0

Hi, I have been referred here by a good friend of mine. I hope you can help

I have an annoying problem with my browser (Chrome, Firefox, Explorer) redirecting to random sites and more often than not to a blank page. but Yesterday I started having problems with my wireless internet connection being unable to find the router, then finding it, then losing it again, to the point where I had to switch over to my desk top, which worked fine with wireless through the same router. I'm not sure if they are connected incidents or not? I followed your pre post advice and after rebooting my laptop now seems fine again, insomuch as I can now connect to the internet without it constantly searching. But the redirects are still happening. I have previously done several scans with Spyware Doctor and Malware bytes and found nothing. I'm running windows XP SP3 on a dell inspiron6400.


a massive thank you in advance.

Cosmonaut


1) Mbam-m
2) GMER....I forgot to save the first log file d'oh not sure how important that is, but the second file is from a 5hour scan? apologies if this messes things up.
3) DDS dds.txt and attach.txt
4) Hi jack This (not sure if Im supposed to post this first?)


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

19/08/2010 16:51:39
mbam-log-2010-08-19 (16-51-39).txt

Scan type: Full scan (C:\|)
Objects scanned: 231074
Time elapsed: 58 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-19 15:50:44
Windows 5.1.2600 Service Pack 3
Running: p1s7mjt1.exe; Driver: C:\DOCUME~1\Richmanu\LOCALS~1\Temp\fxldypoc.sys


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xB9EB4112]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB9E932D6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB9E934C8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xB9EB4900]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xB9EB4BB4]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xB9EB2E12]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB9EB5020]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xB9EB43D2]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xB9E92F44]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2CA0 8050453C 8 Bytes JMP 69850DFA

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \Fat A8140D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\NdisWanIp@LLInterface WANARP
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\NdisWanIp@IpConfig Tcpip\Parameters\Interfaces\{44FE7F73-6B88-47BB-9638-CB4232516164}?Tcpip\Parameters\Interfaces\{58618240-9483-4674-8C8D-D8D34B2936D8}?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\NdisWanIp@NumInterfaces 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{27C516A6-D79B-40A8-B169-30F5E2569C79}@LLInterface ARP1394
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{27C516A6-D79B-40A8-B169-30F5E2569C79}@IpConfig Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{33ED750B-C4C7-444F-8C8A-5748D8F5F3F9}@LLInterface
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{33ED750B-C4C7-444F-8C8A-5748D8F5F3F9}@IpConfig Tcpip\Parameters\Interfaces\{33ED750B-C4C7-444F-8C8A-5748D8F5F3F9}?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{ED4EEE13-3536-49A6-9253-5B495AB16059}@LLInterface
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{ED4EEE13-3536-49A6-9253-5B495AB16059}@IpConfig Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{EDF0D0AD-039D-40F2-B0C4-2BE572B2B91E}@LLInterface
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{EDF0D0AD-039D-40F2-B0C4-2BE572B2B91E}@IpConfig Tcpip\Parameters\Interfaces\{EDF0D0AD-039D-40F2-B0C4-2BE572B2B91E}?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@EnableDHCP 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@DefaultGateway
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@DefaultGatewayMetric
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@NameServer
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@Domain
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@RegistrationEnabled 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@RegisterAdapterName 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@TCPAllowedPorts 0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@UDPAllowedPorts 0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@RawIPAllowedProtocols 0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{44FE7F73-6B88-47BB-9638-CB4232516164}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{44FE7F73-6B88-47BB-9638-CB4232516164}@EnableDHCP 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{44FE7F73-6B88-47BB-9638-CB4232516164}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{44FE7F73-6B88-47BB-9638-CB4232516164}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{44FE7F73-6B88-47BB-9638-CB4232516164}@DefaultGateway
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{44FE7F73-6B88-47BB-9638-CB4232516164}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{44FE7F73-6B88-47BB-9638-CB4232516164}@DontAddDefaultGateway 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{58618240-9483-4674-8C8D-D8D34B2936D8}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{58618240-9483-4674-8C8D-D8D34B2936D8}@EnableDHCP 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{58618240-9483-4674-8C8D-D8D34B2936D8}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{58618240-9483-4674-8C8D-D8D34B2936D8}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{58618240-9483-4674-8C8D-D8D34B2936D8}@DefaultGateway
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{58618240-9483-4674-8C8D-D8D34B2936D8}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{58618240-9483-4674-8C8D-D8D34B2936D8}@DontAddDefaultGateway 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@EnableDHCP 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@DefaultGateway
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@DefaultGatewayMetric
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@NameServer
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@Domain
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@RegistrationEnabled 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@RegisterAdapterName 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@TCPAllowedPorts 0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@UDPAllowedPorts 0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@RawIPAllowedProtocols 0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@NTEContextList 0x00000004?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\NdisWanIp@LLInterface WANARP
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\NdisWanIp@IpConfig Tcpip\Parameters\Interfaces\{44FE7F73-6B88-47BB-9638-CB4232516164}?Tcpip\Parameters\Interfaces\{58618240-9483-4674-8C8D-D8D34B2936D8}?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\NdisWanIp@NumInterfaces 2
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\{27C516A6-D79B-40A8-B169-30F5E2569C79}@LLInterface ARP1394
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\{27C516A6-D79B-40A8-B169-30F5E2569C79}@IpConfig Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\{33ED750B-C4C7-444F-8C8A-5748D8F5F3F9}@LLInterface
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\{33ED750B-C4C7-444F-8C8A-5748D8F5F3F9}@IpConfig Tcpip\Parameters\Interfaces\{33ED750B-C4C7-444F-8C8A-5748D8F5F3F9}?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\{ED4EEE13-3536-49A6-9253-5B495AB16059}@LLInterface
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\{ED4EEE13-3536-49A6-9253-5B495AB16059}@IpConfig Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\{EDF0D0AD-039D-40F2-B0C4-2BE572B2B91E}@LLInterface
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\{EDF0D0AD-039D-40F2-B0C4-2BE572B2B91E}@IpConfig Tcpip\Parameters\Interfaces\{EDF0D0AD-039D-40F2-B0C4-2BE572B2B91E}?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@EnableDHCP 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@DefaultGateway
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@DefaultGatewayMetric
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@NameServer
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@Domain
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@RegistrationEnabled 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@RegisterAdapterName 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@TCPAllowedPorts 0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@UDPAllowedPorts 0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@RawIPAllowedProtocols 0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{44FE7F73-6B88-47BB-9638-CB4232516164}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{44FE7F73-6B88-47BB-9638-CB4232516164}@EnableDHCP 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{44FE7F73-6B88-47BB-9638-CB4232516164}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{44FE7F73-6B88-47BB-9638-CB4232516164}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{44FE7F73-6B88-47BB-9638-CB4232516164}@DefaultGateway
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{44FE7F73-6B88-47BB-9638-CB4232516164}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{44FE7F73-6B88-47BB-9638-CB4232516164}@DontAddDefaultGateway 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{58618240-9483-4674-8C8D-D8D34B2936D8}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{58618240-9483-4674-8C8D-D8D34B2936D8}@EnableDHCP 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{58618240-9483-4674-8C8D-D8D34B2936D8}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{58618240-9483-4674-8C8D-D8D34B2936D8}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{58618240-9483-4674-8C8D-D8D34B2936D8}@DefaultGateway
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{58618240-9483-4674-8C8D-D8D34B2936D8}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{58618240-9483-4674-8C8D-D8D34B2936D8}@DontAddDefaultGateway 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@EnableDHCP 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@DefaultGateway
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@DefaultGatewayMetric
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@NameServer
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@Domain
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@RegistrationEnabled 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@RegisterAdapterName 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@TCPAllowedPorts 0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@UDPAllowedPorts 0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@RawIPAllowedProtocols 0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@NTEContextList 0x00000004?

