Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Persistent Serach Redirects


  • This topic is locked This topic is locked
24 replies to this topic

#1 Mockup

Mockup

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 10 April 2012 - 03:32 PM

Searches are consistently redirected to many different suspect sites. This happens in Google and Yahoo and in IE and Chrome. I have done a boot scan and a normal scan in Avast and scans in Malwarebytes. They have removed some threats but the problem persists. The machine is otherwise behaving normally as far as I can tell.

When I clicked on gmer.exe I got an error meassage consisting of a string of characters followed by "cannot create a stable subkey under a volatile parent key". I clicked OK and the Gmer interface came up with most of the boxes grayed out and uncheckable. I have posted the log I was able to generate.


Thanks in Advance.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by PM at 15:45:32 on 2012-04-10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3031.2132 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Broadcom\BPowMon\BPowMon.exe
C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe
C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\GFI\GFIBAC~1\GFIAgent.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.bing.com
uSearch Bar = hxxp://www.bing.com/sphome.aspx
uStart Page = hxxp://www.google.com/
mSearchAssistant = hxxp://www.bing.com/sphome.aspx
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [GFI Backup 2009 - Home Edition] "c:\progra~1\gfi\gfibac~1\GFIAgent.exe"
uRun: [Google Update] "c:\documents and settings\pm\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\DownloadPDF.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1276266379062
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=722
TCP: DhcpNameServer = 192.168.10.2 66.43.68.25 68.237.168.12
TCP: Interfaces\{27F6CE3F-7C82-443B-92D4-3A284DE2B57F} : NameServer = 8.8.8.8,4.2.2.2
TCP: Interfaces\{27F6CE3F-7C82-443B-92D4-3A284DE2B57F} : DhcpNameServer = 192.168.10.2 66.43.68.25 68.237.168.12
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-4-9 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-4-9 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-4-9 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-4-9 44768]
R2 BPowMon;Broadcom Power monitoring service;c:\program files\broadcom\bpowmon\BPowMon.exe [2009-8-17 79168]
R2 GFIBckHAtt;GFI Backup 2009 - Home Edition Attendant Service;c:\progra~1\gfi\gfibac~1\GFIHInst.exe [2010-6-11 590632]
R2 GFIBckHSched;GFI Backup 2009 - Home Edition Scheduler Service;c:\progra~1\gfi\gfibac~1\GFIHSC~1.EXE [2010-6-11 2324848]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-30 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-9-16 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-12-6 47640]
R3 k57w2k;Broadcom NetLink ™ Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [2010-5-20 213544]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2010-5-20 57248]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-5-20 1684736]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-25 14336]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2012-04-10 17:52:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-10 15:46:49 711240 ----a-w- c:\windows\isRS-000.tmp
2012-04-10 15:23:44 -------- d-----w- c:\documents and settings\pm\local settings\application data\Google
2012-04-09 14:49:48 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-09 14:49:28 41184 ----a-w- c:\windows\avastSS.scr
2012-04-09 14:49:15 -------- d-----w- c:\program files\AVAST Software
2012-04-09 14:49:15 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
.
==================== Find3M ====================
.
2012-04-10 17:52:18 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-07 14:09:02 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-07 14:09:01 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-02-07 14:09:01 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2012-02-07 14:09:01 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-02-03 09:26:17 1869184 ----a-w- c:\windows\system32\win32k.sys
2012-01-17 19:40:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 15:51:47.20 ===============


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-10 16:10:47
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\PM\LOCALS~1\Temp\uxtdypow.sys


---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\PM\Local Settings\Temporary Internet Files\Content.IE5\KHZDV8QD\ar_160_600[8].htm 807 bytes
File C:\Documents and Settings\PM\Local Settings\Temporary Internet Files\Content.IE5\KHZDV8QD\ar_728_90CAN0HFVQ.htm 805 bytes
File C:\Documents and Settings\PM\Local Settings\Temporary Internet Files\Content.IE5\KHZDV8QD\298841[1].html 0 bytes
File C:\Documents and Settings\PM\Local Settings\Temporary Internet Files\Content.IE5\KHZDV8QD\cm[1].gif 42 bytes
File C:\Documents and Settings\PM\Local Settings\Temporary Internet Files\Content.IE5\NUXL75HZ\PolandSpring_160x600_2011_2B[1].swf 40479 bytes
File C:\Documents and Settings\PM\Local Settings\Temporary Internet Files\Content.IE5\NUXL75HZ\298841[1].html 0 bytes
File C:\Documents and Settings\PM\Local Settings\Temporary Internet Files\Content.IE5\NUXL75HZ\img[3].gif 49 bytes
File C:\Documents and Settings\PM\Local Settings\Temporary Internet Files\Content.IE5\NUXL75HZ\text_group[11].php 0 bytes
File C:\Documents and Settings\PM\Local Settings\Temporary Internet Files\Content.IE5\PWLFSHY0\text_group[9].php 0 bytes
File C:\Documents and Settings\PM\Local Settings\Temporary Internet Files\Content.IE5\PWLFSHY0\AdDisplayTrackerServlet[1].htm 0 bytes
File C:\Documents and Settings\PM\Local Settings\Temporary Internet Files\Content.IE5\PWLFSHY0\isolate[2].html 694 bytes
File C:\Documents and Settings\PM\Local Settings\Temporary Internet Files\Content.IE5\PWLFSHY0\PA_NayaBubbles_728x90_120320_JD[1].swf 0 bytes
File C:\Documents and Settings\PM\Local Settings\Temporary Internet Files\Content.IE5\PWLFSHY0\pc[1] 43 bytes

---- EOF - GMER 1.0.15 ----

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:24 AM

Posted 11 April 2012 - 06:05 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Mockup

Mockup
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 11 April 2012 - 07:57 AM

Gringo-

Thank you for your prompt response.

