Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect to Info Mash


  • Please log in to reply
22 replies to this topic

#1 SportsGeek85

SportsGeek85

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 28 December 2011 - 07:34 PM

Hi guys, I'm new to the website, but I've been reading around and have discovered that others have had the same problem as me, which is that Google keeps redirecting me to sites like Info Mash, and others, instead of taking me to the intended website. I read the piece of advice that I should install Malwarebytes and run a Quick Scan which I have done, but I don't know what to do after that..Could someone help me please?

BC AdBot (Login to Remove)

 


#2 SportsGeek85

SportsGeek85
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 28 December 2011 - 07:43 PM

In addition here is the log: Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.28.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Hari :: HARI-PC [administrator]

12/28/2011 7:28:40 PM
mbam-log-2011-12-28 (19-28-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 173511
Time elapsed: 8 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCR\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

It says it deleted the trojan, but do I need to take additional precautions?

#3 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:37 PM

Posted 28 December 2011 - 09:50 PM

Welcome aboard Posted Image

Is the redirection still present after running MBAM?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#4 SportsGeek85

SportsGeek85
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 29 December 2011 - 09:04 AM

Yes the redirection is still present.

Edited by SportsGeek85, 29 December 2011 - 09:06 AM.


#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:37 PM

Posted 29 December 2011 - 11:53 AM

Let's run couple more scans....

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#6 SportsGeek85

SportsGeek85
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 29 December 2011 - 02:35 PM

This is the Security Check document:


Results of screen317's Security Check version 0.99.24
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
McAfee Security Scan Plus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