---- EOF - GMER 1.0.15 ----


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-19 15:50:44
Windows 5.1.2600 Service Pack 3
Running: p1s7mjt1.exe; Driver: C:\DOCUME~1\Richmanu\LOCALS~1\Temp\fxldypoc.sys


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xB9EB4112]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB9E932D6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB9E934C8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xB9EB4900]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xB9EB4BB4]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xB9EB2E12]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB9EB5020]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xB9EB43D2]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xB9E92F44]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2CA0 8050453C 8 Bytes JMP 69850DFA

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \Fat A8140D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\NdisWanIp@LLInterface WANARP
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\NdisWanIp@IpConfig Tcpip\Parameters\Interfaces\{44FE7F73-6B88-47BB-9638-CB4232516164}?Tcpip\Parameters\Interfaces\{58618240-9483-4674-8C8D-D8D34B2936D8}?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\NdisWanIp@NumInterfaces 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{27C516A6-D79B-40A8-B169-30F5E2569C79}@LLInterface ARP1394
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{27C516A6-D79B-40A8-B169-30F5E2569C79}@IpConfig Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{33ED750B-C4C7-444F-8C8A-5748D8F5F3F9}@LLInterface
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{33ED750B-C4C7-444F-8C8A-5748D8F5F3F9}@IpConfig Tcpip\Parameters\Interfaces\{33ED750B-C4C7-444F-8C8A-5748D8F5F3F9}?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{ED4EEE13-3536-49A6-9253-5B495AB16059}@LLInterface
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{ED4EEE13-3536-49A6-9253-5B495AB16059}@IpConfig Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{EDF0D0AD-039D-40F2-B0C4-2BE572B2B91E}@LLInterface
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{EDF0D0AD-039D-40F2-B0C4-2BE572B2B91E}@IpConfig Tcpip\Parameters\Interfaces\{EDF0D0AD-039D-40F2-B0C4-2BE572B2B91E}?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@EnableDHCP 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@DefaultGateway
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@DefaultGatewayMetric
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@NameServer
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@Domain
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@RegistrationEnabled 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@RegisterAdapterName 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@TCPAllowedPorts 0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@UDPAllowedPorts 0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@RawIPAllowedProtocols 0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{44FE7F73-6B88-47BB-9638-CB4232516164}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{44FE7F73-6B88-47BB-9638-CB4232516164}@EnableDHCP 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{44FE7F73-6B88-47BB-9638-CB4232516164}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{44FE7F73-6B88-47BB-9638-CB4232516164}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{44FE7F73-6B88-47BB-9638-CB4232516164}@DefaultGateway
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{44FE7F73-6B88-47BB-9638-CB4232516164}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{44FE7F73-6B88-47BB-9638-CB4232516164}@DontAddDefaultGateway 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{58618240-9483-4674-8C8D-D8D34B2936D8}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{58618240-9483-4674-8C8D-D8D34B2936D8}@EnableDHCP 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{58618240-9483-4674-8C8D-D8D34B2936D8}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{58618240-9483-4674-8C8D-D8D34B2936D8}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{58618240-9483-4674-8C8D-D8D34B2936D8}@DefaultGateway
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{58618240-9483-4674-8C8D-D8D34B2936D8}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{58618240-9483-4674-8C8D-D8D34B2936D8}@DontAddDefaultGateway 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@EnableDHCP 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@DefaultGateway
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@DefaultGatewayMetric
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@NameServer
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@Domain
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@RegistrationEnabled 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@RegisterAdapterName 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@TCPAllowedPorts 0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@UDPAllowedPorts 0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@RawIPAllowedProtocols 0?
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@NTEContextList 0x00000004?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\NdisWanIp@LLInterface WANARP
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\NdisWanIp@IpConfig Tcpip\Parameters\Interfaces\{44FE7F73-6B88-47BB-9638-CB4232516164}?Tcpip\Parameters\Interfaces\{58618240-9483-4674-8C8D-D8D34B2936D8}?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\NdisWanIp@NumInterfaces 2
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\{27C516A6-D79B-40A8-B169-30F5E2569C79}@LLInterface ARP1394
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\{27C516A6-D79B-40A8-B169-30F5E2569C79}@IpConfig Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\{33ED750B-C4C7-444F-8C8A-5748D8F5F3F9}@LLInterface
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\{33ED750B-C4C7-444F-8C8A-5748D8F5F3F9}@IpConfig Tcpip\Parameters\Interfaces\{33ED750B-C4C7-444F-8C8A-5748D8F5F3F9}?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\{ED4EEE13-3536-49A6-9253-5B495AB16059}@LLInterface
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\{ED4EEE13-3536-49A6-9253-5B495AB16059}@IpConfig Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\{EDF0D0AD-039D-40F2-B0C4-2BE572B2B91E}@LLInterface
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\{EDF0D0AD-039D-40F2-B0C4-2BE572B2B91E}@IpConfig Tcpip\Parameters\Interfaces\{EDF0D0AD-039D-40F2-B0C4-2BE572B2B91E}?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@EnableDHCP 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@DefaultGateway
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@DefaultGatewayMetric
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@NameServer
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@Domain
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@RegistrationEnabled 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@RegisterAdapterName 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@TCPAllowedPorts 0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@UDPAllowedPorts 0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{27C516A6-D79B-40A8-B169-30F5E2569C79}@RawIPAllowedProtocols 0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{44FE7F73-6B88-47BB-9638-CB4232516164}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{44FE7F73-6B88-47BB-9638-CB4232516164}@EnableDHCP 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{44FE7F73-6B88-47BB-9638-CB4232516164}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{44FE7F73-6B88-47BB-9638-CB4232516164}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{44FE7F73-6B88-47BB-9638-CB4232516164}@DefaultGateway
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{44FE7F73-6B88-47BB-9638-CB4232516164}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{44FE7F73-6B88-47BB-9638-CB4232516164}@DontAddDefaultGateway 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{58618240-9483-4674-8C8D-D8D34B2936D8}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{58618240-9483-4674-8C8D-D8D34B2936D8}@EnableDHCP 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{58618240-9483-4674-8C8D-D8D34B2936D8}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{58618240-9483-4674-8C8D-D8D34B2936D8}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{58618240-9483-4674-8C8D-D8D34B2936D8}@DefaultGateway
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{58618240-9483-4674-8C8D-D8D34B2936D8}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{58618240-9483-4674-8C8D-D8D34B2936D8}@DontAddDefaultGateway 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@EnableDHCP 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@DefaultGateway
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@DefaultGatewayMetric
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@NameServer
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@Domain
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@RegistrationEnabled 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@RegisterAdapterName 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@TCPAllowedPorts 0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@UDPAllowedPorts 0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@RawIPAllowedProtocols 0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ED4EEE13-3536-49A6-9253-5B495AB16059}@NTEContextList 0x00000004?