This is a work computer that has some current projects on it. Because of the risk that the computer will not boot post-Combofix, I would like to wait until Friday afternoon my time to run Combofix. Please let me know if this is a problem; otherwise I will follow your instructions at that time and post the results.

One other note on the computer's behavior: .png images do not display in IE (for example, I can't see Google's logo). I thought this had to do with security settings in IE, but I have not found any way to fix it and I suspect it has to do with the infection.

Regards,

Mockup

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:24 AM

Posted 11 April 2012 - 08:28 AM

Hello

No problem and since this is a work computer it would be a very good idea to backup anything that cannot be lost just for safeties sake



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Mockup

Mockup
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 13 April 2012 - 07:28 PM

Gringo-

I downloaded and ran Combofix. It completed Stage 25 and then I got a blue screen that said "A problem has been detected and Windows has been shut down to prevent damage to your computer. Plug and play detected an error most likely caused by a faulty driver".

I rebooted manually and the behavior of the machine is unchanged. Search results of Google and Yahoo are redirected to a variety of suspect sites and IE cannot see .png images while .jpgs and others are displayed. As before, the machine otherwise behaves normally.

Next steps?

Regards,

Mockup

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:24 AM

Posted 13 April 2012 - 08:40 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Mockup

Mockup
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 14 April 2012 - 12:56 PM

Gringo-

Neither TDSSkiller nor aswMBR will run. When I double click on the icons nothing happens. I renamed both (Mockup and Mockup2 respectively), this had no effect.

Regards,

Mockup

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:24 AM

Posted 14 April 2012 - 03:36 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Mockup

Mockup
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 14 April 2012 - 08:05 PM

Gringo-

fixTDSS ran. It said it found an MBR problem and asked me if I wanted to clean it. I said yes and it told me to reboot. On rboot the search redirects are gone. My wallpaper has changed to a blue background and IE still cannot see .png images. I ran TDSKiller after the reboot. The TDSKiller interface showed a blank after it ran but I found the log on the C drive. The log is pasted below.