CCleaner
Java DB 10.5.3.0
Java™ 6 Update 24
Java™ SE Development Kit 6 Update 21
Out of date Java installed!
Adobe Flash Player 11.0.1.152
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
``````````End of Log````````````

#7 SportsGeek85

SportsGeek85
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 29 December 2011 - 02:36 PM

This is the MiniToolBox document:


MiniToolBox by Farbar
Ran by Hari (administrator) on 29-12-2011 at 14:34:18
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

# ::1 localhost

========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Hari-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection
Physical Address. . . . . . . . . : 00-1B-FC-DF-E9-7B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::1807:966c:7be7:8854%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, December 28, 2011 6:59:16 PM
Lease Expires . . . . . . . . . . : Friday, December 30, 2011 6:59:16 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 234888188
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-A3-70-DA-00-1B-FC-DF-E9-7B
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{93734F00-54FD-449F-9E16-EA497FD1DF91}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:28e6:372a:b388:8c07(Preferred)
Link-local IPv6 Address . . . . . : fe80::28e6:372a:b388:8c07%11(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.113.104
74.125.113.103
74.125.113.105
74.125.113.147
74.125.113.106
74.125.113.99


Pinging google.com [74.125.113.105] with 32 bytes of data:
Reply from 74.125.113.105: bytes=32 time=55ms TTL=49
Reply from 74.125.113.105: bytes=32 time=57ms TTL=49

Ping statistics for 74.125.113.105:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 55ms, Maximum = 57ms, Average = 56ms
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.137.149.56
98.139.180.149
209.191.122.70
72.30.2.43


Pinging yahoo.com [72.30.2.43] with 32 bytes of data:
Reply from 72.30.2.43: bytes=32 time=100ms TTL=50
Reply from 72.30.2.43: bytes=32 time=100ms TTL=50

Ping statistics for 72.30.2.43:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 100ms, Maximum = 100ms, Average = 100ms
Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...00 1b fc df e9 7b ......Intel® PRO/100 VE Network Connection
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.4 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.4 276
192.168.1.4 255.255.255.255 On-link 192.168.1.4 276
192.168.1.255 255.255.255.255 On-link 192.168.1.4 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.4 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.4 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
11 58 ::/0 On-link
1 306 ::1/128 On-link
11 58 2001::/32 On-link
11 306 2001:0:4137:9e76:28e6:372a:b388:8c07/128
On-link
10 276 fe80::/64 On-link
11 306 fe80::/64 On-link
10 276 fe80::1807:966c:7be7:8854/128
On-link
11 306 fe80::28e6:372a:b388:8c07/128
On-link
1 306 ff00::/8 On-link
11 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 08 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/21/2011 11:47:04 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16421, time stamp: 0x4d76255d
Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp: 0x4dace5b9
Exception code: 0xc0000005
Fault offset: 0x0003af6c
Faulting process id: 0x1af4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (12/07/2011 09:12:39 PM) (Source: Software Protection Platform Service) (User: )
Description: Acquisition of genuine ticket failed (hr=0x80072EE7) for template Id 66c92734-d682-4d71-983e-d6ec3f16059f

Error: (12/07/2011 09:12:39 PM) (Source: Software Protection Platform Service) (User: )
Description: License acquisition failure details.
hr=0x80072EE7

Error: (11/26/2011 10:43:06 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 1; will rename 21 Hari’s\032Library._home-sharing._tcp.local. SRV 0 0 3689 Hari-PC.local.

Error: (11/26/2011 10:43:06 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.18:5353 271 Hari’s\032Library._home-sharing._tcp.local. TXT txtvers=1¦hQ=105¦dmv=131080¦iTSh Version=196616¦MID=0xB4344D47103440DB¦PrVs=65538¦Database ID=72E

Error: (11/14/2011 08:35:35 PM) (Source: Application Hang) (User: )
Description: The program Photoshop.exe version 10.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 5d0

Start Time: 01cca335ee6a4765

Termination Time: 89

Application Path: C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe

Report Id: 1599d84e-0f2a-11e1-85d2-001bfcdfe97b

Error: (09/19/2011 06:04:10 AM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 6.0.2.4262 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: cc0

Start Time: 01cc76bbbe780c50

Termination Time: 0

Application Path: C:\Program Files\Mozilla Firefox\firefox.exe

Report Id: 1458dc2b-e2af-11e0-82ab-001bfcdfe97b

Error: (09/05/2011 07:03:08 PM) (Source: ESENT) (User: )
Description: WinMail (744) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.

Error: (08/23/2011 07:06:22 AM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 6.0.0.4240 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1200