---- EOF - GMER 1.0.15 ----

DDS (Ver_10-03-17.01) - NTFSx86
Run by Richmanu at 19:42:35.12 on 19/08/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2038.1434 [GMT 1:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Documents and Settings\Richmanu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Richmanu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Richmanu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Richmanu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Richmanu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Richmanu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Richmanu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Richmanu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Richmanu\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://go.divx.com/postinstall/win/en
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: : {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: N/A: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [EBUNWVLUMV] c:\windows\temp\Sxr.exe
dRun: [QNB2EB90WX] c:\windows\temp\Sxr.exe
dRun: [RZDVL2F27W] c:\windows\temp\Sx8.exe
dRun: [EWABQAF7KL] c:\windows\temp\Sxx.exe
dRun: [UBC5AB1IDP] c:\windows\temp\Sxw.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\richmanu\applic~1\mozilla\firefox\profiles\34qxdrvh.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.nectar.com
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ourmark=1&ei=utf-8&fr=chr-nectar&slv8-&type=61465&p=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\richmanu\application data\mozilla\firefox\profiles\34qxdrvh.default\extensions\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}\components\Engine.dll
FF - plugin: c:\documents and settings\richmanu\application data\mozilla\firefox\profiles\34qxdrvh.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\richmanu\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-3-25 218592]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-3-25 112592]
R3 NvnUsbAudio;Novation USB Audio Driver;c:\windows\system32\drivers\nvnusbaudio.sys [2010-3-26 27648]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-3-10 24216]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-3-25 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-3-25 1142224]
S4 gupdate1cacba5a8442ac4;Google Update Service (gupdate1cacba5a8442ac4);c:\program files\google\update\GoogleUpdate.exe [2010-3-24 133104]
S4 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]

=============== Created Last 30 ================

2010-09-18 04:19:35 13183 ----a-w- c:\documents and settings\richmanu\.recently-used.xbel
2010-08-18 19:18:36 319488 ----a-w- c:\windows\system32\AegisI5Installer.exe
2010-08-18 19:14:14 5 ----a-w- c:\windows\system32\drivers\DELL_XPS_MM061 .MRK
2010-08-18 19:14:14 5 ----a-w- c:\windows\system32\drivers\1028_DELL_XPS_MM061 .MRK
2010-08-18 19:14:03 666 ----a-w- c:\windows\speed.reg
2010-08-18 15:11:31 0 d-----w- c:\docume~1\richmanu\applic~1\Tatara Systems
2010-08-18 15:10:43 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2010-08-18 15:10:43 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2010-08-18 15:10:43 112640 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2010-08-18 15:10:43 103168 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2010-08-18 15:10:43 102528 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2010-08-18 15:10:43 100736 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2010-08-18 15:10:11 0 d-----w- c:\program files\O2CM-CE
2010-08-18 15:10:11 0 d-----w- c:\docume~1\alluse~1\applic~1\O2CM-CE
2010-08-17 14:10:45 0 d-----w- c:\program files\Western Digital Corporation
2010-08-16 00:26:11 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat
2010-08-15 01:25:09 0 d-----w- c:\windows\system32\XPSViewer
2010-08-15 01:24:00 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-08-15 01:24:00 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-08-15 01:24:00 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-08-15 01:24:00 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-08-15 01:24:00 117760 ------w- c:\windows\system32\prntvpt.dll
2010-08-15 01:23:59 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-08-15 01:23:59 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-08-15 01:23:59 0 d-----w- C:\68944768422a0a15d7
2010-08-12 18:12:42 0 d-----w- c:\windows\system32\MpEngineStore
2010-08-12 14:03:09 0 d-----w- C:\7e79da99b36a4ee271ac7d5beb5620
2010-08-12 13:32:47 0 d-----w- c:\docume~1\alluse~1\applic~1\Toontrack
2010-08-12 12:55:53 0 d-----w- c:\docume~1\richmanu\applic~1\Toontrack
2010-08-12 12:48:38 0 d-----w- c:\program files\Toontrack
2010-08-10 15:01:35 0 d-----w- c:\docume~1\richmanu\applic~1\ElevatedDiagnostics
2010-08-10 14:42:59 0 d-----w- c:\program files\iPod
2010-08-09 22:51:55 0 d-----w- c:\windows\system32\appmgmt
2010-08-09 22:35:12 200704 ----a-w- c:\windows\system32\vbalExpBar6.ocx
2010-08-09 22:35:11 44544 ----a-w- c:\windows\system32\GIF89.DLL
2010-08-09 22:35:10 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2010-08-09 22:35:10 15360 ----a-w- c:\windows\system32\inetfr.DLL
2010-08-09 22:35:10 115920 ----a-w- c:\windows\system32\msinet.OCX
2010-08-09 22:35:10 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2010-08-09 22:35:09 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2010-08-09 22:35:09 152848 ----a-w- c:\windows\system32\COMDLG32.OCX
2010-08-09 22:35:09 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2010-08-09 22:35:09 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2010-08-09 22:35:08 484352 ----a-w- c:\windows\system32\lame_enc.dll
2010-08-09 22:35:08 0 d-----w- c:\program files\Free Easy Burner
2010-08-09 22:35:08 0 d-----w- c:\docume~1\richmanu\applic~1\FreeBurner
2010-08-08 13:19:42 0 d-----w- c:\documents and settings\richmanu\LocalLow
2010-08-08 13:19:42 0 d-----w- c:\docume~1\alluse~1\applic~1\TVU Networks
2010-08-08 13:18:52 0 d-----w- c:\windows\system32\TVUAx
2010-08-05 21:25:42 0 d-----w- c:\program files\Trend Micro
2010-08-04 10:55:48 0 d-----w- c:\program files\Image-Line
2010-08-03 09:31:02 0 d-----w- c:\program files\Brainworx
2010-07-26 22:24:37 0 d-----w- c:\program files\LiquidSonics
2010-07-26 21:30:35 0 d-----w- c:\docume~1\alluse~1\applic~1\iZotope
2010-07-26 10:29:13 0 d-----w- c:\program files\common files\iZotope
2010-07-26 10:29:12 0 d-----w- c:\program files\iZotope
2010-07-25 09:54:25 0 d-----w- c:\docume~1\richmanu\applic~1\Applied Acoustics Systems
2010-07-25 09:54:19 0 d-----w- c:\program files\AAS
2010-07-22 23:14:11 0 d-----w- c:\program files\File Shredder
2010-07-22 11:29:23 0 d-----w- c:\program files\MIDIOX

==================== Find3M ====================

2010-07-21 17:53:49 767928 ----a-w- c:\windows\BDTSupport.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-27 13:00:11 52224 --sha-r- c:\windows\system32\adsldpw.dll
2010-06-24 12:15:28 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:15:26 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15:26 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27:11 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-08 00:21:02 1652664 ----a-w- c:\windows\PCTBDCore.dll

============= FINISH: 19:42:45.90 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 24/03/2010 22:23:12
System Uptime: 19/08/2010 17:03:41 (2 hours ago)

Motherboard: Dell Inc. | | 0KD882
Processor: Genuine Intel(R) CPU T2130 @ 1.86GHz | Microprocessor | 1862/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 94.274 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 932 GiB total, 844.25 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01BD1028&REV_01\4&2FE911E8&0&0AF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01BD1028&REV_01\4&2FE911E8&0&0AF0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_01BD1028&REV_0A\4&2FE911E8&0&0BF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_01BD1028&REV_0A\4&2FE911E8&0&0BF0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_01BD1028&REV_05\4&2FE911E8&0&0CF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_01BD1028&REV_05\4&2FE911E8&0&0CF0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_01BD1028&REV_01\3&61AAA01&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_01BD1028&REV_01\3&61AAA01&0&FB
Service:

==== System Restore Points ===================

RP41: 16/08/2010 01:55:20 - Software Distribution Service 3.0
RP42: 17/08/2010 05:17:29 - System Checkpoint
RP43: 18/08/2010 05:33:28 - System Checkpoint
RP44: 18/08/2010 16:10:09 - Installed O2 Connection Manager
RP45: 18/08/2010 16:17:00 - Removed O2 Connection Manager
RP46: 18/08/2010 20:14:03 - Installed Dell System Software
RP47: 18/08/2010 20:14:13 - Installed Notebook System Software
RP48: 19/08/2010 10:18:28 - august 19 before winsockfix