20:50:05.0500 3232 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
20:50:05.0718 3232 ============================================================
20:50:05.0718 3232 Current date / time: 2012/04/14 20:50:05.0718
20:50:05.0718 3232 SystemInfo:
20:50:05.0718 3232
20:50:05.0718 3232 OS Version: 5.1.2600 ServicePack: 3.0
20:50:05.0718 3232 Product type: Workstation
20:50:05.0718 3232 ComputerName: VOSTRO430
20:50:05.0718 3232 UserName: PM
20:50:05.0718 3232 Windows directory: C:\WINDOWS
20:50:05.0718 3232 System windows directory: C:\WINDOWS
20:50:05.0718 3232 Processor architecture: Intel x86
20:50:05.0718 3232 Number of processors: 4
20:50:05.0718 3232 Page size: 0x1000
20:50:05.0718 3232 Boot type: Normal boot
20:50:05.0718 3232 ============================================================
20:50:06.0390 3232 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:50:06.0390 3232 Drive \Device\Harddisk1\DR3 - Size: 0x1D1BF100000 (1862.99 Gb), SectorSize: 0x200, Cylinders: 0x3B5FD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:50:06.0390 3232 \Device\Harddisk0\DR0:
20:50:06.0390 3232 MBR used
20:50:06.0390 3232 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D1915B4
20:50:06.0390 3232 \Device\Harddisk1\DR3:
20:50:06.0390 3232 MBR used
20:50:06.0390 3232 \Device\Harddisk1\DR3\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8DF8000
20:50:06.0453 3232 Initialize success
20:50:06.0453 3232 ============================================================
20:50:09.0468 3940 ============================================================
20:50:09.0468 3940 Scan started
20:50:09.0468 3940 Mode: Manual;
20:50:09.0468 3940 ============================================================
20:50:09.0812 3940 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
20:50:09.0812 3940 Aavmker4 - ok
20:50:09.0828 3940 Abiosdsk - ok
20:50:09.0890 3940 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
20:50:09.0906 3940 abp480n5 - ok
20:50:09.0953 3940 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:50:09.0953 3940 ACPI - ok
20:50:10.0062 3940 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:50:10.0062 3940 ACPIEC - ok
20:50:10.0265 3940 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
20:50:10.0265 3940 adpu160m - ok
20:50:10.0312 3940 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:50:10.0312 3940 aec - ok
20:50:10.0359 3940 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:50:10.0359 3940 AFD - ok
20:50:10.0406 3940 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
20:50:10.0406 3940 agp440 - ok
20:50:10.0406 3940 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
20:50:10.0406 3940 agpCPQ - ok
20:50:10.0437 3940 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
20:50:10.0437 3940 Aha154x - ok
20:50:10.0453 3940 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
20:50:10.0453 3940 aic78u2 - ok
20:50:10.0453 3940 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
20:50:10.0453 3940 aic78xx - ok
20:50:10.0500 3940 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
20:50:10.0500 3940 Alerter - ok
20:50:10.0531 3940 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
20:50:10.0531 3940 ALG - ok
20:50:10.0531 3940 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
20:50:10.0531 3940 AliIde - ok
20:50:10.0546 3940 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
20:50:10.0546 3940 alim1541 - ok
20:50:10.0625 3940 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
20:50:10.0703 3940 Ambfilt - ok
20:50:10.0828 3940 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
20:50:10.0828 3940 amdagp - ok
20:50:10.0843 3940 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
20:50:10.0843 3940 amsint - ok
20:50:10.0875 3940 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
20:50:10.0890 3940 AppMgmt - ok
20:50:10.0890 3940 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
20:50:10.0890 3940 asc - ok
20:50:10.0906 3940 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
20:50:10.0906 3940 asc3350p - ok
20:50:10.0921 3940 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
20:50:10.0921 3940 asc3550 - ok
20:50:10.0984 3940 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:50:11.0015 3940 aspnet_state - ok
20:50:11.0078 3940 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
20:50:11.0093 3940 aswFsBlk - ok
20:50:11.0140 3940 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
20:50:11.0140 3940 aswMon2 - ok
20:50:11.0156 3940 AswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\AswRdr.sys
20:50:11.0156 3940 AswRdr - ok
20:50:11.0187 3940 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
20:50:11.0203 3940 aswSnx - ok
20:50:11.0250 3940 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
20:50:11.0250 3940 aswSP - ok
20:50:11.0265 3940 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
20:50:11.0265 3940 aswTdi - ok
20:50:11.0312 3940 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:50:11.0312 3940 AsyncMac - ok
20:50:11.0343 3940 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:50:11.0343 3940 atapi - ok
20:50:11.0343 3940 Atdisk - ok
20:50:11.0390 3940 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:50:11.0390 3940 Atmarpc - ok
20:50:11.0437 3940 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
20:50:11.0437 3940 AudioSrv - ok
20:50:11.0468 3940 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:50:11.0468 3940 audstub - ok
20:50:11.0546 3940 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
20:50:11.0546 3940 avast! Antivirus - ok
20:50:11.0593 3940 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:50:11.0593 3940 Beep - ok
20:50:11.0640 3940 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
20:50:11.0718 3940 BITS - ok
20:50:11.0796 3940 BPowMon (104c980400850ea84f86cd31ae2eeece) C:\Program Files\Broadcom\BPowMon\BPowMon.exe
20:50:11.0796 3940 BPowMon - ok
20:50:11.0906 3940 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
20:50:11.0921 3940 Browser - ok
20:50:12.0031 3940 catchme - ok
20:50:12.0093 3940 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
20:50:12.0093 3940 cbidf - ok
20:50:12.0109 3940 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:50:12.0109 3940 cbidf2k - ok
20:50:12.0125 3940 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
20:50:12.0125 3940 cd20xrnt - ok
20:50:12.0140 3940 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:50:12.0140 3940 Cdaudio - ok
20:50:12.0156 3940 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:50:12.0171 3940 Cdfs - ok
20:50:12.0218 3940 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:50:12.0218 3940 Cdrom - ok
