover-boot;rk_remover-boot;c:\windows\system32\drivers\rk_remover.sys [2011-11-6 53248]
.
=============== Created Last 30 ================
.
2011-11-11 01:19:23 327368 ----a-w- c:\windows\system32\drivers\avisfltr.sys
2011-11-11 01:05:28 309320 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2011-11-10 22:11:22 -------- d-----w- c:\program files\common files\iS3
2011-11-09 22:02:54 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-08 19:13:36 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-11-05 23:10:10 53248 ----a-w- c:\windows\system32\drivers\rk_remover.sys
2011-11-04 13:15:24 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-11-04 01:08:00 -------- d-----w- c:\program files\Sophos
2011-11-03 18:55:22 -------- d-----w- c:\program files\ESET
2011-11-03 18:32:22 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-03 18:32:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-03 17:17:58 -------- d-----w- c:\program files\McAfee Security Scan
2011-11-03 14:58:24 -------- d-----w- c:\documents and settings\milan\application data\Avant Downloader
2011-11-02 23:24:17 -------- d-----w- c:\program files\SpywareBlaster
2011-11-02 21:14:48 69392 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2011-11-02 21:14:48 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2011-11-02 21:14:47 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2011-11-02 21:14:43 -------- d-----w- c:\program files\ThreatFire
2011-11-02 21:14:43 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2011-11-02 19:09:39 -------- d-----w- c:\documents and settings\milan\DoctorWeb
2011-11-01 00:42:10 134464 ----a-w- c:\windows\system32\LnkProtect.dll
2011-10-31 17:27:14 388096 ----a-r- c:\documents and settings\milan\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-10-31 17:27:10 -------- d-----w- c:\program files\Trend Micro
2011-10-31 11:27:48 -------- d-sha-r- C:\cmdcons
2011-10-31 11:27:46 -------- d-----w- c:\windows\setup.pss
2011-10-31 11:27:29 -------- d-----w- c:\windows\setupupd
2011-10-31 00:52:19 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-10-31 00:51:33 -------- d-----w- c:\documents and settings\all users\application data\Hitman Pro
2011-10-30 21:20:05 -------- d-----w- c:\program files\PC Tools Security
2011-10-30 18:11:17 -------- d-----w- c:\documents and settings\all users\application data\STOPzilla!
2011-10-30 15:51:44 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2011-10-30 15:51:44 75264 ----a-w- c:\windows\system32\unacev2.dll
2011-10-30 15:51:44 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2011-10-30 15:51:44 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2011-10-30 15:51:44 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2011-10-30 12:21:32 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-10-28 21:59:10 154 ---ha-w- C:\aaw7boot.cmd
2011-10-28 20:34:36 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-10-28 20:31:13 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-10-27 17:17:17 -------- d-----w- c:\documents and settings\milan\application data\Malwarebytes
2011-10-27 17:17:07 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-10-21 17:46:06 -------- d-----w- c:\documents and settings\milan\application data\adma
2011-10-20 12:07:05 266360 ----a-w- c:\windows\system32\TweakUI.exe
.
==================== Find3M ====================
.
2011-11-09 22:02:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-13 21:17:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-13 09:49:36 71880 ----a-w- c:\windows\system32\PxSecure.dll
2011-09-13 09:49:34 32008 ----a-w- c:\windows\system32\drivers\pxscan.sys
2011-09-13 09:49:33 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2011-09-13 09:49:32 26096 ----a-w- c:\windows\system32\drivers\pxkbf.sys
.
============= FINISH: 21:06:58.53 ===============

Malwarebytes' Anti-Malware version 1.51.2.1300
Media Player Classic - Home Cinema v1.4.2499.0
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ Run Time Lib Setup
Mozilla Firefox 8.0 (x86 en-US)
MSXML 6.0 Parser (KB933579)
MultiScreen
MyDB Studio 1.3
MySQL Connector/ODBC 5.1
MySQL Server 5.1
MySQL Workbench 5.2 CE
Notepad++
Online Armor 4.5
OpenOffice.org 3.3
PageBreeze Free HTML Editor
PDFill PDF Editor with FREE Writer and Free Tools
Photo Pos Pro
PicPick
Platform
PremiumSoft Navicat Lite 9.0
Prevx
Programming Microsoft ASP.NET 2.0 Core Reference
QMC
Quit Counter
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
REALTEK GbE & FE Ethernet PCI-E NIC Driver
RealUpgrade 1.1
Rootkit Unhooker LE 3.8 SR 2
SEO SpyGlass
Serif PhotoPlus SE
Skype™ 5.5
Sophos Anti-Rootkit 1.5.4
SpywareBlaster 4.4
SUPERAntiSpyware Free Edition
ThreatFire
Total Commander (Remove or Repair)
Tweak UI
VIA Platform Device Manager
VP-EYE
WebDwarf V2
WebFldrs XP
Winamp
WinDirStat 1.1.2
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live ID Sign-in Assistant
WinMerge 2.12.4
Xilisoft Video Converter Ultimate 6
.
==== Event Viewer Messages From Past Week ========
.
11/11/2011 02:42:36, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
11/11/2011 02:42:36, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/11/2011 02:24:47, error: Service Control Manager [7034] - The Online Armor service terminated unexpectedly. It has done this 1 time(s).
11/11/2011 02:19:39, error: Service Control Manager [7000] - The protecter.sys service failed to start due to the following error: The system cannot find the device specified.
10/11/2011 23:58:46, error: PlugPlayManager [11] - The device Root\LEGACY_NULL\0000 disappeared from the system without first being prepared for removal.
10/11/2011 23:58:27, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the service.
10/11/2011 23:57:57, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the szserver service.
10/11/2011 23:19:17, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Null
10/11/2011 00:48:04, error: atapi [9] - The device, \Device\Ide\IdePort2, did not respond within the timeout period.
09/11/2011 20:08:24, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
09/11/2011 20:08:24, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
09/11/2011 20:08:16, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: szkg5 szkgfs
09/11/2011 20:07:42, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 90E6BAD475D8 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
09/11/2011 00:55:50, error: Service Control Manager [7031] - The Emsisoft Anti-Malware 6.0 - Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
.
==== End Of File ===========================