==== Installed Programs ======================


Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3
Advertising Center
AmpliTube 2 DUO
AmpliTube 2 Live
AmpliTube X-GEAR
AnalogX SayIt
Antares Autotune VST RTAS TDM v5.08
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Audacity 1.2.6
BBC iPlayer Desktop
BitTorrent
Bonjour
Broadcom 440x 10/100 Integrated Controller
Browser Defender 2.0.6.15
bx_cleansweep V2 All 2.0
bx_solo 1.1
Conexant HDA D110 MDC V.92 Modem
CS-80V 1.6
Data Lifeguard Diagnostic for Windows 1.21
Dell Resource CD
Dell Wireless WLAN Card
discoDSP Discovery Pro
Discord 2 VST plug-in
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
Dropbox
Drumtracker
Effectrix
Elevayta Choir Boy v4.92d VST
Elevayta Extra Boy v4.91d VST
EMS Synth A VS VSTi v0.32
FabFilter Pro-C VST RTAS v1.10
ffdshow
File Shredder 2.0
Free Easy Burner V 4.1
FreeAlpha 3
GForce - Oddity
GIMP 2.6.8
Google Chrome
Google Update Helper
GPL MPEG-1/2 DirectShow Decoder Filter
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IL Download Manager
IL Harmless
Intel(R) Graphics Media Accelerator Driver
Interlok driver setup x32
iTunes
iZotope Trash
Java Auto Updater
Java(TM) 6 Update 20
Live 8.1.1
Live 8.1.3
Live 8.1.4
Live 8.1.5
Loomer Resound
Loomer Sequent
Malwarebytes' Anti-Malware
Max 5.1.4
Melodyne 3.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft VC8 CRT for Loomer Applications
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MIDI-OX
Moog Modular V 2.2
Mozilla Firefox (3.6.8)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Muon Tau Pro v1.1
Native.Instruments Battery v3.0.1.005 VSTi DXi RTAS
NCH Toolbox
Nero BurnLite 10
Nero Control Center 10
Nero ControlCenter
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero Update
neroxml
Novation USB Audio Driver 1.2.8
Ohm Force - Quad Frohmage VST2
Ohm Force - Symptohm PE VST2
PitchWorks remove
Pluggo 3.5.3 Runtime
polyKB
Prism Video Converter
QuickTime
Reverberate LE 1.005
SampleTank 2 SE (2.5.3)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
SigmaTel Audio
Skype™ 4.2
SopCast 3.2.9
SoulSeek 157 NS 13e
Spyware Doctor 7.0
SUPERAntiSpyware
Synth1
T-RackS 3 EQ
Tassman 4 v4.1.6
TT Dynamic Range Meter 1.0
TweetDeck
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
VC80CRTRedist - 8.0.50727.4053
Veoh Web Player
VLC media player 1.0.5
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Movie Maker 2.0
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
WinRAR archiver
XILS 3 LIMITED

==== Event Viewer Messages From Past Week ========

14/08/2010 18:29:46, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
14/08/2010 15:24:43, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
14/08/2010 15:00:27, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
14/08/2010 14:00:00, error: Schedule [7901] - The At3.job command failed to start due to the following error: General access denied error
14/08/2010 14:00:00, error: Schedule [7901] - The At2.job command failed to start due to the following error: General access denied error
14/08/2010 14:00:00, error: Schedule [7901] - The At1.job command failed to start due to the following error: General access denied error

==== End Of File ===========================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:35:26, on 19/08/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Documents and Settings\Richmanu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Richmanu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Richmanu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Richmanu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Richmanu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Richmanu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Richmanu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Richmanu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.divx.com/postinstall/win/en
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [RZDVL2F27W] C:\WINDOWS\TEMP\Sx8.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [EWABQAF7KL] C:\WINDOWS\TEMP\Sxx.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [UBC5AB1IDP] C:\WINDOWS\TEMP\Sxw.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 5055 bytes

3
Contributors
20
Replies
21
Views
7 Years
Discussion Span
Last Post by crunchie
0

Hi and welcome to the Daniweb forums :).

==========

Please download ComboFix by sUBs from HERE or HERE

  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply.
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

0

Thank you for helping :)

here is the combofix log.


ComboFix 10-08-18.05 - Richmanu 20/08/2010 13:13:35.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2038.1648 [GMT 1:00]
Running from: c:\documents and settings\Richmanu\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\1028_DELL_XPS_MM061 .MRK
c:\windows\system32\drivers\DELL_XPS_MM061 .MRK
c:\windows\system32\msvcsv60.dll
E:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-07-20 to 2010-08-20 )))))))))))))))))))))))))))))))
.