Start Time: 01cc618cb10ee8fe

Termination Time: 31

Application Path: C:\Program Files\Mozilla Firefox\firefox.exe

Report Id: 32635e4a-cd80-11e0-84e7-001bfcdfe97b

Error: (08/15/2011 10:03:52 PM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 5.0.0.4183 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ebc

Start Time: 01cc5ba6e424d67a

Termination Time: 98

Application Path: C:\Program Files\Mozilla Firefox\firefox.exe

Report Id: 48570c0b-c7b4-11e0-8502-001bfcdfe97b


System errors:
=============
Error: (12/21/2011 05:46:34 AM) (Source: DCOM) (User: )
Description: {0002DF01-0000-0000-C000-000000000046}

Error: (12/13/2011 08:12:28 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (12/13/2011 08:12:28 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (12/13/2011 08:12:27 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (12/13/2011 08:12:27 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (12/13/2011 08:12:26 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (12/09/2011 09:48:49 PM) (Source: Tcpip) (User: )
Description: The system detected an address conflict for IP address 192.168.1.2 with the system
having network hardware address CC-5D-4E-31-76-BC. Network operations on this system may
be disrupted as a result.

Error: (12/09/2011 07:36:18 PM) (Source: Tcpip) (User: )
Description: The system detected an address conflict for IP address 192.168.1.2 with the system
having network hardware address CC-5D-4E-31-76-BC. Network operations on this system may
be disrupted as a result.

Error: (12/03/2011 02:10:29 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005

Error: (12/01/2011 01:05:30 PM) (Source: NetBT) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.29.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.


Microsoft Office Sessions:
=========================
Error: (11/26/2011 11:16:24 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 30933 seconds with 720 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Torrent (Version: 2.2.0)
32 Bit HP CIO Components Installer (Version: 7.1.8)
6300 (Version: 130.0.365.000)
6300_Help (Version: 82.0.242.000)
6300Trb (Version: 82.0.242.000)
Action Replay Code Manager
Adobe AIR (Version: 2.0.2.12610)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color - Photoshop Specific (Version: 1.0)
Adobe Color Common Settings (Version: 1.0)
Adobe Color EU Extra Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Recommended Settings (Version: 1.0)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe Digital Editions
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe Flash Player 10 ActiveX (Version: 10.1.53.64)
Adobe Flash Player 11 Plugin (Version: 11.0.1.152)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop CS3 (Version: 10)
Adobe Photoshop CS3 (Version: 10.0)
Adobe Reader 9.4.6 (Version: 9.4.6)
Adobe Setup (Version: 1.0)
Adobe Shockwave Player 11.6 (Version: 11.6.3.633)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
AIO_CDB_ProductContext (Version: 130.0.365.000)
AIO_CDB_Software (Version: 130.0.365.000)
AIO_Scan (Version: 130.0.421.000)
Akamai NetSession Interface Service
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
Bing Bar (Version: 7.0.609.0)
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 130.0.331.000)
CCleaner (Version: 3.13)
Copy (Version: 130.0.428.000)
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Lite (Version: 4.40.2.0131)
Destinations (Version: 140.0.77.000)
DeviceDiscovery (Version: 130.0.465.000)
DivX Setup (Version: 2.3.0.20)
DocProc (Version: 13.0.0.0)
Download Updater (AOL LLC)
Fax (Version: 130.0.418.000)
Free YouTube to MP3 Converter version 3.9.40.602
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.79)
GPBaseService2 (Version: 130.0.371.000)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (Version: 13.0)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 5.002.006.003)
HPPhotoGadget (Version: 130.0.282.000)
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000)
HPPhotosmartEssential (Version: 2.04.0000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1912)
iTunes (Version: 10.5.1.42)
Java Auto Updater (Version: 2.0.3.1)
Java DB 10.5.3.0 (Version: 10.5.3.0)
Java™ 6 Update 24 (Version: 6.0.240)
Java™ SE Development Kit 6 Update 21 (Version: 1.6.0.210)
Junk Mail filter update (Version: 15.4.3502.0922)
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
MarketResearch (Version: 130.0.374.000)
McAfee Security Scan Plus (Version: 2.0.181.2)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Mathematics (Version: 4.0)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Professional Plus 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 8.0 (x86 en-US) (Version: 8.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Network (Version: 130.0.572.000)
Norton Security Suite (Version: 4.4.0.12)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
PDF Settings (Version: 1.0)
Picasa 3 (Version: 3.8)
QuickTime (Version: 7.71.80.42)
Realtek High Definition Audio Driver (Version: 6.0.1.5910)