And finally RK Unhooker log

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0xF6D22000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 4452352 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xBF1EE000 C:\WINDOWS\System32\ati3duag.dll 3014656 bytes (ATI Technologies Inc. , ati3duag.dll)
0xBF4CE000 C:\WINDOWS\System32\ativvaxx.dll 2142208 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2142208 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2142208 bytes
0x804D7000 RAW 2142208 bytes
0x804D7000 WMIxWDM 2142208 bytes
0xAE593000 C:\WINDOWS\system32\drivers\viahduaa.sys 2129920 bytes (VIA Technologies, Inc., VIA High Definition Audio Function Driver)
0xBF800000 Win32k 1839104 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1839104 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xAE102000 C:\WINDOWS\System32\Drivers\usbVM303.sys 1474560 bytes (Vimicro Corporation, Video and Capture Device Driver)
0xBF068000 C:\WINDOWS\System32\ati2cqag.dll 651264 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xF71F1000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBF107000 C:\WINDOWS\System32\atikvmag.dll 552960 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xAE08C000 C:\WINDOWS\system32\drivers\vvftav303.sys 483328 bytes (Vimicro Corporation, Filter Prototype)
0xAE359000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xBF18E000 C:\WINDOWS\System32\atiok3x2.dll 393216 bytes (ATI Technologies Inc., Ring 0 x2 component)
0xAE4D8000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 352256 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xAACE7000 C:\WINDOWS\system32\DRIVERS\srv.sys 339968 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xAA5C4000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF6BDC000 C:\WINDOWS\system32\DRIVERS\update.sys 212992 bytes (Microsoft Corporation, Update Driver)
0xF6C38000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 200704 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xAE3C8000 C:\WINDOWS\system32\drivers\OADriver.sys 196608 bytes
0xF7358000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xAAEF2000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF71C4000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xAE3F8000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 180224 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xA9D4F000 C:\WINDOWS\system32\drivers\kmixer.sys 172032 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xAE48F000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xAE332000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 159744 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0xF7302000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF6CE9000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 151552 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xF6C80000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF6CA3000 C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 143360 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )
0xF6CC6000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xAE445000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xAE7C3000 C:\WINDOWS\system32\drivers\portcls.sys 139264 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xAE4B7000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0xAE424000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 135168 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806E2000 ACPI_HAL 134400 bytes
0x806E2000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF72CB000 fltMgr.sys 126976 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7328000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xAE7E5000 C:\WINDOWS\system32\drivers\AtiHdmi.sys 110592 bytes (ATI Research Inc., Ati High Definition Audio Function Driver)
0xF71A9000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF72EA000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xAE074000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xAB50C000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 94208 bytes (Avira GmbH, Avira Minifilter Driver)
0xF727E000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF6C69000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xAB05E000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6D0E000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAE530000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF72A6000 TfSysMon.sys 77824 bytes (PC Tools, ThreatFire System Monitor)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF72B9000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7347000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xAB4FB000 C:\WINDOWS\System32\drivers\pxrts.sys 69632 bytes (Prevx, Prevx Realtime Security)
0xF7295000 TfFsMon.sys 69632 bytes (PC Tools, ThreatFire Filesystem Monitor)
0xF6B83000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7687000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF75A7000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF76B7000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xAE302000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF7527000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF76A7000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF74C7000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF76C7000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF74A7000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF76E7000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7667000 C:\WINDOWS\System32\Drivers\STREAM.SYS 49152 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xF7567000 C:\WINDOWS\system32\drivers\TfNetMon.sys 49152 bytes (PC Tools, ThreatFire Network Monitor)
0xF7697000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7497000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF76D7000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7537000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF76F7000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xA9DB9000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF74B7000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF7607000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7617000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF7677000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF7487000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF75C7000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF75F7000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF75D7000 C:\WINDOWS\system32\drivers\OAmon.sys 36864 bytes (Emsisoft, TDI Helper Driver)
0xF74D7000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF75E7000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7847000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF782F000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF77B7000 C:\DOCUME~1\Milan\LOCALS~1\Temp\mbr.sys 28672 bytes
0xF7707000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF77CF000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF77EF000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF77F7000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF784F000 C:\WINDOWS\system32\drivers\OAnet.sys 24576 bytes (Emsisoft, OA Helper Driver)
0xF7717000 pxscan.sys 24576 bytes (Prevx, Prevx Scanner)
0xF785F000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xF786F000 C:\Program Files\SUPERAntiSpyware\SASENUM.SYS 24576 bytes ( SUPERAdBlocker.com and SUPERAntiSpyware.com, SASENUM.SYS)
0xF7857000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xF7837000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF783F000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF77DF000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF788F000 C:\WINDOWS\System32\drivers\pxkbf.sys 20480 bytes (Prevx, Prevx Keyboard Security)
0xF77E7000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF77D7000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF77C7000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 20480 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF775F000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xAE7A3000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF796F000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAB4B3000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7943000 C:\WINDOWS\system32\drivers\rsdrv.sys 16384 bytes (EldoS Corporation, RawDisk Driver. Allows write access to files and raw disk sectors for user mode applications in Windows 2000, XP, 2003, Vista, 2008.)
0xF794F000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF6C34000 C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys 12288 bytes (Emsi Software GmbH, Emsisoft Direct Disk Access Support Driver)
0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF7179000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF794B000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF6C30000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7957000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7927000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF79AF000 C:\WINDOWS\system32\DRIVERS\ASACPI.sys 8192 bytes (-, ATK0110 ACPI Utility)
0xF79C7000 C:\WINDOWS\system32\drivers\AsIO.sys 8192 bytes
0xF79C5000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xF79BD000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF798B000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF79DB000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF79BB000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF79BF000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF79C1000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF79B1000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF79B3000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7989000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7B06000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7ABC000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7B1B000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================


Nothing detected :(



------------------------------------------

The problem with redirection when I type "hydemy..." remains, leading me to http://videorewardsnow.com/?sov=124991 as I described in the beginning.
(I didn't "reboot", my Firefox open

Obviously the problem is not solved, I hope you'll give me next instructions, waiting for your response.
Best rgds,
Perun

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:42 PM

Posted 16 November 2011 - 08:26 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Perun

Perun
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 16 November 2011 - 01:57 PM

Hello,
thanks for a quick reaction.

Here's Combofix log:

ComboFix 11-11-15.06 - Milan 16/11/2011 19:00:30.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1468 [GMT 1:00]
Running from: c:\documents and settings\Milan\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Online Armor Firewall *Disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Milan\Recent\secredir[1].htm.URL
.
.
((((((((((((((((((((((((( Files Created from 2011-10-16 to 2011-11-16 )))))))))))))))))))))))))))))))
.
.
2011-11-16 01:56 . 2011-11-16 01:56 -------- d-----w- c:\documents and settings\Milan\Application Data\fltk.org
2011-11-11 01:19 . 2011-11-11 01:19 327368 ----a-w- c:\windows\system32\drivers\avisfltr.sys
2011-11-11 01:05 . 2011-11-11 01:05 309320 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2011-11-10 22:11 . 2011-11-10 22:11 -------- d-----w- c:\program files\Common Files\iS3
2011-11-10 19:28 . 2011-11-10 19:29 -------- d-----w- c:\program files\Common Files\Adobe
2011-11-09 22:04 . 2011-11-09 22:04 -------- d-----w- c:\program files\Common Files\Java
2011-11-09 22:02 . 2011-11-09 22:02 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-08 19:13 . 2011-11-08 23:54 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-11-05 23:10 . 2011-11-05 23:10 53248 ----a-w- c:\windows\system32\drivers\rk_remover.sys
2011-11-04 13:15 . 2011-11-04 13:15 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-11-04 01:08 . 2011-11-04 01:08 -------- d-----w- c:\program files\Sophos
2011-11-03 18:55 . 2011-11-03 18:55 -------- d-----w- c:\program files\ESET
2011-11-03 18:32 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-03 18:32 . 2011-11-03 18:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-03 17:40 . 2011-11-03 17:40 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2011-11-03 17:19 . 2011-11-03 17:19 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-11-03 17:18 . 2011-11-03 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2011-11-03 17:17 . 2011-11-10 12:56 -------- d-----w- c:\program files\McAfee Security Scan
2011-11-03 14:58 . 2011-11-03 14:58 -------- d-----w- c:\documents and settings\Milan\Application Data\Avant Downloader
2011-11-02 23:24 . 2011-11-02 23:29 -------- d-----w- c:\program files\SpywareBlaster
2011-11-02 21:14 . 2011-02-22 12:57 69392 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2011-11-02 21:14 . 2011-02-22 12:57 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2011-11-02 21:14 . 2011-02-22 12:57 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2011-11-02 21:14 . 2011-11-02 21:14 -------- d-----w- c:\program files\ThreatFire
2011-11-02 21:14 . 2011-11-02 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-11-02 19:09 . 2011-11-02 19:09 -------- d-----w- c:\documents and settings\Milan\DoctorWeb
2011-11-01 00:42 . 2011-11-09 20:51 134464 ----a-w- c:\windows\system32\LnkProtect.dll
2011-10-31 17:27 . 2011-10-31 17:27 388096 ----a-r- c:\documents and settings\Milan\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-31 17:27 . 2011-10-31 17:27 -------- d-----w- c:\program files\Trend Micro
2011-10-31 00:52 . 2011-11-09 20:54 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-10-31 00:51 . 2011-10-31 00:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-10-30 21:20 . 2011-10-30 21:50 -------- d-----w- c:\program files\PC Tools Security
2011-10-30 18:11 . 2011-11-10 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2011-10-30 15:51 . 2006-06-19 12:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2011-10-30 15:51 . 2006-05-25 14:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2011-10-30 15:51 . 2005-08-26 00:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2011-10-30 15:51 . 2003-02-02 19:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2011-10-30 15:51 . 2002-03-06 00:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2011-10-30 12:21 . 2011-11-01 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-10-28 21:59 . 2011-10-28 21:59 154 ---ha-w- C:\aaw7boot.cmd
2011-10-28 20:34 . 2011-10-28 20:34 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-10-28 20:31 . 2011-10-28 14:43 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-10-28 20:30 . 2011-11-01 19:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-10-27 17:17 . 2011-10-27 17:17 -------- d-----w- c:\documents and settings\Milan\Application Data\Malwarebytes
2011-10-27 17:17 . 2011-10-27 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-10-21 17:46 . 2011-10-21 17:46 -------- d-----w- c:\documents and settings\Milan\Application Data\adma
2011-10-20 12:07 . 2003-06-25 14:05 266360 ----a-w- c:\windows\system32\TweakUI.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-09 22:02 . 2011-06-12 18:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-13 21:17 . 2011-05-15 10:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-13 09:49 . 2011-07-14 14:47 71880 ----a-w- c:\windows\system32\PxSecure.dll
2011-09-13 09:49 . 2010-03-16 17:36 32008 ----a-w- c:\windows\system32\drivers\pxscan.sys
2011-09-13 09:49 . 2010-03-16 17:36 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2011-09-13 09:49 . 2010-03-16 17:36 26096 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2011-11-08 23:49 . 2011-05-21 12:19 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\system32\DRIVERS\atapi.sys
[-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
.
[-] 2004-08-03 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\asyncmac.sys
[-] 2004-08-03 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys
.
[-] 2002-08-30 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2002-08-30 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2004-08-03 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys
.
[-] 2004-08-03 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ndis.sys
[-] 2004-08-03 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys
.
[-] 2004-08-03 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2004-08-03 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ntfs.sys
.
[-] 2002-08-30 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2002-08-30 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2004-08-03 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\browser.dll
[-] 2004-08-03 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\browser.dll
.
[-] 2004-08-03 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe
[-] 2004-08-03 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lsass.exe
.
[-] 2004-08-03 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\system32\netman.dll
[-] 2004-08-03 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\netman.dll
.
[-] 2004-08-03 22:56 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\system32\comres.dll
[-] 2004-08-03 22:56 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\system32\dllcache\comres.dll
.
[-] 2004-08-03 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll
[-] 2004-08-03 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\system32\dllcache\qmgr.dll
.
[-] 2004-08-03 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\system32\rpcss.dll
[-] 2004-08-03 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\rpcss.dll
.
[-] 2004-08-03 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\system32\services.exe
[-] 2004-08-03 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\services.exe
.
[-] 2004-08-03 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\system32\spoolsv.exe
[-] 2004-08-03 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\spoolsv.exe
.
[-] 2004-08-03 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2004-08-03 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\winlogon.exe
.
[-] 2004-08-03 . 4126D27CECE4471E00E425411F7306B5 . 111104 . . [5.4.3790.2180] . . c:\windows\system32\wuauclt.exe
[-] 2004-08-03 . 4126D27CECE4471E00E425411F7306B5 . 111104 . . [5.4.3790.2180] . . c:\windows\system32\dllcache\wuauclt.exe
.
[-] 2004-08-03 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[-] 2004-08-03 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2004-08-03 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2002-08-30 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
.
[-] 2004-08-03 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-03 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\cryptsvc.dll
.
[-] 2004-08-03 22:56 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\system32\es.dll
[-] 2004-08-03 22:56 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\system32\dllcache\es.dll
.
[-] 2004-08-03 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll
[-] 2004-08-03 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\imm32.dll
.
[-] 2004-08-03 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\system32\kernel32.dll
[-] 2004-08-03 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\kernel32.dll
.
[-] 2004-08-03 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\system32\linkinfo.dll
[-] 2004-08-03 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\linkinfo.dll
.
[-] 2004-08-03 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll
[-] 2004-08-03 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lpk.dll
.
[-] 2004-08-03 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\system32\mshtml.dll
[-] 2004-08-03 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\mshtml.dll
.
[-] 2004-08-03 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
[-] 2004-08-03 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-03 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\system32\dllcache\msvcrt.dll
[-] 2002-08-30 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
.
[-] 2004-08-03 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\system32\mswsock.dll
[-] 2004-08-03 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\mswsock.dll
.
[-] 2004-08-03 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\system32\netlogon.dll
[-] 2004-08-03 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\netlogon.dll
.
[-] 2004-08-03 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll
[-] 2004-08-03 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\powrprof.dll
.
[-] 2004-08-03 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll
[-] 2004-08-03 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\scecli.dll
.
[-] 2004-08-03 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll
[-] 2004-08-03 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfc.dll
.
[-] 2004-08-03 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe
[-] 2004-08-03 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\svchost.exe
.
[-] 2004-08-03 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\system32\tapisrv.dll
[-] 2004-08-03 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\tapisrv.dll
.
[-] 2004-08-03 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\system32\user32.dll
[-] 2004-08-03 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\user32.dll
.
[-] 2004-08-03 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe
[-] 2004-08-03 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\userinit.exe
.
[-] 2004-08-03 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\system32\wininet.dll
[-] 2004-08-03 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\wininet.dll
.
[-] 2004-08-03 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-03 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ws2_32.dll
.
[-] 2004-08-03 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\system32\ws2help.dll
[-] 2004-08-03 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ws2help.dll
.