2010-08-18 19:18 . 2010-08-19 09:32 319488 ----a-w- c:\windows\system32\AegisI5Installer.exe
2010-08-18 19:14 . 2005-07-08 12:19 666 ----a-w- c:\windows\speed.reg
2010-08-18 15:11 . 2010-08-18 15:12 -------- d-----w- c:\documents and settings\Richmanu\Application Data\Tatara Systems
2010-08-18 15:10 . 2009-10-07 11:01 112640 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2010-08-18 15:10 . 2009-10-07 11:01 102528 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2010-08-18 15:10 . 2009-10-07 11:01 100736 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2010-08-18 15:10 . 2009-08-25 16:03 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2010-08-18 15:10 . 2009-08-25 16:03 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2010-08-18 15:10 . 2009-08-25 16:03 103168 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2010-08-18 15:10 . 2010-08-18 15:10 -------- d-----w- c:\program files\O2CM-CE
2010-08-18 15:10 . 2010-08-18 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\O2CM-CE
2010-08-17 14:10 . 2010-08-17 14:10 -------- d-----w- c:\program files\Western Digital Corporation
2010-08-15 01:25 . 2010-08-15 01:25 -------- d-----w- c:\windows\system32\XPSViewer
2010-08-15 01:25 . 2010-08-15 01:25 -------- d-----w- c:\program files\MSBuild
2010-08-15 01:24 . 2010-08-15 01:24 -------- d-----w- c:\program files\Reference Assemblies
2010-08-15 01:24 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-08-15 01:24 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-08-15 01:24 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-08-15 01:24 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-08-15 01:24 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-08-15 01:24 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-08-15 01:24 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-08-15 01:23 . 2010-08-15 01:24 -------- d-----w- C:\68944768422a0a15d7
2010-08-15 01:23 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-08-15 01:23 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-08-12 18:12 . 2010-08-12 21:36 -------- d-----w- c:\windows\system32\MpEngineStore
2010-08-12 14:03 . 2010-08-12 21:36 -------- d-----w- C:\7e79da99b36a4ee271ac7d5beb5620
2010-08-12 13:32 . 2010-08-12 13:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Toontrack
2010-08-12 12:55 . 2010-08-12 12:55 -------- d-----w- c:\documents and settings\Richmanu\Application Data\Toontrack
2010-08-12 12:48 . 2010-08-12 12:48 -------- d-----w- c:\program files\Toontrack
2010-08-10 15:01 . 2010-08-10 15:01 -------- d-----w- c:\documents and settings\Richmanu\Application Data\ElevatedDiagnostics
2010-08-10 14:42 . 2010-08-10 14:42 -------- d-----w- c:\program files\iPod
2010-08-10 14:30 . 2010-08-10 14:30 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-08-09 23:05 . 2010-08-09 23:05 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-08-09 23:05 . 2010-08-09 23:05 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-08-09 23:04 . 2010-08-09 23:04 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-08-09 23:02 . 2010-08-09 23:02 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-08-09 22:35 . 1998-07-13 15:53 44544 ----a-w- c:\windows\system32\GIF89.DLL
2010-08-09 22:35 . 2003-01-26 10:41 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2010-08-09 22:35 . 1999-03-25 16:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2010-08-09 22:35 . 1998-07-12 20:00 15360 ----a-w- c:\windows\system32\inetfr.DLL
2010-08-09 22:35 . 2000-10-01 16:00 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2010-08-09 22:35 . 1998-07-12 20:00 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2010-08-09 22:35 . 1998-07-12 16:00 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2010-08-09 22:35 . 2010-08-09 23:19 -------- d-----w- c:\program files\Free Easy Burner
2010-08-09 22:35 . 2010-08-09 22:35 -------- d-----w- c:\documents and settings\Richmanu\Application Data\FreeBurner
2010-08-09 22:35 . 2008-09-24 20:33 484352 ----a-w- c:\windows\system32\lame_enc.dll
2010-08-08 13:19 . 2010-08-08 13:19 -------- d-----w- c:\documents and settings\Richmanu\LocalLow
2010-08-08 13:19 . 2010-08-08 13:19 -------- d-----w- c:\documents and settings\Richmanu\Local Settings\Application Data\TVU Networks
2010-08-08 13:19 . 2010-08-08 13:19 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2010-08-08 13:18 . 2010-08-08 13:18 -------- d-----w- c:\windows\system32\TVUAx
2010-08-06 07:58 . 2010-04-29 11:33 65536 ----a-w- c:\documents and settings\Richmanu\Application Data\Mozilla\Firefox\Profiles\34qxdrvh.default\extensions\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}\components\Engine.dll
2010-08-06 07:56 . 2010-08-06 07:56 0 ----a-w- c:\windows\nsreg.dat
2010-08-06 07:56 . 2010-08-06 07:56 -------- d-----w- c:\documents and settings\Richmanu\Local Settings\Application Data\Mozilla
2010-08-05 21:25 . 2010-08-05 21:25 -------- d-----w- c:\program files\Trend Micro
2010-08-04 10:55 . 2010-08-04 10:56 -------- d-----w- c:\program files\Image-Line
2010-08-03 09:31 . 2010-08-03 09:31 -------- d-----w- c:\program files\Brainworx
2010-07-26 22:24 . 2010-07-26 22:24 -------- d-----w- c:\program files\LiquidSonics
2010-07-26 21:30 . 2010-07-26 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\iZotope
2010-07-26 10:29 . 2010-07-26 10:29 -------- d-----w- c:\program files\Common Files\iZotope
2010-07-26 10:29 . 2010-07-26 10:29 -------- d-----w- c:\program files\iZotope
2010-07-25 09:54 . 2010-07-22 19:02 -------- d-----w- c:\documents and settings\Richmanu\Application Data\Applied Acoustics Systems
2010-07-25 09:54 . 2010-07-22 19:02 -------- d-----w- c:\program files\AAS
2010-07-22 23:14 . 2010-07-22 23:14 -------- d-----w- c:\program files\File Shredder
2010-07-22 11:29 . 2010-07-22 11:29 4846 ----a-r- c:\documents and settings\Richmanu\Application Data\Microsoft\Installer\{ABC52CF9-2D43-4278-A152-CB2CD3ED8FE9}\_7e87390c.exe
2010-07-22 11:29 . 2010-07-22 11:29 3310 ----a-r- c:\documents and settings\Richmanu\Application Data\Microsoft\Installer\{ABC52CF9-2D43-4278-A152-CB2CD3ED8FE9}\_12db153c.exe
2010-07-22 11:29 . 2010-07-22 11:29 8478 ----a-r- c:\documents and settings\Richmanu\Application Data\Microsoft\Installer\{ABC52CF9-2D43-4278-A152-CB2CD3ED8FE9}\_5af141bb.exe
2010-07-22 11:29 . 2010-07-22 11:29 3310 ----a-r- c:\documents and settings\Richmanu\Application Data\Microsoft\Installer\{ABC52CF9-2D43-4278-A152-CB2CD3ED8FE9}\_bb32ea6.exe
2010-07-22 11:29 . 2010-07-22 11:29 2550 ----a-r- c:\documents and settings\Richmanu\Application Data\Microsoft\Installer\{ABC52CF9-2D43-4278-A152-CB2CD3ED8FE9}\_16496df1.exe
2010-07-22 11:29 . 2010-07-22 11:29 1078 ----a-r- c:\documents and settings\Richmanu\Application Data\Microsoft\Installer\{ABC52CF9-2D43-4278-A152-CB2CD3ED8FE9}\_69525f90.exe
2010-07-22 11:29 . 2010-07-22 11:29 1078 ----a-r- c:\documents and settings\Richmanu\Application Data\Microsoft\Installer\{ABC52CF9-2D43-4278-A152-CB2CD3ED8FE9}\_4ae13d6c.exe
2010-07-22 11:29 . 2010-07-22 11:29 1078 ----a-r- c:\documents and settings\Richmanu\Application Data\Microsoft\Installer\{ABC52CF9-2D43-4278-A152-CB2CD3ED8FE9}\_2cd672ae.exe
2010-07-22 11:29 . 2010-07-22 11:29 1078 ----a-r- c:\documents and settings\Richmanu\Application Data\Microsoft\Installer\{ABC52CF9-2D43-4278-A152-CB2CD3ED8FE9}\_294823.exe
2010-07-22 11:29 . 2010-07-22 11:29 1078 ----a-r- c:\documents and settings\Richmanu\Application Data\Microsoft\Installer\{ABC52CF9-2D43-4278-A152-CB2CD3ED8FE9}\_26e91eb.exe
2010-07-22 11:29 . 2010-07-22 11:29 1078 ----a-r- c:\documents and settings\Richmanu\Application Data\Microsoft\Installer\{ABC52CF9-2D43-4278-A152-CB2CD3ED8FE9}\_18be6784.exe
2010-07-22 11:29 . 2010-07-22 11:54 -------- d-----w- c:\program files\MIDIOX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 04:41 . 2010-03-26 16:08 -------- d-----w- c:\documents and settings\Richmanu\Application Data\gtk-2.0
2010-08-20 09:57 . 2010-03-25 16:13 112 ----a-w- c:\windows\msocreg32.dat
2010-08-20 09:55 . 2010-03-25 00:28 -------- d-----w- c:\program files\NCH Software
2010-08-19 16:04 . 2010-03-24 23:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-19 09:07 . 2010-03-24 23:16 -------- d-----w- c:\program files\Spyware Doctor
2010-08-18 19:14 . 2010-03-24 22:35 -------- d-----w- c:\program files\Dell
2010-08-18 18:17 . 2010-05-27 14:17 -------- d-----w- c:\documents and settings\Richmanu\Application Data\Dropbox