Rosetta Stone Version 3 (Version: 3.4.5.0)
SAMSUNG PC Share Manager (Version: 4.0)
Scan (Version: 140.0.80.000)
SDFormatter (Version: 3.0.0)
Shop for HP Supplies (Version: 13.0)
SmartWebPrinting (Version: 140.0.186.000)
Soft Data Fax Modem with SmartCP (Version: 7.80.4.50)
SolutionCenter (Version: 130.0.373.000)
Status (Version: 130.0.469.000)
swMSM (Version: 12.0.0.1)
TI-Nspire CAS Student Software (Version: 3.1.0.392)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.422.000)
Uninstall 1.0.0.1
UnloadSupport (Version: 11.0.0)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
Veetle TV 0.9.17 (Version: 0.9.17)
WebReg (Version: 130.0.132.017)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR archiver

========================= Memory info: ===================================

Percentage of memory in use: 56%
Total physical RAM: 2038.46 MB
Available physical RAM: 876.66 MB
Total Pagefile: 4076.93 MB
Available Pagefile: 2458.24 MB
Total Virtual: 2047.88 MB
Available Virtual: 1942.03 MB

========================= Partitions: =====================================

1 Drive c: (HP) (Fixed) (Total:289.26 GB) (Free:213.36 GB) NTFS
2 Drive d: (Recovery) (Fixed) (Total:8.83 GB) (Free:1.01 GB) NTFS
3 Drive e: (TINspireStudent) (CDROM) (Total:0.5 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\HARI-PC

Administrator Guest Hari


**** End of log ****

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:37 PM

Posted 29 December 2011 - 02:49 PM

...and GMER....

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 SportsGeek85

SportsGeek85
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 29 December 2011 - 04:16 PM

GMER is still running (posting this message from a roommate's computer..) Thanks for helping so far!

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:37 PM

Posted 29 December 2011 - 04:26 PM

No problem :)

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 SportsGeek85

SportsGeek85
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 29 December 2011 - 08:50 PM

Its been about 6.5 hours since I started the GMER scan, and its not done yet...is this normal?

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:37 PM

Posted 29 December 2011 - 08:56 PM

In some cases it takes a while.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 SportsGeek85

SportsGeek85
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 30 December 2011 - 06:14 AM

And finally GMER:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-30 06:10:12
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST332082 rev.3.CH
Running: j4viz02x.exe; Driver: C:\Users\Hari\AppData\Local\Temp\kwldipod.sys


---- System - GMER 1.0.15 ----

SSDT 86E64250 ZwAlertResumeThread
SSDT 86E6F750 ZwAlertThread
SSDT 86F73EB0 ZwAllocateVirtualMemory
SSDT 86AD0B58 ZwAlpcConnectPort
SSDT 86EA9D10 ZwAssignProcessToJobObject
SSDT 86F73538 ZwCreateMutant
SSDT 86FA8D48 ZwCreateSymbolicLinkObject
SSDT 86FBC490 ZwCreateThread
SSDT 86FA8E18 ZwCreateThreadEx
SSDT 86EA5AE0 ZwDebugActiveProcess
SSDT 86FBC1D8 ZwDuplicateObject
SSDT 86F73D10 ZwFreeVirtualMemory
SSDT 86E7DE98 ZwImpersonateAnonymousToken
SSDT 86E7C290 ZwImpersonateThread
SSDT 86A40CC8 ZwLoadDriver
SSDT 86F73C30 ZwMapViewOfSection
SSDT 86E7DF90 ZwOpenEvent
SSDT 86FBC378 ZwOpenProcess
SSDT 86E4B930 ZwOpenProcessToken
SSDT 86EA59A8 ZwOpenSection
SSDT 86FBC2A8 ZwOpenThread
SSDT 86FA8EF8 ZwProtectVirtualMemory
SSDT 86E6F4F0 ZwResumeThread
SSDT 86E5E628 ZwSetContextThread
SSDT 86F73AD8 ZwSetInformationProcess
SSDT 86EA5F90 ZwSetSystemInformation
SSDT 86EA5D58 ZwSuspendProcess
SSDT 86E5E760 ZwSuspendThread
SSDT 86E4BED0 ZwTerminateProcess
SSDT 86E5EA10 ZwTerminateThread
SSDT 86E5E898 ZwUnmapViewOfSection
SSDT 86F73DE0 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 82C3E369 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C77D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10DB 82C7ED90 8 Bytes [50, 42, E6, 86, 50, F7, E6, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82C7EDA8 4 Bytes [B0, 3E, F7, 86]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 82C7EDB4 4 Bytes [58, 0B, AD, 86]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82C7EE08 4 Bytes [10, 9D, EA, 86]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 82C7EE84 4 Bytes [38, 35, F7, 86]
.text ...
? System32\Drivers\spog.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 9D244DB9 5 Bytes JMP 86F841D8