[-] 2004-08-03 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2004-08-03 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe
.
[-] 2004-08-03 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\regedit.exe
[-] 2004-08-03 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\regedit.exe
.
[-] 2004-08-03 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\system32\ole32.dll
[-] 2004-08-03 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ole32.dll
.
[-] 2004-08-03 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\system32\usp10.dll
[-] 2004-08-03 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\system32\dllcache\usp10.dll
.
[-] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\system32\dllcache\ksuser.dll
[-] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\system32\ReinstallBackups\0018\DriverFiles\i386\ksuser.dll
[-] 2004-08-03 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\system32\ksuser.dll
[-] 2004-08-03 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\system32\ReinstallBackups\0021\DriverFiles\i386\ksuser.dll
.
[-] 2004-08-03 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-03 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ctfmon.exe
.
[-] 2004-08-03 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\system32\shsvcs.dll
[-] 2004-08-03 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\shsvcs.dll
.
[-] 2004-08-03 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll
[-] 2004-08-03 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\srsvc.dll
.
[-] 2004-08-03 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-03 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\wscntfy.exe
.
[-] 2004-08-03 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-03 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\xmlprov.dll
.
[-] 2004-08-03 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll
[-] 2004-08-03 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\eventlog.dll
.
[-] 2004-08-03 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-03 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfcfiles.dll
.
[-] 2004-08-03 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll
[-] 2004-08-03 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\regsvc.dll
.
[-] 2004-08-03 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-03 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\schedsvc.dll
.
[-] 2004-08-03 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-03 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ssdpsrv.dll
.
[-] 2004-08-03 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\system32\termsrv.dll
[-] 2004-08-03 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\termsrv.dll
.
[-] 2004-08-03 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\system32\hnetcfg.dll
[-] 2004-08-03 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\hnetcfg.dll
.
[-] 2004-08-03 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\system32\appmgmts.dll
[-] 2004-08-03 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\appmgmts.dll
.
[-] 2002-08-30 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2004-08-04 06:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\system32\dllcache\aec.sys
[-] 2004-08-04 06:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\system32\drivers\aec.sys
.
[-] 2004-08-03 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ip6fw.sys
[-] 2004-08-03 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys
.
[-] 2002-08-30 14:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\system32\mfc40u.dll
[-] 2002-08-30 14:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\system32\dllcache\mfc40u.dll
.
[-] 2004-08-03 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-03 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\msgsvc.dll
.
[-] 2004-08-03 22:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\system32\mspmsnsv.dll
[-] 2004-08-03 22:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\system32\dllcache\mspmsnsv.dll
.
[-] 2004-08-03 . FB142B7007CA2EEA76966C6C5CC12150 . 2015232 . . [5.1.2600.2180] . . c:\windows\system32\ntkrnlpa.exe
.
[-] 2004-08-03 22:56 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-03 22:56 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\dllcache\ntmssvc.dll
.
[-] 2004-08-03 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\system32\upnphost.dll
[-] 2004-08-03 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\upnphost.dll
.
[-] 2004-08-03 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\system32\dsound.dll
[-] 2004-08-03 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\system32\dllcache\dsound.dll
.
[-] 2004-08-03 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\system32\d3d9.dll
[-] 2004-08-03 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\system32\dllcache\d3d9.dll
.
[-] 2004-08-03 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\system32\ddraw.dll
[-] 2004-08-03 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\system32\dllcache\ddraw.dll
.
[-] 2004-08-03 22:56 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\system32\olepro32.dll
[-] 2004-08-03 22:56 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\olepro32.dll
.
[-] 2004-08-03 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\system32\perfctrs.dll
[-] 2004-08-03 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\perfctrs.dll
.
[-] 2004-08-03 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\system32\version.dll
[-] 2004-08-03 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\version.dll
.
[-] 2004-08-03 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\iexplore.exe
.
[-] 2004-08-03 . 626309040459C3915997EF98EC1C8D40 . 2148352 . . [5.1.2600.2180] . . c:\windows\system32\ntoskrnl.exe
.
[-] 2004-08-03 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll
[-] 2004-08-03 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\srsvc.dll
.
[-] 2004-08-03 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\system32\w32time.dll
[-] 2004-08-03 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\w32time.dll
.
[-] 2004-08-03 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\windows\system32\wiaservc.dll
[-] 2004-08-03 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\wiaservc.dll
.
[-] 2004-08-03 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\system32\midimap.dll
[-] 2004-08-03 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\midimap.dll
.
[-] 2004-08-03 . 4CAEC028C1E21C75E17877D4522D3DB4 . 8192 . . [5.1.2600.2180] . . c:\windows\system32\rasadhlp.dll
[-] 2004-08-03 . 4CAEC028C1E21C75E17877D4522D3DB4 . 8192 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\rasadhlp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-18 2012912]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VMSnap3"="c:\windows\VMSnap3.exe" [2006-07-18 49152]
"MultiScreen"="c:\program files\MultiScreen\MultiScreen.exe" [2008-06-30 114688]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"@OnlineArmor GUI"="c:\program files\Emsisoft\Online Armor\oaui.exe" [2010-10-26 2345000]
"ASUS Update Checker"="c:\program files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe" [2008-12-11 114688]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2011-02-22 378128]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\Emsisoft\ONLINE~1\oaevent.dll" [2010-10-26 353992]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:MySQL Server
.
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [16/03/2010 18:36 32008]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [02/11/2011 22:14 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [02/11/2011 22:14 69392]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [08/11/2011 20:13 17904]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrv.sys [02/09/2011 01:19 22312]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [24/07/2010 01:10 202064]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [24/07/2010 01:10 25000]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [24/07/2010 01:10 29272]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 10:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 10:15 66632]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [08/11/2011 20:13 2979280]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/11/2010 17:35 136360]
R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [16/03/2010 18:36 6416120]
R2 OAcat;Online Armor Helper Service;c:\program files\Emsisoft\Online Armor\oacat.exe [24/07/2010 01:10 380784]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [16/03/2010 18:36 76696]
R2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [16/03/2010 18:36 26096]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 10:15 12872]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [02/11/2011 22:14 33552]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [15/02/2010 00:16 2134256]
R3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [06/03/2010 23:19 480128]
R3 ZSMC0303;A4 TECH PC Camera H;c:\windows\system32\drivers\usbVM303.sys [06/03/2010 23:38 1472768]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys --> c:\windows\system32\DRIVERS\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [19/11/2010 13:28 38856]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [04/01/2011 22:23 136176]
S2 SvcOnlineArmor;Online Armor;c:\program files\Emsisoft\Online Armor\oasrv.exe [24/07/2010 01:10 3652696]
S3 avisfltr;avisfltr;c:\windows\system32\drivers\avisfltr.sys [11/11/2011 02:19 327368]
S3 cpuz134;cpuz134;\??\c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys --> c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [04/01/2011 22:23 136176]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [31/10/2011 01:52 23624]
S3 IOCTLfuzzer;IOCTLfuzzer;\??\c:\windows\system32\drivers\IOCTLfuzzer.sys --> c:\windows\system32\drivers\IOCTLfuzzer.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\7A.tmp --> c:\windows\system32\7A.tmp [?]
S3 Normandy;Normandy SR2; [x]
S3 protecter.sys;protecter.sys;\??\c:\documents and settings\Milan\Local Settings\temp\BDRemovalTool\protecter.sys --> c:\documents and settings\Milan\Local Settings\temp\BDRemovalTool\protecter.sys [?]
S3 rk_remover-boot;rk_remover-boot;c:\windows\system32\drivers\rk_remover.sys [06/11/2011 00:10 53248]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-04 21:22]
.
2011-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-04 21:22]
.
2011-11-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-602162358-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-08-11 13:22]
.
2011-11-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-602162358-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-08-11 13:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://google.com
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Milan\Application Data\Mozilla\Firefox\Profiles\xq163d71.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Notify-TPSvc - TPSvc.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-16 19:06
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\7A.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-329068152-602162358-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(456)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\ThreatFire\TFNI.dll
c:\program files\ThreatFire\TFWAH.dll
.
- - - - - - - > 'lsass.exe'(512)
c:\program files\ThreatFire\TFWAH.dll
.
Completion time: 2011-11-16 19:09:27
ComboFix-quarantined-files.txt 2011-11-16 18:09
.
Pre-Run: 193,049,391,104 bytes free
Post-Run: 194,650,738,688 bytes free
.
- - End Of File - - 9C0E72FF9DFC14A75EA48620AEB61694