2010-08-17 15:45 . 2010-03-24 23:27 -------- d-----w- c:\documents and settings\Richmanu\Application Data\vlc
2010-08-15 11:22 . 2010-03-25 00:44 24440 ----a-w- c:\documents and settings\Richmanu\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-13 12:55 . 2010-03-25 15:12 -------- d-----w- c:\documents and settings\Richmanu\Application Data\Ableton
2010-08-12 17:38 . 2010-03-24 23:07 -------- d-----w- c:\program files\Ableton
2010-08-10 14:45 . 2010-07-08 00:37 -------- d-----w- c:\program files\iTunes
2010-08-10 14:42 . 2010-03-25 00:32 -------- d-----w- c:\program files\Common Files\Apple
2010-08-09 23:22 . 2010-05-03 15:13 -------- d-----w- c:\documents and settings\Richmanu\Application Data\Nero
2010-08-09 23:22 . 2010-05-03 15:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-08-09 23:22 . 2010-05-03 15:04 -------- d-----w- c:\program files\Nero
2010-08-09 23:21 . 2010-05-03 15:04 -------- d-----w- c:\program files\Common Files\Nero
2010-08-09 23:11 . 2010-05-06 12:05 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-08-09 23:11 . 2010-05-06 11:15 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-08-09 23:05 . 2010-03-24 22:58 -------- d-----w- c:\program files\DivX
2010-08-09 23:02 . 2010-05-06 11:41 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-08-09 23:02 . 2010-05-06 11:41 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-08-08 13:13 . 2010-03-27 16:39 -------- d-----w- c:\program files\SopCast
2010-08-08 10:48 . 2010-03-25 13:04 -------- d-----w- c:\documents and settings\Richmanu\Application Data\BitTorrent
2010-08-03 23:18 . 2010-06-02 09:11 -------- d-----w- c:\documents and settings\Richmanu\Application Data\dvdcss
2010-07-27 12:56 . 2010-03-24 23:40 -------- d-----w- c:\program files\Steinberg
2010-07-21 17:53 . 2010-03-24 23:19 767928 ----a-w- c:\windows\BDTSupport.dll
2010-07-19 21:07 . 2010-07-19 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek
2010-07-15 02:18 . 2010-07-05 21:29 -------- d-----w- c:\program files\Elevayta Creativity Tools
2010-07-08 11:58 . 2010-04-14 11:27 -------- d-----w- c:\documents and settings\Richmanu\Application Data\PACE Anti-Piracy
2010-07-08 11:58 . 2010-04-14 11:27 -------- d-----w- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2010-07-08 11:56 . 2010-07-08 11:56 -------- d-----w- c:\documents and settings\Richmanu\Application Data\Cycling '74
2010-07-08 11:35 . 2010-03-25 00:20 -------- d-----w- c:\program files\Cycling '74
2010-07-08 10:14 . 2010-06-19 15:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-08 00:32 . 2010-07-08 00:32 -------- d-----w- c:\program files\Bonjour
2010-07-05 21:53 . 2010-07-05 21:53 -------- d-----w- c:\documents and settings\Richmanu\Application Data\FabFilter
2010-07-05 21:53 . 2010-07-05 21:53 -------- d-----w- c:\program files\FabFilter
2010-07-05 19:28 . 2010-06-19 06:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-30 12:31 . 2004-08-04 10:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-27 13:00 . 2010-06-27 13:00 52224 --sha-r- c:\windows\system32\adsldpw.dll
2010-06-25 05:15 . 2010-06-25 05:15 -------- d-----w- c:\documents and settings\Richmanu\Application Data\Xfer
2010-06-24 12:15 . 2006-03-04 03:33 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:15 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2004-08-04 10:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-23 13:44 . 2004-08-04 10:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 10:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-19 07:43 . 2010-06-19 07:43 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-19 07:01 . 2010-07-05 13:02 170990 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2010-06-19 06:58 . 2010-06-19 06:58 63488 ----a-w- c:\documents and settings\Richmanu\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-19 06:58 . 2010-06-19 06:58 52224 ----a-w- c:\documents and settings\Richmanu\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-19 06:58 . 2010-06-19 06:58 117760 ----a-w- c:\documents and settings\Richmanu\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-17 14:03 . 2004-08-04 10:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2010-03-24 22:17 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-04 10:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-08 00:21 . 2010-03-24 23:19 1652664 ----a-w- c:\windows\PCTBDCore.dll
2010-06-07 19:18 . 2010-06-07 19:18 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-07 19:17 . 2010-06-07 19:17 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-07 19:17 . 2010-06-07 19:17 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-07 19:17 . 2010-06-07 19:17 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-07 19:17 . 2010-06-07 19:17 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-05-27 14:17 . 2010-05-27 14:17 89831 ----a-w- c:\documents and settings\Richmanu\Application Data\Dropbox\bin\Uninstall.exe
2010-05-25 03:13 . 2010-05-25 03:13 503808 ----a-w- c:\documents and settings\Richmanu\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-647fd633-n\msvcp71.dll
2010-05-25 03:13 . 2010-05-25 03:13 499712 ----a-w- c:\documents and settings\Richmanu\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-647fd633-n\jmc.dll
2010-05-25 03:13 . 2010-05-25 03:13 348160 ----a-w- c:\documents and settings\Richmanu\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-647fd633-n\msvcr71.dll
2010-05-25 03:13 . 2010-05-25 03:13 61440 ----a-w- c:\documents and settings\Richmanu\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4a7ccb04-n\decora-sse.dll
2010-05-25 03:13 . 2010-05-25 03:13 12800 ----a-w- c:\documents and settings\Richmanu\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4a7ccb04-n\decora-d3d.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 15:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Richmanu\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Richmanu\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Richmanu\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
backup=c:\windows\pss\BBC iPlayer Desktop.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Richmanu^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk]
path=c:\documents and settings\Richmanu\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
backup=c:\windows\pss\BBC iPlayer Desktop.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Richmanu^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\Richmanu\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-24 23:05 136176 ----atw- c:\documents and settings\Richmanu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-12-13 17:41 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-12-13 17:45 118784 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-12-13 17:44 98304 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
2010-06-09 18:22 1287120 ----a-w- c:\program files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 14:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 20:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-03-24 17:30 282624 ----a-w- c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 10:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-07-05 19:28 2403568 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2010-02-22 22:52 2633976 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"ERSvc"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"gupdate1cacba5a8442ac4"=2 (0x2)
"Bonjour Service"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"idsvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Documents and Settings\\Richmanu\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [25/03/2010 00:19 218592]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41 67656]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [25/03/2010 00:19 112592]
R3 NvnUsbAudio;Novation USB Audio Driver;c:\windows\system32\drivers\nvnusbaudio.sys [26/03/2010 14:41 27648]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [10/03/2010 08:18 24216]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [25/03/2010 00:16 366840]
S4 gupdate1cacba5a8442ac4;Google Update Service (gupdate1cacba5a8442ac4);c:\program files\Google\Update\GoogleUpdate.exe [24/03/2010 23:59 133104]
S4 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [04/05/2010 12:07 503080]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - IPOD_SERVICE
.
Contents of the 'Scheduled Tasks' folder