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [88A46042] \SystemRoot\System32\Drivers\spog.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [88A466D6] \SystemRoot\System32\Drivers\spog.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [88A46800] \SystemRoot\System32\Drivers\spog.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [88A4613E] \SystemRoot\System32\Drivers\spog.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74682437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74665600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [746656BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [746824B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74678514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74674CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7467506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74675144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74676671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7467826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [746787BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7467901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7467E1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1372] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74674BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84E6E1F8
Device \Driver\volmgr \Device\VolMgrControl 84E691F8
Device \Driver\usbuhci \Device\USBPDO-0 86F9D1F8
Device \Driver\usbuhci \Device\USBPDO-1 86F9D1F8
Device \Driver\ACPI_HAL \Device\00000052 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-2 86F9D1F8
Device \Driver\usbuhci \Device\USBPDO-3 86F9D1F8
Device \Driver\usbehci \Device\USBPDO-4 86F9E1F8

AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\volmgr \Device\HarddiskVolume1 84E691F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume2 84E691F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 869101F8
Device \Driver\iaStorV \Device\Ide\iaStor0 84E6B1F8
Device \Driver\atapi \Device\Ide\IdePort0 84E6C1F8
Device \Driver\iaStorV \Device\Ide\IAAStorageDevice-0 84E6B1F8
Device \Driver\iaStorV \Device\Ide\IAAStorageDevice-1 84E6B1F8
Device \Driver\volmgr \Device\HarddiskVolume3 84E691F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom1 869101F8
Device \Driver\volmgr \Device\HarddiskVolume4 84E691F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume5 84E691F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume6 84E691F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\NetBT \Device\NetBt_Wins_Export 86B301F8
Device \Driver\USBSTOR \Device\00000077 87AFE1F8
Device \Driver\USBSTOR \Device\00000079 87AFE1F8

AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBFDO-0 86F9D1F8
Device \Driver\USBSTOR \Device\0000007a 87AFE1F8
Device \Driver\usbuhci \Device\USBFDO-1 86F9D1F8
Device \Driver\USBSTOR \Device\0000007b 87AFE1F8
Device \Driver\usbuhci \Device\USBFDO-2 86F9D1F8
Device \Driver\USBSTOR \Device\0000007c 87AFE1F8
Device \Driver\usbuhci \Device\USBFDO-3 86F9D1F8
Device \Driver\usbehci \Device\USBFDO-4 86F9E1F8
Device \FileSystem\cdfs \Cdfs 87B391F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x34 0x5C 0xE7 0x53 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA4 0x15 0x68 0x3A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x89 0x52 0x06 0xA3 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x34 0x5C 0xE7 0x53 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA4 0x15 0x68 0x3A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x89 0x52 0x06 0xA3 ...

---- EOF - GMER 1.0.15 ----

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:37 PM

Posted 30 December 2011 - 01:16 PM

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 SportsGeek85

SportsGeek85
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 30 December 2011 - 01:46 PM

aswMBR Log


aswMBR version 0.9.9.1124 Copyright© 2011 AVAST Software
Run date: 2011-12-30 13:31:02
-----------------------------
13:31:02.327 OS Version: Windows 6.1.7601 Service Pack 1
13:31:02.327 Number of processors: 2 586 0xF02
13:31:02.330 ComputerName: HARI-PC UserName: Hari
13:31:05.064 Initialize success
13:31:51.086 AVAST engine defs: 11123000
13:32:33.402 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:32:33.406 Disk 0 Vendor: ST332082 3.CH Size: 305245MB BusType: 8
13:32:33.431 Disk 0 MBR read successfully
13:32:33.436 Disk 0 MBR scan
13:32:33.488 Disk 0 Windows 7 default MBR code
13:32:33.495 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 296198 MB offset 63
13:32:33.560 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 9044 MB offset 606614400
13:32:33.606 Disk 0 scanning sectors +625137345
13:32:33.679 Disk 0 scanning C:\Windows\system32\drivers
13:33:03.877 Service scanning
13:33:05.242 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
13:33:05.968 Modules scanning
13:33:14.798 Disk 0 trace - called modules:
13:33:14.827 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85d221f8]<<
13:33:14.839 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x867eb030]
13:33:14.849 3 CLASSPNP.SYS[8965459e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85d6b028]
13:33:14.860 \Driver\iaStorV[0x85d67c68] -> IRP_MJ_CREATE -> 0x85d221f8
13:33:15.778 AVAST engine scan C:\Windows
13:33:19.695 AVAST engine scan C:\Windows\system32
13:37:57.737 AVAST engine scan C:\Windows\system32\drivers
13:38:14.591 AVAST engine scan C:\Users\Hari
13:46:16.654 Disk 0 MBR has been saved successfully to "C:\Users\Hari\Desktop\MBR.dat"
13:46:16.672 The log file has been saved successfully to "C:\Users\Hari\Desktop\aswMBR.txt"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users