== = = == = = == == == = == = =
I must admit 1 thing - I don't know how to turn off "Norton Internet Security" which is a part of WinXP SP2 that I am running. I tried couple of tricks, but, Combofix gave me warning that it is on and can interfere with results. (I tried proposed usggestions, but my version is different)
Anyway Combofix finished job in bout 60 steps, I'm sending you log, but the problem still persist.: I have this redirection from all browsers, sometimes Win Eplorer crashes (more often than before) everything else is running, maybe slower, but I mounted a lot anti/spyware/malvare softw so this can also be a cause.

I will wait for your reply, but I don't seem special improvement (thanks for your efforts), I'm still thinking about clean install & format, but not know it will help, if its MBR or some similar bleep...

Waiting for your reply,

Perun

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:42 PM

Posted 16 November 2011 - 02:29 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Perun

Perun
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 16 November 2011 - 05:18 PM

Hello,
here's TDSSKiller log:

23:13:39.0031 5184 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
23:13:41.0046 5184 ============================================================
23:13:41.0062 5184 Current date / time: 2011/11/16 23:13:41.0046
23:13:41.0062 5184 SystemInfo:
23:13:41.0062 5184
23:13:41.0062 5184 OS Version: 5.1.2600 ServicePack: 2.0
23:13:41.0062 5184 Product type: Workstation
23:13:41.0062 5184 ComputerName: ORG-C1360C668BD
23:13:41.0062 5184 UserName: Milan
23:13:41.0062 5184 Windows directory: C:\WINDOWS
23:13:41.0062 5184 System windows directory: C:\WINDOWS
23:13:41.0062 5184 Processor architecture: Intel x86
23:13:41.0062 5184 Number of processors: 2
23:13:41.0062 5184 Page size: 0x1000
23:13:41.0062 5184 Boot type: Normal boot
23:13:41.0062 5184 ============================================================
23:13:45.0437 5184 Initialize success
23:14:06.0015 5824 ============================================================
23:14:06.0015 5824 Scan started
23:14:06.0015 5824 Mode: Manual;
23:14:06.0015 5824 ============================================================
23:14:07.0000 5824 A2DDA (f7eabca8375ea2dc6f35c4bca4757515) C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
23:14:07.0015 5824 A2DDA - ok
23:14:07.0109 5824 Abiosdsk - ok
23:14:07.0140 5824 abp480n5 - ok
23:14:07.0234 5824 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:14:07.0265 5824 ACPI - ok
23:14:07.0328 5824 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:14:07.0343 5824 ACPIEC - ok
23:14:07.0390 5824 adpu160m - ok
23:14:07.0437 5824 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
23:14:07.0468 5824 aec - ok
23:14:07.0531 5824 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
23:14:07.0546 5824 AFD - ok
23:14:07.0546 5824 Aha154x - ok
23:14:07.0578 5824 aic78u2 - ok
23:14:07.0609 5824 aic78xx - ok
23:14:07.0656 5824 AliIde - ok
23:14:07.0687 5824 amsint - ok
23:14:07.0718 5824 asc - ok
23:14:07.0750 5824 asc3350p - ok
23:14:07.0812 5824 asc3550 - ok
23:14:07.0906 5824 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\WINDOWS\system32\drivers\AsIO.sys
23:14:07.0937 5824 AsIO - ok
23:14:08.0015 5824 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:14:08.0015 5824 AsyncMac - ok
23:14:08.0093 5824 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:14:08.0093 5824 atapi - ok
23:14:08.0156 5824 Atdisk - ok
23:14:08.0406 5824 ati2mtag (02b985fc4d5ba17e528f7c9f889f7d22) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
23:14:09.0328 5824 ati2mtag - ok
23:14:09.0531 5824 AtiHdmiService (f661f01e990b84c58519c1ff43c2108f) C:\WINDOWS\system32\drivers\AtiHdmi.sys
23:14:09.0546 5824 AtiHdmiService - ok
23:14:09.0609 5824 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:14:09.0625 5824 Atmarpc - ok
23:14:09.0703 5824 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:14:09.0718 5824 audstub - ok
23:14:09.0859 5824 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
23:14:09.0875 5824 avgio - ok
23:14:09.0921 5824 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
23:14:09.0921 5824 avgntflt - ok
23:14:09.0968 5824 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
23:14:09.0984 5824 avipbb - ok
23:14:10.0062 5824 avisfltr (acbd9b32206cb5d771393c8d038734ab) C:\WINDOWS\system32\DRIVERS\avisfltr.sys
23:14:10.0078 5824 avisfltr - ok
23:14:10.0140 5824 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:14:10.0140 5824 Beep - ok
23:14:10.0359 5824 catchme - ok
23:14:10.0406 5824 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:14:10.0421 5824 cbidf2k - ok
23:14:10.0453 5824 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:14:10.0468 5824 CCDECODE - ok
23:14:10.0500 5824 cd20xrnt - ok
23:14:10.0546 5824 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:14:10.0546 5824 Cdaudio - ok
23:14:10.0609 5824 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
23:14:10.0625 5824 Cdfs - ok
23:14:10.0671 5824 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:14:10.0687 5824 Cdrom - ok
23:14:10.0687 5824 Changer - ok
23:14:10.0750 5824 CmdIde - ok
23:14:10.0796 5824 Cpqarray - ok
23:14:10.0843 5824 cpuz134 - ok
23:14:10.0890 5824 dac2w2k - ok
23:14:10.0937 5824 dac960nt - ok
23:14:11.0046 5824 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
23:14:11.0062 5824 Disk - ok
23:14:11.0265 5824 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
23:14:11.0328 5824 dmboot - ok
23:14:11.0453 5824 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
23:14:11.0468 5824 dmio - ok
23:14:11.0531 5824 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:14:11.0546 5824 dmload - ok
23:14:11.0656 5824 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
23:14:11.0671 5824 DMusic - ok
23:14:11.0718 5824 dpti2o - ok
23:14:11.0781 5824 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
23:14:11.0796 5824 drmkaud - ok
23:14:11.0859 5824 ElRawDisk (b8eac99b14772bdc36ca963aed109fa2) C:\WINDOWS\system32\drivers\rsdrv.sys
23:14:11.0875 5824 ElRawDisk - ok
23:14:11.0953 5824 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
23:14:11.0968 5824 Fastfat - ok
23:14:12.0109 5824 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
23:14:12.0125 5824 Fdc - ok
23:14:12.0218 5824 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
23:14:12.0234 5824 Fips - ok
23:14:12.0281 5824 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
23:14:12.0296 5824 Flpydisk - ok
23:14:12.0375 5824 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
23:14:12.0390 5824 FltMgr - ok
23:14:12.0484 5824 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:14:12.0500 5824 Fs_Rec - ok
23:14:12.0578 5824 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:14:12.0578 5824 Ftdisk - ok
23:14:12.0609 5824 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:14:12.0625 5824 Gpc - ok
23:14:12.0734 5824 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:14:12.0734 5824 HDAudBus - ok
23:14:12.0796 5824 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:14:12.0796 5824 hidusb - ok