20:50:12.0218 3940 Changer - ok
20:50:12.0265 3940 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
20:50:12.0265 3940 CiSvc - ok
20:50:12.0281 3940 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
20:50:12.0281 3940 ClipSrv - ok
20:50:12.0359 3940 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:50:12.0390 3940 clr_optimization_v2.0.50727_32 - ok
20:50:12.0468 3940 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
20:50:12.0468 3940 CmdIde - ok
20:50:12.0484 3940 COMSysApp - ok
20:50:12.0546 3940 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
20:50:12.0546 3940 Cpqarray - ok
20:50:12.0578 3940 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
20:50:12.0578 3940 CryptSvc - ok
20:50:12.0593 3940 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
20:50:12.0593 3940 dac2w2k - ok
20:50:12.0609 3940 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
20:50:12.0609 3940 dac960nt - ok
20:50:12.0656 3940 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:50:12.0687 3940 DcomLaunch - ok
20:50:12.0718 3940 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
20:50:12.0718 3940 Dhcp - ok
20:50:12.0812 3940 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:50:12.0812 3940 Disk - ok
20:50:12.0812 3940 dmadmin - ok
20:50:12.0875 3940 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:50:12.0890 3940 dmboot - ok
20:50:12.0906 3940 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:50:12.0906 3940 dmio - ok
20:50:12.0921 3940 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:50:12.0921 3940 dmload - ok
20:50:12.0953 3940 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
20:50:12.0953 3940 dmserver - ok
20:50:13.0000 3940 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:50:13.0000 3940 DMusic - ok
20:50:13.0031 3940 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
20:50:13.0046 3940 Dnscache - ok
20:50:13.0078 3940 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
20:50:13.0078 3940 Dot3svc - ok
20:50:13.0109 3940 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
20:50:13.0125 3940 Dot4 - ok
20:50:13.0140 3940 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
20:50:13.0156 3940 Dot4Print - ok
20:50:13.0171 3940 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
20:50:13.0171 3940 dot4usb - ok
20:50:13.0234 3940 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
20:50:13.0234 3940 dpti2o - ok
20:50:13.0281 3940 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:50:13.0281 3940 drmkaud - ok
20:50:13.0328 3940 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
20:50:13.0328 3940 EapHost - ok
20:50:13.0343 3940 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
20:50:13.0359 3940 ERSvc - ok
20:50:13.0406 3940 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:50:13.0421 3940 Eventlog - ok
20:50:13.0421 3940 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
20:50:13.0437 3940 EventSystem - ok
20:50:13.0453 3940 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:50:13.0453 3940 Fastfat - ok
20:50:13.0484 3940 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:50:13.0500 3940 FastUserSwitchingCompatibility - ok
20:50:13.0531 3940 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
20:50:13.0546 3940 Fax - ok
20:50:13.0593 3940 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:50:13.0593 3940 Fdc - ok
20:50:13.0640 3940 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:50:13.0640 3940 Fips - ok
20:50:13.0656 3940 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:50:13.0656 3940 Flpydisk - ok
20:50:13.0687 3940 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
20:50:13.0687 3940 FltMgr - ok
20:50:13.0781 3940 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:50:13.0781 3940 FontCache3.0.0.0 - ok
20:50:13.0796 3940 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:50:13.0796 3940 Fs_Rec - ok
20:50:13.0828 3940 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:50:13.0828 3940 Ftdisk - ok
20:50:13.0953 3940 GFIBckHAtt (263988d8ae9bd211bb5f17d5aad6885f) C:\PROGRA~1\GFI\GFIBAC~1\GFIHInst.exe
20:50:13.0953 3940 GFIBckHAtt - ok
20:50:14.0046 3940 GFIBckHSched (e95911bd88ef967125724428772fddd8) C:\PROGRA~1\GFI\GFIBAC~1\GFIHSC~1.EXE
20:50:14.0078 3940 GFIBckHSched - ok
20:50:14.0109 3940 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:50:14.0109 3940 Gpc - ok
20:50:14.0125 3940 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:50:14.0125 3940 HDAudBus - ok
20:50:14.0156 3940 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\WINDOWS\system32\DRIVERS\HECI.sys
20:50:14.0156 3940 HECI - ok
20:50:14.0218 3940 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:50:14.0218 3940 helpsvc - ok
20:50:14.0250 3940 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
20:50:14.0250 3940 HidServ - ok
20:50:14.0265 3940 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:50:14.0281 3940 hidusb - ok
20:50:14.0312 3940 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
20:50:14.0312 3940 hkmsvc - ok
20:50:14.0359 3940 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
20:50:14.0359 3940 hpn - ok
20:50:14.0406 3940 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:50:14.0406 3940 HTTP - ok
20:50:14.0437 3940 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
20:50:14.0453 3940 HTTPFilter - ok
20:50:14.0468 3940 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
20:50:14.0484 3940 i2omgmt - ok
20:50:14.0484 3940 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
20:50:14.0484 3940 i2omp - ok
20:50:14.0546 3940 iaStor (d5edb998656e6ecf1a17c78dab019a3c) C:\WINDOWS\system32\drivers\iaStor.sys
20:50:14.0546 3940 iaStor - ok
20:50:14.0640 3940 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:50:14.0671 3940 idsvc - ok
20:50:14.0703 3940 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:50:14.0703 3940 Imapi - ok
20:50:14.0750 3940 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
20:50:14.0765 3940 ImapiService - ok
20:50:14.0781 3940 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
20:50:14.0781 3940 ini910u - ok
20:50:14.0984 3940 IntcAzAudAddService (e8656858d8b2da7c9cf59fb4e5ce32ed) C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:50:15.0000 3940 IntcAzAudAddService - ok
20:50:15.0015 3940 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:50:15.0015 3940 IntelIde - ok
20:50:15.0046 3940 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:50:15.0046 3940 intelppm - ok
20:50:15.0062 3940 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
20:50:15.0062 3940 Ip6Fw - ok