2010-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-24 22:58]

2010-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-24 22:58]

2010-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-527237240-725345543-1003Core.job
- c:\documents and settings\Richmanu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-24 23:05]

2010-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-527237240-725345543-1003UA.job
- c:\documents and settings\Richmanu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-24 23:05]

2010-08-20 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 15:50]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://go.divx.com/postinstall/win/en
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Richmanu\Application Data\Mozilla\Firefox\Profiles\34qxdrvh.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.nectar.com
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ourmark=1&ei=utf-8&fr=chr-nectar&slv8-&type=61465&p=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\Richmanu\Application Data\Mozilla\Firefox\Profiles\34qxdrvh.default\extensions\{841468a1-d7f4-4bd3-84e6-bb0f13a06c64}\components\Engine.dll
FF - plugin: c:\documents and settings\Richmanu\Application Data\Mozilla\Firefox\Profiles\34qxdrvh.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\Richmanu\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\windows\system32\TVUAx\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-EWABQAF7KL - c:\windows\Temp\Sx0.exe
MSConfigStartUp-IntelWireless - c:\program files\Intel\Wireless\Bin\ifrmewrk.exe
MSConfigStartUp-IntelZeroConfig - c:\program files\Intel\Wireless\bin\ZCfgSvc.exe
MSConfigStartUp-SpywareTerminatorUpdate - c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
AddRemove-EMS Synth A VS VSTi v0.32 - c:\progra~1\STEINB~1\VSTPLU~1\EMSSYN~1\UNWISE.EXE
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2010-08-20 13:19:24
ComboFix-quarantined-files.txt 2010-08-20 12:19

Pre-Run: 99,936,124,928 bytes free
Post-Run: 99,910,443,008 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 4C4285C3E443C43A3A3D52729B750078

0

How is the PC now?

I would advise to uninstall AskBar.

=====

Please go to Jotti's or to virustotal and have these files scanned. Post the results back here.

c:\windows\system32\drivers\ewusbfake.sys
C:\68944768422a0a15d7
C:\7e79da99b36a4ee271ac7d5beb5620

0

technically I dont use anything but chrome as my browser but yeah I will remove ask bar.

I'm still getting redirects to jsc.google-analytics and then random pages. mostly when I use twitter.

Jotti found nothing from c:\windows\system32\drivers\ewusbfake.sys

couldnt open the long string folder had to do each file individually, but then was stopped from doing too may checks from the same IP.