23:14:12.0875 5824 hitmanpro35 (72472b9ce5d02e443cff49a40355455d) C:\WINDOWS\system32\drivers\hitmanpro35.sys
23:14:12.0906 5824 hitmanpro35 - ok
23:14:12.0937 5824 hpn - ok
23:14:13.0046 5824 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
23:14:13.0093 5824 HTTP - ok
23:14:13.0093 5824 i2omgmt - ok
23:14:13.0125 5824 i2omp - ok
23:14:13.0171 5824 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\drivers\i8042prt.sys
23:14:13.0187 5824 i8042prt - ok
23:14:13.0234 5824 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:14:13.0234 5824 Imapi - ok
23:14:13.0281 5824 InCDFs - ok
23:14:13.0296 5824 InCDPass - ok
23:14:13.0328 5824 InCDRm - ok
23:14:13.0343 5824 ini910u - ok
23:14:13.0390 5824 IntelIde - ok
23:14:13.0468 5824 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:14:13.0468 5824 intelppm - ok
23:14:13.0484 5824 IOCTLfuzzer - ok
23:14:13.0531 5824 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
23:14:13.0531 5824 Ip6Fw - ok
23:14:13.0578 5824 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:14:13.0578 5824 IpFilterDriver - ok
23:14:13.0609 5824 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:14:13.0609 5824 IpInIp - ok
23:14:13.0687 5824 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:14:13.0687 5824 IpNat - ok
23:14:13.0718 5824 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:14:13.0718 5824 IPSec - ok
23:14:13.0750 5824 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:14:13.0750 5824 IRENUM - ok
23:14:13.0781 5824 is3srv - ok
23:14:13.0828 5824 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:14:13.0828 5824 isapnp - ok
23:14:13.0875 5824 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:14:13.0890 5824 Kbdclass - ok
23:14:13.0921 5824 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:14:13.0937 5824 kbdhid - ok
23:14:13.0984 5824 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
23:14:14.0000 5824 kmixer - ok
23:14:14.0031 5824 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
23:14:14.0031 5824 KSecDD - ok
23:14:14.0078 5824 Lavasoft Kernexplorer - ok
23:14:14.0093 5824 lbrtfdc - ok
23:14:14.0171 5824 MagicTune - ok
23:14:14.0218 5824 MEMSWEEP2 - ok
23:14:14.0250 5824 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:14:14.0265 5824 mnmdd - ok
23:14:14.0312 5824 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
23:14:14.0312 5824 Modem - ok
23:14:14.0375 5824 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys
23:14:14.0406 5824 monfilt - ok
23:14:14.0578 5824 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:14:14.0593 5824 Mouclass - ok
23:14:14.0796 5824 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:14:14.0812 5824 mouhid - ok
23:14:14.0921 5824 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
23:14:14.0937 5824 MountMgr - ok
23:14:15.0015 5824 mraid35x - ok
23:14:15.0125 5824 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:14:15.0250 5824 MRxDAV - ok
23:14:16.0031 5824 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:14:16.0109 5824 MRxSmb - ok
23:14:16.0171 5824 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
23:14:16.0187 5824 Msfs - ok
23:14:16.0250 5824 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:14:16.0265 5824 MSKSSRV - ok
23:14:16.0296 5824 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:14:16.0312 5824 MSPCLOCK - ok
23:14:16.0328 5824 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
23:14:16.0328 5824 MSPQM - ok
23:14:16.0375 5824 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:14:16.0390 5824 mssmbios - ok
23:14:16.0468 5824 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
23:14:16.0484 5824 MTsensor - ok
23:14:16.0578 5824 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
23:14:16.0593 5824 Mup - ok
23:14:16.0656 5824 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:14:16.0656 5824 NABTSFEC - ok
23:14:16.0718 5824 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
23:14:16.0718 5824 NDIS - ok
23:14:16.0796 5824 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:14:16.0796 5824 NdisIP - ok
23:14:16.0843 5824 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:14:16.0859 5824 NdisTapi - ok
23:14:16.0937 5824 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:14:16.0937 5824 Ndisuio - ok
23:14:17.0031 5824 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:14:17.0031 5824 NdisWan - ok
23:14:17.0062 5824 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
23:14:17.0078 5824 NDProxy - ok
23:14:17.0125 5824 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:14:17.0140 5824 NetBIOS - ok
23:14:17.0218 5824 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:14:17.0234 5824 NetBT - ok
23:14:17.0296 5824 Normandy - ok
23:14:17.0343 5824 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
23:14:17.0343 5824 Npfs - ok
23:14:17.0421 5824 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
23:14:17.0453 5824 Ntfs - ok
23:14:17.0546 5824 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:14:17.0562 5824 Null - ok
23:14:17.0609 5824 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:14:17.0625 5824 NwlnkFlt - ok
23:14:17.0656 5824 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:14:17.0671 5824 NwlnkFwd - ok
23:14:17.0765 5824 OADevice (422cf292a3fd758418c5b79405c93331) C:\WINDOWS\system32\drivers\OADriver.sys
23:14:17.0781 5824 OADevice - ok
23:14:17.0828 5824 oahlpXX (7c6d7532a8fcbcbda241215e808354c2) C:\WINDOWS\system32\drivers\oahlp32.sys
23:14:17.0843 5824 oahlpXX - ok
23:14:17.0906 5824 OAmon (6243e6db6399a95fd401090fc0d0c3ab) C:\WINDOWS\system32\drivers\OAmon.sys
23:14:17.0921 5824 OAmon - ok
23:14:17.0984 5824 OAnet (f87647d8e994032ee9a50f8a3a144671) C:\WINDOWS\system32\drivers\OAnet.sys
23:14:18.0000 5824 OAnet - ok
23:14:18.0078 5824 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
23:14:18.0093 5824 Parport - ok
23:14:18.0140 5824 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
23:14:18.0140 5824 PartMgr - ok
23:14:18.0187 5824 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:14:18.0203 5824 ParVdm - ok
23:14:18.0250 5824 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
23:14:18.0265 5824 PCI - ok
23:14:18.0312 5824 PCIDump - ok
23:14:18.0343 5824 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:14:18.0359 5824 PCIIde - ok
23:14:18.0406 5824 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:14:18.0437 5824 Pcmcia - ok
23:14:18.0468 5824 PDCOMP - ok
23:14:18.0500 5824 PDFRAME - ok
23:14:18.0531 5824 PDRELI - ok
23:14:18.0562 5824 PDRFRAME - ok
23:14:18.0609 5824 perc2 - ok
23:14:18.0640 5824 perc2hib - ok
23:14:18.0750 5824 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:14:18.0781 5824 PptpMiniport - ok
23:14:18.0984 5824 protecter.sys - ok
23:14:19.0078 5824 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:14:19.0093 5824 Ptilink - ok
23:14:19.0156 5824 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:14:19.0187 5824 PxHelp20 - ok
23:14:19.0312 5824 pxkbf (0c738845c7c12c45f05b127edff2cc87) C:\WINDOWS\system32\drivers\pxkbf.sys
23:14:19.0343 5824 pxkbf - ok
23:14:19.0390 5824 pxrts (04d1c97a0818f9378eeaa793a09f8202) C:\WINDOWS\system32\drivers\pxrts.sys