20:50:15.0062 3940 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:50:15.0062 3940 IpFilterDriver - ok
20:50:15.0078 3940 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:50:15.0078 3940 IpInIp - ok
20:50:15.0109 3940 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:50:15.0109 3940 IpNat - ok
20:50:15.0140 3940 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:50:15.0140 3940 IPSec - ok
20:50:15.0140 3940 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:50:15.0140 3940 IRENUM - ok
20:50:15.0187 3940 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:50:15.0187 3940 isapnp - ok
20:50:15.0312 3940 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
20:50:15.0312 3940 JavaQuickStarterService - ok
20:50:15.0343 3940 k57w2k (25f6915a8e38cd57d1c3d8ec662037be) C:\WINDOWS\system32\DRIVERS\k57xp32.sys
20:50:15.0359 3940 k57w2k - ok
20:50:15.0359 3940 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:50:15.0359 3940 Kbdclass - ok
20:50:15.0375 3940 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:50:15.0375 3940 kbdhid - ok
20:50:15.0421 3940 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:50:15.0421 3940 kmixer - ok
20:50:15.0468 3940 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:50:15.0468 3940 KSecDD - ok
20:50:15.0500 3940 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
20:50:15.0515 3940 LanmanServer - ok
20:50:15.0562 3940 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
20:50:15.0578 3940 lanmanworkstation - ok
20:50:15.0593 3940 lbrtfdc - ok
20:50:15.0640 3940 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
20:50:15.0640 3940 LmHosts - ok
20:50:15.0734 3940 LMIGuardianSvc (2375e7e01635fbccde2f796a9e078e07) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
20:50:15.0734 3940 LMIGuardianSvc - ok
20:50:15.0765 3940 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
20:50:15.0765 3940 LMIInfo - ok
20:50:15.0781 3940 LMIMaint (b9c127273eaba403311854a8dcb6d0aa) C:\Program Files\LogMeIn\x86\RaMaint.exe
20:50:15.0781 3940 LMIMaint - ok
20:50:15.0796 3940 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
20:50:15.0796 3940 lmimirr - ok
20:50:15.0812 3940 LMIRfsClientNP - ok
20:50:15.0859 3940 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
20:50:15.0859 3940 LMIRfsDriver - ok
20:50:15.0906 3940 LogMeIn (432618fa75b61059d2c57d6a7e55147a) C:\Program Files\LogMeIn\x86\LogMeIn.exe
20:50:15.0906 3940 LogMeIn - ok
20:50:15.0937 3940 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
20:50:15.0953 3940 Messenger - ok
20:50:16.0000 3940 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:50:16.0000 3940 mnmdd - ok
20:50:16.0031 3940 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
20:50:16.0031 3940 mnmsrvc - ok
20:50:16.0062 3940 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:50:16.0062 3940 Modem - ok
20:50:16.0140 3940 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
20:50:16.0187 3940 Monfilt - ok
20:50:16.0203 3940 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:50:16.0203 3940 Mouclass - ok
20:50:16.0218 3940 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:50:16.0218 3940 mouhid - ok
20:50:16.0234 3940 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:50:16.0250 3940 MountMgr - ok
20:50:16.0250 3940 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
20:50:16.0250 3940 mraid35x - ok
20:50:16.0265 3940 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:50:16.0265 3940 MRxDAV - ok
20:50:16.0328 3940 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:50:16.0343 3940 MRxSmb - ok
20:50:16.0375 3940 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
20:50:16.0390 3940 MSDTC - ok
20:50:16.0390 3940 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:50:16.0406 3940 Msfs - ok
20:50:16.0406 3940 MSIServer - ok
20:50:16.0437 3940 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:50:16.0437 3940 MSKSSRV - ok
20:50:16.0453 3940 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:50:16.0453 3940 MSPCLOCK - ok
20:50:16.0468 3940 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:50:16.0468 3940 MSPQM - ok
20:50:16.0500 3940 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:50:16.0500 3940 mssmbios - ok
20:50:16.0515 3940 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:50:16.0515 3940 Mup - ok
20:50:16.0546 3940 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
20:50:16.0578 3940 napagent - ok
20:50:16.0609 3940 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:50:16.0609 3940 NDIS - ok
20:50:16.0656 3940 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:50:16.0656 3940 NdisTapi - ok
20:50:16.0671 3940 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:50:16.0687 3940 Ndisuio - ok
20:50:16.0687 3940 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:50:16.0687 3940 NdisWan - ok
20:50:16.0734 3940 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:50:16.0734 3940 NDProxy - ok
20:50:16.0750 3940 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:50:16.0765 3940 NetBIOS - ok
20:50:16.0781 3940 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:50:16.0781 3940 NetBT - ok
20:50:16.0812 3940 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:50:16.0828 3940 NetDDE - ok
20:50:16.0828 3940 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:50:16.0828 3940 NetDDEdsdm - ok
20:50:16.0859 3940 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:50:16.0875 3940 Netlogon - ok
20:50:16.0890 3940 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
20:50:16.0906 3940 Netman - ok
20:50:17.0000 3940 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:50:17.0015 3940 NetTcpPortSharing - ok
20:50:17.0046 3940 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
20:50:17.0062 3940 Nla - ok
20:50:17.0156 3940 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:50:17.0156 3940 Npfs - ok
20:50:17.0203 3940 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:50:17.0218 3940 Ntfs - ok
20:50:17.0250 3940 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:50:17.0265 3940 NtLmSsp - ok
20:50:17.0312 3940 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
20:50:17.0328 3940 NtmsSvc - ok
20:50:17.0343 3940 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:50:17.0359 3940 Null - ok
20:50:17.0562 3940 nv (1d58f3da3f47b45332ecfaff5df1691e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:50:17.0718 3940 nv - ok
20:50:17.0750 3940 NVHDA (cf68bcac297b4c98c1d25b81e4011de4) C:\WINDOWS\system32\drivers\nvhda32.sys
20:50:17.0750 3940 NVHDA - ok
20:50:17.0781 3940 nvsvc (b28b7775d227fd655b83b2c4c6a406f4) C:\WINDOWS\system32\nvsvc32.exe
20:50:17.0796 3940 nvsvc - ok
20:50:17.0812 3940 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:50:17.0812 3940 NwlnkFlt - ok
20:50:17.0828 3940 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:50:17.0828 3940 NwlnkFwd - ok
20:50:17.0937 3940 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:50:17.0953 3940 odserv - ok
20:50:18.0000 3940 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:50:18.0000 3940 ose - ok
20:50:18.0031 3940 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
20:50:18.0031 3940 Parport - ok
20:50:18.0062 3940 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:50:18.0062 3940 PartMgr - ok
20:50:18.0078 3940 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:50:18.0078 3940 ParVdm - ok
20:50:18.0093 3940 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:50:18.0093 3940 PCI - ok
20:50:18.0093 3940 PCIDump - ok
20:50:18.0109 3940 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:50:18.0109 3940 PCIIde - ok
20:50:18.0125 3940 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:50:18.0125 3940 Pcmcia - ok
20:50:18.0140 3940 PDCOMP - ok
20:50:18.0156 3940 PDFRAME - ok
20:50:18.0156 3940 PDRELI - ok
20:50:18.0171 3940 PDRFRAME - ok
20:50:18.0187 3940 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
20:50:18.0187 3940 perc2 - ok
20:50:18.0203 3940 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
20:50:18.0203 3940 perc2hib - ok
20:50:18.0296 3940 PEVSystemStart (f042ee4c8d66248d9b86dcf52abae416) C:\ComboFix\pev.3XE
20:50:18.0328 3940 PEVSystemStart - ok
20:50:18.0359 3940 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:50:18.0359 3940 PlugPlay - ok
20:50:18.0406 3940 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:50:18.0406 3940 PolicyAgent - ok
20:50:18.0468 3940 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:50:18.0484 3940 PptpMiniport - ok
20:50:18.0484 3940 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:50:18.0500 3940 ProtectedStorage - ok
20:50:18.0515 3940 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:50:18.0515 3940 PSched - ok
20:50:18.0531 3940 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:50:18.0531 3940 Ptilink - ok
20:50:18.0562 3940 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:50:18.0562 3940 PxHelp20 - ok
20:50:18.0593 3940 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
20:50:18.0593 3940 ql1080 - ok
20:50:18.0625 3940 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
20:50:18.0625 3940 Ql10wnt - ok
20:50:18.0640 3940 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
20:50:18.0640 3940 ql12160 - ok
20:50:18.0656 3940 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
20:50:18.0656 3940 ql1240 - ok
20:50:18.0671 3940 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
20:50:18.0671 3940 ql1280 - ok
20:50:18.0687 3940 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:50:18.0703 3940 RasAcd - ok
20:50:18.0734 3940 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
20:50:18.0750 3940 RasAuto - ok
20:50:18.0765 3940 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:50:18.0781 3940 Rasl2tp - ok
20:50:18.0796 3940 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
20:50:18.0812 3940 RasMan - ok
20:50:18.0843 3940 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:50:18.0843 3940 RasPppoe - ok
20:50:18.0875 3940 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:50:18.0875 3940 Raspti - ok
20:50:18.0906 3940 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:50:18.0906 3940 Rdbss - ok
20:50:18.0921 3940 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:50:18.0921 3940 RDPCDD - ok
20:50:18.0937 3940 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:50:18.0953 3940 rdpdr - ok
20:50:18.0984 3940 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
20:50:19.0000 3940 RDPWD - ok
20:50:19.0031 3940 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
20:50:19.0046 3940 RDSessMgr - ok
20:50:19.0078 3940 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:50:19.0078 3940 redbook - ok
20:50:19.0109 3940 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
20:50:19.0109 3940 RemoteAccess - ok
20:50:19.0140 3940 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
20:50:19.0156 3940 RemoteRegistry - ok
20:50:19.0187 3940 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
20:50:19.0187 3940 RpcLocator - ok
20:50:19.0218 3940 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:50:19.0234 3940 RpcSs - ok
20:50:19.0250 3940 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
20:50:19.0265 3940 RSVP - ok
20:50:19.0296 3940 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:50:19.0296 3940 SamSs - ok
20:50:19.0328 3940 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
20:50:19.0343 3940 SCardSvr - ok
20:50:19.0359 3940 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
20:50:19.0390 3940 Schedule - ok
20:50:19.0500 3940 SeaPort (d358e077a0a05d9b12da22d137ee8464) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
20:50:19.0515 3940 SeaPort - ok
20:50:19.0578 3940 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:50:19.0593 3940 Secdrv - ok
20:50:19.0609 3940 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
20:50:19.0609 3940 seclogon - ok
20:50:19.0625 3940 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
20:50:19.0625 3940 SENS - ok
20:50:19.0656 3940 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:50:19.0656 3940 Serenum - ok
20:50:19.0703 3940 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:50:19.0703 3940 Serial - ok
20:50:19.0718 3940 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:50:19.0734 3940 Sfloppy - ok
20:50:19.0781 3940 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
20:50:19.0796 3940 SharedAccess - ok
20:50:19.0828 3940 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:50:19.0843 3940 ShellHWDetection - ok
20:50:19.0859 3940 Simbad - ok
20:50:19.0875 3940 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
20:50:19.0875 3940 sisagp - ok
20:50:19.0906 3940 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
20:50:19.0906 3940 Sparrow - ok
20:50:19.0953 3940 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:50:19.0953 3940 splitter - ok
20:50:20.0000 3940 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
20:50:20.0015 3940 Spooler - ok
20:50:20.0046 3940 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:50:20.0046 3940 sr - ok
20:50:20.0109 3940 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
20:50:20.0125 3940 srservice - ok
20:50:20.0140 3940 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:50:20.0156 3940 Srv - ok
20:50:20.0187 3940 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