23:14:19.0406 5824 pxrts - ok
23:14:19.0421 5824 pxscan (e6e1f9f717feab3e16c3b160b17e6855) C:\WINDOWS\system32\drivers\pxscan.sys
23:14:19.0437 5824 pxscan - ok
23:14:19.0437 5824 ql1080 - ok
23:14:19.0468 5824 Ql10wnt - ok
23:14:19.0500 5824 ql12160 - ok
23:14:19.0546 5824 ql1240 - ok
23:14:19.0578 5824 ql1280 - ok
23:14:19.0671 5824 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:14:19.0687 5824 RasAcd - ok
23:14:19.0796 5824 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:14:19.0828 5824 Rasl2tp - ok
23:14:19.0890 5824 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:14:19.0921 5824 RasPppoe - ok
23:14:20.0000 5824 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:14:20.0015 5824 Raspti - ok
23:14:20.0093 5824 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:14:20.0109 5824 Rdbss - ok
23:14:20.0156 5824 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:14:20.0171 5824 RDPCDD - ok
23:14:20.0234 5824 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:14:20.0234 5824 rdpdr - ok
23:14:20.0265 5824 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
23:14:20.0281 5824 RDPWD - ok
23:14:20.0328 5824 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:14:20.0343 5824 redbook - ok
23:14:20.0421 5824 rk_remover-boot (d4b62e2585945fb1299c4140287ec32b) C:\WINDOWS\system32\drivers\rk_remover.sys
23:14:20.0437 5824 rk_remover-boot - ok
23:14:20.0515 5824 RTLE8023xp (b0e1648aae1e59bdd0854af07a605399) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
23:14:20.0531 5824 RTLE8023xp - ok
23:14:20.0625 5824 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
23:14:20.0640 5824 SASDIFSV - ok
23:14:20.0671 5824 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
23:14:20.0671 5824 SASENUM - ok
23:14:20.0718 5824 SASKUTIL (67d2688756dd304af655349baad82bff) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
23:14:20.0734 5824 SASKUTIL - ok
23:14:20.0796 5824 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:14:20.0812 5824 Secdrv - ok
23:14:20.0859 5824 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:14:20.0875 5824 serenum - ok
23:14:20.0937 5824 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
23:14:20.0953 5824 Serial - ok
23:14:21.0000 5824 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:14:21.0015 5824 Sfloppy - ok
23:14:21.0031 5824 Simbad - ok
23:14:21.0078 5824 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:14:21.0078 5824 SLIP - ok
23:14:21.0093 5824 Sparrow - ok
23:14:21.0140 5824 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
23:14:21.0156 5824 splitter - ok
23:14:21.0218 5824 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
23:14:21.0234 5824 sr - ok
23:14:21.0296 5824 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
23:14:21.0328 5824 Srv - ok
23:14:21.0437 5824 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
23:14:21.0453 5824 ssmdrv - ok
23:14:21.0546 5824 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
23:14:21.0546 5824 StarOpen - ok
23:14:21.0656 5824 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:14:21.0671 5824 streamip - ok
23:14:21.0718 5824 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:14:21.0718 5824 swenum - ok
23:14:21.0828 5824 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
23:14:21.0843 5824 swmidi - ok
23:14:21.0875 5824 symc810 - ok
23:14:21.0906 5824 symc8xx - ok
23:14:21.0921 5824 sym_hi - ok
23:14:21.0968 5824 sym_u3 - ok
23:14:22.0031 5824 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
23:14:22.0046 5824 sysaudio - ok
23:14:22.0078 5824 szkg5 - ok
23:14:22.0109 5824 szkgfs - ok
23:14:22.0187 5824 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:14:22.0203 5824 Tcpip - ok
23:14:22.0250 5824 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:14:22.0250 5824 TDPIPE - ok
23:14:22.0312 5824 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
23:14:22.0312 5824 TDTCP - ok
23:14:22.0375 5824 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:14:22.0390 5824 TermDD - ok
23:14:22.0437 5824 TfFsMon (a56ec942ecabfb7849bfa76060f929fb) C:\WINDOWS\system32\drivers\TfFsMon.sys
23:14:22.0453 5824 TfFsMon - ok
23:14:22.0515 5824 TfNetMon (917ef522563f6047685486efa486fb3c) C:\WINDOWS\system32\drivers\TfNetMon.sys
23:14:22.0531 5824 TfNetMon - ok
23:14:22.0562 5824 TfSysMon (57edbb5fe7ff09bb21121d13bb950ba5) C:\WINDOWS\system32\drivers\TfSysMon.sys
23:14:22.0578 5824 TfSysMon - ok
23:14:22.0609 5824 TosIde - ok
23:14:22.0671 5824 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
23:14:22.0671 5824 Udfs - ok
23:14:22.0703 5824 ultra - ok
23:14:22.0796 5824 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
23:14:22.0828 5824 Update - ok
23:14:22.0890 5824 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:14:22.0906 5824 usbehci - ok
23:14:22.0984 5824 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:14:23.0000 5824 usbhub - ok
23:14:23.0078 5824 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:14:23.0078 5824 USBSTOR - ok
23:14:23.0171 5824 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:14:23.0203 5824 usbuhci - ok
23:14:23.0250 5824 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
23:14:23.0265 5824 VgaSave - ok
23:14:23.0406 5824 VIAHdAudAddService (029e0b9574d872582b4adfb69ee82f0e) C:\WINDOWS\system32\drivers\viahduaa.sys
23:14:23.0531 5824 VIAHdAudAddService - ok
23:14:23.0546 5824 ViaIde - ok
23:14:23.0609 5824 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
23:14:23.0609 5824 VolSnap - ok
23:14:23.0671 5824 vvftav303 (212f0be9eca72cb56f9c30e4fe1858e2) C:\WINDOWS\system32\drivers\vvftav303.sys
23:14:23.0718 5824 vvftav303 - ok
23:14:24.0187 5824 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:14:24.0187 5824 Wanarp - ok
23:14:24.0218 5824 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
23:14:24.0234 5824 wdmaud - ok
23:14:24.0312 5824 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:14:24.0312 5824 WSTCODEC - ok
23:14:24.0671 5824 ZSMC0303 (51df76d8f9ddf0e0012639448652956d) C:\WINDOWS\system32\Drivers\usbVM303.sys
23:14:24.0703 5824 ZSMC0303 - ok
23:14:24.0718 5824 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
23:14:24.0875 5824 \Device\Harddisk0\DR0 - ok
23:14:24.0875 5824 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
23:14:24.0875 5824 \Device\Harddisk1\DR1 - ok
23:14:24.0875 5824 Boot (0x1200) (370944f34638502cb154654748560105) \Device\Harddisk0\DR0\Partition0
23:14:24.0875 5824 \Device\Harddisk0\DR0\Partition0 - ok
23:14:24.0906 5824 Boot (0x1200) (ac0e9ed15db8b706b6e1c6cc2d8cf05c) \Device\Harddisk0\DR0\Partition1
23:14:24.0906 5824 \Device\Harddisk0\DR0\Partition1 - ok
23:14:24.0906 5824 Boot (0x1200) (cd4addc8b4ae89f615a6539d02602032) \Device\Harddisk1\DR1\Partition0
23:14:24.0906 5824 \Device\Harddisk1\DR1\Partition0 - ok
23:14:24.0906 5824 ============================================================
23:14:24.0906 5824 Scan finished
23:14:24.0906 5824 ============================================================
23:14:24.0921 5908 Detected object count: 0
23:14:24.0921 5908 Actual detected object count: 0