20:50:20.0187 3940 SSDPSRV - ok
20:50:20.0234 3940 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
20:50:20.0265 3940 stisvc - ok
20:50:20.0343 3940 stllssvr (e476c66713c842f58e61a95826ed1d57) c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
20:50:20.0343 3940 stllssvr - ok
20:50:20.0390 3940 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:50:20.0390 3940 swenum - ok
20:50:20.0437 3940 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:50:20.0437 3940 swmidi - ok
20:50:20.0437 3940 SwPrv - ok
20:50:20.0468 3940 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
20:50:20.0468 3940 symc810 - ok
20:50:20.0484 3940 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
20:50:20.0484 3940 symc8xx - ok
20:50:20.0500 3940 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
20:50:20.0500 3940 sym_hi - ok
20:50:20.0515 3940 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
20:50:20.0515 3940 sym_u3 - ok
20:50:20.0546 3940 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:50:20.0562 3940 sysaudio - ok
20:50:20.0593 3940 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
20:50:20.0609 3940 SysmonLog - ok
20:50:20.0625 3940 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
20:50:20.0640 3940 TapiSrv - ok
20:50:20.0703 3940 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:50:20.0718 3940 Tcpip - ok
20:50:20.0734 3940 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:50:20.0734 3940 TDPIPE - ok
20:50:20.0750 3940 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:50:20.0750 3940 TDTCP - ok
20:50:20.0765 3940 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:50:20.0781 3940 TermDD - ok
20:50:20.0796 3940 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
20:50:20.0812 3940 TermService - ok
20:50:20.0859 3940 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:50:20.0859 3940 Themes - ok
20:50:20.0890 3940 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
20:50:20.0906 3940 TlntSvr - ok
20:50:20.0953 3940 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
20:50:20.0953 3940 TosIde - ok
20:50:20.0984 3940 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
20:50:20.0984 3940 TrkWks - ok
20:50:21.0000 3940 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:50:21.0015 3940 Udfs - ok
20:50:21.0015 3940 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
20:50:21.0015 3940 ultra - ok
20:50:21.0046 3940 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:50:21.0046 3940 Update - ok
20:50:21.0078 3940 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
20:50:21.0093 3940 upnphost - ok
20:50:21.0125 3940 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
20:50:21.0140 3940 UPS - ok
20:50:21.0156 3940 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:50:21.0156 3940 usbccgp - ok
20:50:21.0203 3940 usbehci (4bac8df07f1d8434fc640e677a62204e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:50:21.0203 3940 usbehci - ok
20:50:21.0218 3940 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:50:21.0218 3940 usbhub - ok
20:50:21.0265 3940 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:50:21.0265 3940 USBSTOR - ok
20:50:21.0296 3940 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:50:21.0296 3940 usbuhci - ok
20:50:21.0328 3940 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:50:21.0328 3940 VgaSave - ok
20:50:21.0343 3940 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
20:50:21.0343 3940 viaagp - ok
20:50:21.0359 3940 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
20:50:21.0359 3940 ViaIde - ok
20:50:21.0375 3940 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:50:21.0375 3940 VolSnap - ok
20:50:21.0437 3940 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
20:50:21.0468 3940 VSS - ok
20:50:21.0484 3940 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
20:50:21.0500 3940 w32time - ok
20:50:21.0515 3940 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:50:21.0515 3940 Wanarp - ok
20:50:21.0531 3940 WDICA - ok
20:50:21.0578 3940 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:50:21.0578 3940 wdmaud - ok
20:50:21.0609 3940 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
20:50:21.0609 3940 WebClient - ok
20:50:21.0703 3940 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:50:21.0703 3940 winmgmt - ok
20:50:21.0765 3940 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
20:50:21.0812 3940 WinRM - ok
20:50:21.0843 3940 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
20:50:21.0843 3940 WmdmPmSN - ok
20:50:21.0890 3940 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
20:50:21.0906 3940 Wmi - ok
20:50:21.0984 3940 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
20:50:21.0984 3940 WmiAcpi - ok
20:50:22.0062 3940 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:50:22.0062 3940 WmiApSrv - ok
20:50:22.0156 3940 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
20:50:22.0187 3940 WMPNetworkSvc - ok
20:50:22.0250 3940 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:50:22.0250 3940 WS2IFSL - ok
20:50:22.0312 3940 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
20:50:22.0328 3940 wscsvc - ok
20:50:22.0328 3940 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
20:50:22.0343 3940 wuauserv - ok
20:50:22.0390 3940 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:50:22.0390 3940 WudfPf - ok
20:50:22.0406 3940 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:50:22.0421 3940 WudfRd - ok
20:50:22.0437 3940 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
20:50:22.0453 3940 WudfSvc - ok
20:50:22.0484 3940 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
20:50:22.0515 3940 WZCSVC - ok
20:50:22.0546 3940 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
20:50:22.0562 3940 xmlprov - ok
20:50:22.0578 3940 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
20:50:22.0640 3940 \Device\Harddisk0\DR0 - ok
20:50:22.0640 3940 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR3
20:50:22.0656 3940 \Device\Harddisk1\DR3 - ok
20:50:22.0656 3940 Boot (0x1200) (7b4cca0f7e1c36b0fcc9bba4e07c7e64) \Device\Harddisk0\DR0\Partition0
20:50:22.0656 3940 \Device\Harddisk0\DR0\Partition0 - ok
20:50:22.0656 3940 Boot (0x1200) (97793c6ebe782489632be676e2c9be30) \Device\Harddisk1\DR3\Partition0
20:50:22.0656 3940 \Device\Harddisk1\DR3\Partition0 - ok
20:50:22.0656 3940 ============================================================
20:50:22.0656 3940 Scan finished
20:50:22.0656 3940 ============================================================
20:50:22.0671 3756 Detected object count: 0
20:50:22.0671 3756 Actual detected object count: 0