==== = == = = = = == = == = == == == = =
As much as I can see (you know better ofcourse) found nothing. I ready for any next steps you suggest, just curious what do you think until know, does curing process goes on.

Thanks a lot, waiting your instructions,

Perun

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:42 PM

Posted 16 November 2011 - 08:26 PM

Hello

not much showing in the last report but don't mean we will not find it.

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Perun

Perun
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 17 November 2011 - 01:18 PM

Hello,

here's aswMBR report:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-17 18:52:58
-----------------------------
18:52:58.156 OS Version: Windows 5.1.2600 Service Pack 2
18:52:58.156 Number of processors: 2 586 0x170A
18:52:58.156 ComputerName: ORG-C1360C668BD UserName: Milan
18:52:58.593 Initialize success
18:53:05.218 AVAST engine defs: 11111702
18:53:25.343 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7
18:53:25.343 Disk 0 Vendor: WDC_WD6400AAKS-65A7B2 01.03B01 Size: 610480MB BusType: 3
18:53:25.359 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-13
18:53:25.359 Disk 1 Vendor: WDC_WD5000AAKS-00V1A0 05.01D05 Size: 476940MB BusType: 3
18:53:27.390 Disk 0 MBR read successfully
18:53:27.406 Disk 0 MBR scan
18:53:27.453 Disk 0 Windows XP default MBR code
18:53:27.453 Disk 0 scanning sectors +1250242560
18:53:27.578 Disk 0 scanning C:\WINDOWS\system32\drivers
18:53:38.984 Service scanning
18:53:39.281 Service pxkbf C:\WINDOWS\System32\drivers\pxkbf.sys **LOCKED** 32
18:53:39.296 Service pxscan C:\WINDOWS\System32\drivers\pxscan.sys **LOCKED** 32
18:53:39.859 Modules scanning
18:53:44.609 Module: C:\WINDOWS\system32\ntdll.dll **SUSPICIOUS**
18:53:44.640 Disk 0 trace - called modules:
18:53:44.671 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
18:53:44.671 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89df0ab8]
18:53:44.687 3 CLASSPNP.SYS[f74c805b] -> nt!IofCallDriver -> \Device\00000079[0x89e133a8]
18:53:44.703 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-7[0x89e10d98]
18:53:45.125 AVAST engine scan C:\WINDOWS
18:53:54.562 AVAST engine scan C:\WINDOWS\system32
18:55:49.625 AVAST engine scan C:\WINDOWS\system32\drivers
18:56:10.671 AVAST engine scan C:\Documents and Settings\Milan
18:59:17.703 AVAST engine scan C:\Documents and Settings\All Users
19:00:15.343 Scan finished successfully
19:01:55.953 Disk 0 MBR has been saved successfully to "E:\Pokrajac\Instalacije\AntivirusFirewallEtc\AntiSpyware\asWMBR AVAST\MBR.dat"
19:01:55.984 The log file has been saved successfully to "E:\Pokrajac\Instalacije\AntivirusFirewallEtc\AntiSpyware\asWMBR AVAST\aswMBR.txt"

===== == == == =
I must say I used this tool before , and sent
18:53:44.609 Module: C:\WINDOWS\system32\ntdll.dll **SUSPICIOUS**
file to online analysis, everything was OK.


Also locked files pxkbf.sys and pxscan.sys are parts of free Prevx that I have installed, though on their site you can find it is virus ?!?!

Anyway, thanks for your patience& help.
Waiting for further instructions,

Perun

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:42 PM

Posted 17 November 2011 - 11:35 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun ASWMbr for me and send me the report

  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Perun

Perun
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 18 November 2011 - 08:31 AM

Hello,

I started fixTDSS and after reset answer was "Backdoor.TidServ has not been found on you computer"
Then after restart, I scanned with aswMBR and here is log file:

swMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-18 14:13:50
-----------------------------
14:13:50.890 OS Version: Windows 5.1.2600 Service Pack 2
14:13:50.890 Number of processors: 2 586 0x170A
14:13:50.890 ComputerName: ORG-C1360C668BD UserName: Milan
14:13:52.078 Initialize success
14:13:57.765 AVAST engine defs: 11111702
14:14:06.718 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7
14:14:06.718 Disk 0 Vendor: WDC_WD6400AAKS-65A7B2 01.03B01 Size: 610480MB BusType: 3
14:14:06.734 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-13
14:14:06.734 Disk 1 Vendor: WDC_WD5000AAKS-00V1A0 05.01D05 Size: 476940MB BusType: 3
14:14:08.750 Disk 0 MBR read successfully
14:14:08.750 Disk 0 MBR scan
14:14:08.781 Disk 0 Windows XP default MBR code
14:14:08.781 Disk 0 scanning sectors +1250242560
14:14:08.890 Disk 0 scanning C:\WINDOWS\system32\drivers
14:14:17.312 Service scanning
14:14:17.546 Service pxkbf C:\WINDOWS\System32\drivers\pxkbf.sys **LOCKED** 32
14:14:17.562 Service pxscan C:\WINDOWS\System32\drivers\pxscan.sys **LOCKED** 32
14:14:18.109 Modules scanning
14:14:20.390 Module: C:\WINDOWS\system32\ntdll.dll **SUSPICIOUS**
14:14:20.406 Disk 0 trace - called modules:
14:14:20.437 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
14:14:20.453 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89df0ab8]
14:14:20.453 3 CLASSPNP.SYS[f74c805b] -> nt!IofCallDriver -> \Device\00000079[0x89e00948]
14:14:20.468 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-7[0x89dfcd98]
14:14:20.921 AVAST engine scan C:\WINDOWS
14:14:26.265 AVAST engine scan C:\WINDOWS\system32
14:15:39.859 AVAST engine scan C:\WINDOWS\system32\drivers
14:15:51.890 AVAST engine scan C:\Documents and Settings\Milan
14:18:23.140 AVAST engine scan C:\Documents and Settings\All Users
14:19:04.390 Scan finished successfully
14:19:36.531 Disk 0 MBR has been saved successfully to "E:\Pokrajac\Instalacije\AntivirusFirewallEtc\AntiSpyware\asWMBR AVAST\MBR.dat"
14:19:36.562 The log file has been saved successfully to "E:\Pokrajac\Instalacije\AntivirusFirewallEtc\AntiSpyware\asWMBR AVAST\aswMBR.txt"

=== = = = = = = == = =
Unfortunately, redirection mentioned on the beginning still remains, Win Explorer seems to crash more than at the beginning of the infection.
As much as I can see (I'm not expert), logs remains pretty much the same.
I'm expecting your instructions (ready for further cooperation), but also would like your opinion: are there any chances to cure this monster ie. do you had similar experiences - I lost a lot of time on surfing, but normally people got infected with classic Google redirection malware, this is obviously not my case), but something exists.

Thanks again for your great effort,

Perun

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:42 PM

Posted 18 November 2011 - 08:52 AM

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
ntdll.dll
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Perun

Perun
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:42 AM

Posted 18 November 2011 - 10:40 AM

Hello,

the log od Systemlook:

SystemLook 30.07.11 by jpshortstuff
Log created at 16:40 on 18/11/2011 by Milan
Administrator - Elevation successful

========== filefind ==========

Searching for "ntdll.dll"
C:\cmdcons\system32\ntdll.dll -ra---- 708096 bytes [11:28 31/10/2011] [22:56 03/08/2004] BB5CBFFC096497506167BCE1D9690EF2
C:\WINDOWS\system32\ntdll.dll --a---- 708096 bytes [22:56 03/08/2004] [22:56 03/08/2004] BB5CBFFC096497506167BCE1D9690EF2
C:\WINDOWS\system32\dllcache\ntdll.dll --a--c- 708096 bytes [22:56 03/08/2004] [22:56 03/08/2004] BB5CBFFC096497506167BCE1D9690EF2

-= EOF =-
====== ====

Hope this helps.

Thanks again and best rgds,
Perun

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:42 PM

Posted 20 November 2011 - 09:27 PM

Try this please. You will also need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download dumpit to your USB
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • Click on sdb1 (sdb1 represents the USB drive).
  • Double click on the dumpit file.
  • A black window will pop-up and it will dump and zip the MBR to your USB drive.
  • Press Enter to exit the black window.
  • Click on HOME tab and choose Power Off to turn off xPUD.
  • Remove the USB drive and insert it back on your working computer.
  • Locate the mbr.zip file in your USB drive and attach it when you reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users