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:24 AM

Posted 14 April 2012 - 08:13 PM

I want you to try and run combofix now for me


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Mockup

Mockup
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 14 April 2012 - 08:34 PM

Combofix ran. Search redirects are still gone. IE still cannot see .png files.

Combofix was looking for a file and said something like "cannot find". Log pasted below.

Regards,

Mockup

ComboFix 12-04-14.03 - PM 04/14/2012 21:19:32.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3031.2493 [GMT -4:00]
Running from: c:\documents and settings\PM\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2012-03-15 to 2012-04-15 )))))))))))))))))))))))))))))))
.
.
2012-04-10 17:52 . 2012-04-10 17:52 -------- d-----w- c:\program files\Common Files\Java
2012-04-10 17:52 . 2012-04-10 17:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-10 15:23 . 2012-04-10 15:26 -------- d-----w- c:\documents and settings\PM\Local Settings\Application Data\Google
2012-04-09 14:49 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-04-09 14:49 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-04-09 14:49 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-09 14:49 . 2012-03-06 23:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-04-09 14:49 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-04-09 14:49 . 2012-03-06 23:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-04-09 14:49 . 2012-03-06 23:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-04-09 14:49 . 2012-03-06 22:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-04-09 14:49 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-04-09 14:49 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-09 14:49 . 2012-04-09 14:49 -------- d-----w- c:\program files\AVAST Software
2012-04-09 14:49 . 2012-04-09 14:49 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-10 17:52 . 2010-06-11 15:45 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 19:56 . 2011-05-12 20:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-07 14:09 . 2011-12-06 14:07 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-07 14:09 . 2011-12-06 14:07 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-02-07 14:09 . 2011-12-06 14:07 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-02-07 14:09 . 2011-12-06 14:07 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-02-03 09:26 . 2008-04-25 16:16 1869184 ----a-w- c:\windows\system32\win32k.sys
2012-01-17 19:40 . 2012-01-17 19:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GFI Backup 2009 - Home Edition"="c:\progra~1\GFI\GFIBAC~1\GFIAgent.exe" [2010-09-20 2195824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-14 18702336]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-25 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-25 13918208]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2010-01-07 140520]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-02-07 14:09 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/9/2012 10:49 AM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/9/2012 10:49 AM 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/9/2012 10:49 AM 20696]
R2 BPowMon;Broadcom Power monitoring service;c:\program files\Broadcom\BPowMon\BPowMon.exe [8/17/2009 5:40 PM 79168]
R2 GFIBckHAtt;GFI Backup 2009 - Home Edition Attendant Service;c:\progra~1\GFI\GFIBAC~1\GFIHInst.exe [6/11/2010 2:47 PM 590632]
R2 GFIBckHSched;GFI Backup 2009 - Home Edition Scheduler Service;c:\progra~1\GFI\GFIBAC~1\GFIHSC~1.EXE [6/11/2010 2:47 PM 2324848]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/30/2010 10:38 AM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/16/2011 4:10 PM 12856]
R3 k57w2k;Broadcom NetLink ™ Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [5/20/2010 7:22 PM 213544]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [5/20/2010 7:22 PM 57248]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5/20/2010 7:22 PM 1684736]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/25/2008 12:16 PM 14336]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 44511862
*Deregistered* - 44511862
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1407608034-2981978901-831013863-1008Core.job
- c:\documents and settings\PM\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-10 15:23]
.
2012-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1407608034-2981978901-831013863-1008UA.job
- c:\documents and settings\PM\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-10 15:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 192.168.10.2 66.43.68.25 68.237.168.12
TCP: Interfaces\{27F6CE3F-7C82-443B-92D4-3A284DE2B57F}: NameServer = 8.8.8.8,4.2.2.2
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-nwiz - c:\program files\NVIDIA Corporation\nView\nwiz.exe
AddRemove-NVIDIA nView Desktop Manager - c:\program files\NVIDIA Corporation\nView\nViewSetup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-14 21:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\docume~1\PM\LOCALS~1\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(3436)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-04-14 21:24:55
ComboFix-quarantined-files.txt 2012-04-15 01:24
.
Pre-Run: 211,866,284,032 bytes free
Post-Run: 212,065,292,288 bytes free
.
- - End Of File - - F72647A8ED43AC41E9326A8393C32A8D

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:24 AM

Posted 14 April 2012 - 08:49 PM

Hello


I want you to go here and push the fixit button and see if it fixes ie - http://support.microsoft.com/kb/923737
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Mockup

Mockup
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 14 April 2012 - 09:07 PM

Gringo-

I pushed the fixit button and allowed it to download and run. Still no .png images. Search redirects are still gone.

Regards,

Mockup

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:24 AM

Posted 14 April 2012 - 09:17 PM

Download PNG_Fix.zip and save it to the Desktop.
Unzip and extract the two files (pngasso_xp.reg and pngasso_vista.reg) to the Desktop.
If you're using Windows XP, right-click pngasso_xp.reg and choose Merge. If you're using Windows Vista, right-click pngasso_vista.reg and choose Merge. Click Yes to confirm the merge operation. Additionally, in Windows Vista, you'll have to click Continue when you see the User Account Control elevation dialog.
Note: The .REG files above should fix the file association and MIME settings for .PNG file types. File paths in the .REG files are hardcoded for C:\. If you have installed Windows in a different location than C:\, you'll need to edit the REG file(s) using Notepad and update the drive-letter and/or the Path accordingly.

Edited by gringo_pr, 14 April 2012 - 09:17 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Mockup

Mockup
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 14 April 2012 - 09:35 PM

Gringo-

I downloaded pngfix and told it to merge on right click. .png images are now appearing in IE (including on Bleeping).

Thank You.

I am going to bed now and will not respond until the morning.

Regards,

Mockup




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users