I will try again when I get back from work later.

Thanks again

Edited by Cosmonaut: n/a

0

Download Bootkit Remover to your Desktop.

  • You then need to extract the remover.exe file from the RAR using a program capable of extracting RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
  • After extracting remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.

================

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
0

Re:Bootkit. I hope this is right.. ctrl+c closed the window but left this file on the desktop.


.\debug.cpp(238) : Debug log started at 21.08.2010 - 08:19:56
.\boot_cleaner.cpp(675) : Bootkit Remover
.\boot_cleaner.cpp(676) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(677) : www.esagelab.com
.\boot_cleaner.cpp(681) : Program version: 1.1.0.0
.\boot_cleaner.cpp(688) : OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x804d7000 0x0020d000 "\WINDOWS\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x806e4000 0x00020d00 "\WINDOWS\system32\hal.dll"
.\debug.cpp(256) : 0xba5a8000 0x00002000 "\WINDOWS\system32\KDCOM.DLL"
.\debug.cpp(256) : 0xba4b8000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"
.\debug.cpp(256) : 0xb9f87000 0x00020000 "fltmgr.sys"
.\debug.cpp(256) : 0xb9f59000 0x0002e000 "ACPI.sys"
.\debug.cpp(256) : 0xba5aa000 0x00002000 "\WINDOWS\system32\DRIVERS\WMILIB.SYS"
.\debug.cpp(256) : 0xb9f48000 0x00011000 "pci.sys"
.\debug.cpp(256) : 0xba0a8000 0x0000a000 "isapnp.sys"
.\debug.cpp(256) : 0xba0b8000 0x00010000 "ohci1394.sys"
.\debug.cpp(256) : 0xba0c8000 0x0000e000 "\WINDOWS\system32\DRIVERS\1394BUS.SYS"
.\debug.cpp(256) : 0xba4bc000 0x00003000 "compbatt.sys"
.\debug.cpp(256) : 0xba4c0000 0x00004000 "\WINDOWS\system32\DRIVERS\BATTC.SYS"
.\debug.cpp(256) : 0xba670000 0x00001000 "pciide.sys"
.\debug.cpp(256) : 0xba328000 0x00007000 "\WINDOWS\system32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0xba0d8000 0x0000b000 "MountMgr.sys"
.\debug.cpp(256) : 0xb9f29000 0x0001f000 "ftdisk.sys"
.\debug.cpp(256) : 0xba5ac000 0x00002000 "dmload.sys"
.\debug.cpp(256) : 0xb9f03000 0x00026000 "dmio.sys"
.\debug.cpp(256) : 0xba330000 0x00005000 "PartMgr.sys"
.\debug.cpp(256) : 0xba0e8000 0x0000d000 "VolSnap.sys"
.\debug.cpp(256) : 0xb9eeb000 0x00018000 "atapi.sys"
.\debug.cpp(256) : 0xba338000 0x00008000 "cercsr6.sys"
.\debug.cpp(256) : 0xb9ed3000 0x00018000 "\WINDOWS\System32\Drivers\SCSIPORT.SYS"
.\debug.cpp(256) : 0xba0f8000 0x00009000 "disk.sys"
.\debug.cpp(256) : 0xba108000 0x0000d000 "\WINDOWS\system32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0xb9ec1000 0x00012000 "sr.sys"
.\debug.cpp(256) : 0xb9e88000 0x00039000 "PCTCore.sys"
.\debug.cpp(256) : 0xba118000 0x0000a000 "PxHelp20.sys"
.\debug.cpp(256) : 0xb9e6a000 0x0001e000 "TPkd.sys"
.\debug.cpp(256) : 0xb9e53000 0x00017000 "KSecDD.sys"
.\debug.cpp(256) : 0xb9dc6000 0x0008d000 "Ntfs.sys"
.\debug.cpp(256) : 0xb9d99000 0x0002d000 "NDIS.sys"
.\debug.cpp(256) : 0xb9d7f000 0x0001a000 "Mup.sys"
.\debug.cpp(256) : 0xb9608000 0x00009000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
.\debug.cpp(256) : 0xb9d57000 0x00003000 "\SystemRoot\system32\DRIVERS\wmiacpi.sys"
.\debug.cpp(256) : 0xb9d53000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys"
.\debug.cpp(256) : 0xb949a000 0x0014e000 "\SystemRoot\system32\DRIVERS\ialmnt5.sys"
.\debug.cpp(256) : 0xb9486000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS"
.\debug.cpp(256) : 0xb945e000 0x00028000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0xb93ca000 0x00094000 "\SystemRoot\system32\DRIVERS\bcmwl5.sys"
.\debug.cpp(256) : 0xba410000 0x00006000 "\SystemRoot\system32\DRIVERS\usbuhci.sys"
.\debug.cpp(256) : 0xb93a6000 0x00024000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0xba418000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0xb95f8000 0x00010000 "\SystemRoot\system32\DRIVERS\bcm4sbxp.sys"
.\debug.cpp(256) : 0xb95e8000 0x00010000 "\SystemRoot\system32\DRIVERS\nic1394.sys"
.\debug.cpp(256) : 0xb9392000 0x00014000 "\SystemRoot\system32\DRIVERS\sdbus.sys"
.\debug.cpp(256) : 0xba138000 0x0000d000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0xba420000 0x00006000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0xba428000 0x00006000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0xba148000 0x00010000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0xba430000 0x00006000 "\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys"
.\debug.cpp(256) : 0xba77f000 0x00001000 "\SystemRoot\system32\DRIVERS\audstub.sys"
.\debug.cpp(256) : 0xba158000 0x0000d000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0xb9d4f000 0x00003000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0xb937b000 0x00017000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0xba168000 0x0000b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0xba178000 0x0000c000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0xba438000 0x00005000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0xb936a000 0x00011000 "\SystemRoot\system32\DRIVERS\psched.sys"
.\debug.cpp(256) : 0xba188000 0x00009000 "\SystemRoot\system32\DRIVERS\msgpc.sys"
.\debug.cpp(256) : 0xba440000 0x00005000 "\SystemRoot\system32\DRIVERS\ptilink.sys"
.\debug.cpp(256) : 0xba448000 0x00005000 "\SystemRoot\system32\DRIVERS\raspti.sys"
.\debug.cpp(256) : 0xb933a000 0x00030000 "\SystemRoot\system32\DRIVERS\rdpdr.sys"
.\debug.cpp(256) : 0xba198000 0x0000a000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0xba5f2000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0xb9317000 0x00023000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0xb92b9000 0x0005e000 "\SystemRoot\system32\DRIVERS\update.sys"
.\debug.cpp(256) : 0xb9a38000 0x00004000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0xba1a8000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0xa90a3000 0x00110000 "\SystemRoot\system32\drivers\sthda.sys"
.\debug.cpp(256) : 0xa907f000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0xba1c8000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0xa9045000 0x0003a000 "\SystemRoot\system32\DRIVERS\HSXHWAZL.sys"
.\debug.cpp(256) : 0xa8f4e000 0x000f7000 "\SystemRoot\system32\DRIVERS\HSX_DPV.sys"
.\debug.cpp(256) : 0xa8e98000 0x000b6000 "\SystemRoot\system32\DRIVERS\HSX_CNXT.sys"
.\debug.cpp(256) : 0xba450000 0x00008000 "\SystemRoot\System32\Drivers\Modem.SYS"
.\debug.cpp(256) : 0xba1d8000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0xba5fe000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0xba600000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0xba6f1000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0xba602000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0xba470000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0xba604000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS"
.\debug.cpp(256) : 0xba606000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0xba478000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0xba480000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0xba560000 0x00003000 "\SystemRoot\system32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0xa8e3d000 0x00013000 "\SystemRoot\system32\DRIVERS\ipsec.sys"
.\debug.cpp(256) : 0xa8de4000 0x00059000 "\SystemRoot\system32\DRIVERS\tcpip.sys"
.\debug.cpp(256) : 0xa8dbc000 0x00028000 "\SystemRoot\system32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0xa8d96000 0x00026000 "\SystemRoot\system32\DRIVERS\ipnat.sys"
.\debug.cpp(256) : 0xa8d74000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"
.\debug.cpp(256) : 0xba1e8000 0x00009000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0xa8d52000 0x00022000 "\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS"
.\debug.cpp(256) : 0xba488000 0x00006000 "\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS"
.\debug.cpp(256) : 0xa8d27000 0x0002b000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0xa8cb7000 0x00070000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xba228000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS"
.\debug.cpp(256) : 0xba248000 0x00009000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0xba258000 0x0000f000 "\SystemRoot\system32\DRIVERS\arp1394.sys"
.\debug.cpp(256) : 0xba2d8000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"
.\debug.cpp(256) : 0xa8c77000 0x00018000 "\SystemRoot\System32\Drivers\dump_atapi.sys"
.\debug.cpp(256) : 0xba65a000 0x00002000 "\SystemRoot\System32\Drivers\dump_WMILIB.SYS"
.\debug.cpp(256) : 0xbf800000 0x001c5000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0xba590000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0xba390000 0x00005000 "\SystemRoot\System32\watchdog.sys"
.\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"
.\debug.cpp(256) : 0xba746000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"
.\debug.cpp(256) : 0xbf020000 0x00022000 "\SystemRoot\System32\ialmdnt5.dll"
.\debug.cpp(256) : 0xbf012000 0x0000e000 "\SystemRoot\System32\ialmrnt5.dll"
.\debug.cpp(256) : 0xbf042000 0x00035000 "\SystemRoot\System32\ialmdev5.DLL"
.\debug.cpp(256) : 0xbf077000 0x000e2000 "\SystemRoot\System32\ialmdd5.DLL"
.\debug.cpp(256) : 0xbffa0000 0x00046000 "\SystemRoot\System32\ATMFD.DLL"
.\debug.cpp(256) : 0xa8b73000 0x00004000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0xa883a000 0x0002d000 "\SystemRoot\system32\DRIVERS\mrxdav.sys"
.\debug.cpp(256) : 0xa87d5000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys"
.\debug.cpp(256) : 0xa8c27000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys"
.\debug.cpp(256) : 0xa8923000 0x00004000 "\SystemRoot\system32\DRIVERS\mdmxsdk.sys"
.\debug.cpp(256) : 0xa8730000 0x00057000 "\SystemRoot\system32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xa841f000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys"
.\debug.cpp(256) : 0x7c900000 0x000b2000 "\WINDOWS\system32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomPBDS_DVD+-RW_DS-8W1P____________________BD1B____#5&2c81f6de&1&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP1T0L0-e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{D9468F07-8852-4DA9-BDAA-AA873EA12BB0}"
.\debug.cpp(400) : Destination="\Device\{D9468F07-8852-4DA9-BDAA-AA873EA12BB0}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination="\Device\Video0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination="\Device\Ndis"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon"
.\debug.cpp(400) : Destination="\Device\DmControl\DmIoDaemon"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000002e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{71985f4a-1ca1-11d3-9cc8-00c04f7971e0}"
.\debug.cpp(400) : Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination="\Device\Video1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskTOSHIBA_MK1637GSX_______________________DL040D__#5&19c84639&1&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP0T0L0-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2263344d&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination="\Device\Video2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&3932ba15&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"
.\debug.cpp(400) : Destination="\Device\Ip"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000042"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000002d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination="\Device\Video3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{333A514E-2F27-45DB-8D01-E49A342AEFDE}"
.\debug.cpp(400) : Destination="\Device\{333A514E-2F27-45DB-8D01-E49A342AEFDE}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{EDF0D0AD-039D-40F2-B0C4-2BE572B2B91E}"
.\debug.cpp(400) : Destination="\Device\{EDF0D0AD-039D-40F2-B0C4-2BE572B2B91E}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"
.\debug.cpp(400) : Destination="\Device\IPSEC"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDR4_XP"
.\debug.cpp(400) : Destination="\Device\PxHelperDevice0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9aa4a2cc-81e0-4cfd-802f-0f74526d2bd3}"
.\debug.cpp(400) : Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) : Destination="\Device\Video4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_7690&SUBSYS_102801BD&REV_1022#4&2973568e&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\0000006b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY"
.\debug.cpp(400) : Destination="\Device\NDProxy"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr"
.\debug.cpp(400) : Destination="\Device\RdpDrDvMgr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{fd0a5af4-b41d-11d2-9c95-00c04f7971e0}"
.\debug.cpp(400) : Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&25e2ff18&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\0000005a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery"
.\debug.cpp(400) : Destination="\Device\CompositeBattery"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}"
.\debug.cpp(400) : Destination="\Device\00000041"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination="\Device\WMIDataDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{F8C27C8B-5AFA-4D27-A2FF-8D0DE93CA214}"
.\debug.cpp(400) : Destination="\Device\{F8C27C8B-5AFA-4D27-A2FF-8D0DE93CA214}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomPBDS_DVD+-RW_DS-8W1P____________________BD1B____#5&2c81f6de&1&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP1T0L0-e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination="\Device\NamedPipe"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3"
.\debug.cpp(400) : Destination="\Device\Winachsf0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CC&SUBSYS_01BD1028&REV_01#3&61aaa01&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0010"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
.\debug.cpp(400) : Destination="\Device\GEARAspiWDMDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Conexant HDA D110 MDC V.92 Modem"
.\debug.cpp(400) : Destination="\Device\0000006c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_7690&SUBSYS_102801BD&REV_1022#4&2973568e&0&0001#{f6c58c1f-7d44-4dd1-b240-dee24d44fd91}"
.\debug.cpp(400) : Destination="\Device\0000006b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
.\debug.cpp(400) : Destination="\Device\IPNAT"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination="\Device\Mup"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_7690&SUBSYS_102801BD&REV_1022#4&2973568e&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination="\Device\0000006b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"
.\debug.cpp(400) : Destination="\Device\PSched"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgrMsg"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination="\Device\Tcp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_14E4&DEV_170C&SUBSYS_01AF1028&REV_02#4&2fe911e8&0&00F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0015"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination="\Device\USBFDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000033"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination="\Device\USBFDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{33ED750B-C4C7-444F-8C8A-5748D8F5F3F9}"
.\debug.cpp(400) : Destination="\Device\{33ED750B-C4C7-444F-8C8A-5748D8F5F3F9}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) : Destination="\Device\VideoPdo0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination="\Device\Harddisk0\DR0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000031"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) : Destination="\Device\USBFDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination="\DosDevices\LPT1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ConexantDiagnosticsServer"
.\debug.cpp(400) : Destination="\Device\ConexantDiagnosticsServer"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{725972BE-3B60-4092-93A8-301218BB7496}"
.\debug.cpp(400) : Destination="\Device\{725972BE-3B60-4092-93A8-301218BB7496}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000030"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27A2&SUBSYS_01BD1028&REV_03#3&61aaa01&0&10#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0001"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) : Destination="\Device\USBFDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination="\Device\FsWrap"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000032"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio"
.\debug.cpp(400) : Destination="\Device\sysaudio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) : Destination="\Device\USBFDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature41AB2316Offset7E00Length2542978200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination="\GLOBAL??"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1180&DEV_0832&SUBSYS_01BD1028&REV_00#4&2fe911e8&0&08F0#{6bdd1fc1-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0016"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0"
.\debug.cpp(400) : Destination="\Device\PxHelperDevice0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_7690&SUBSYS_102801BD&REV_1022#4&2973568e&0&0001#{ac7e9cf6-d199-450d-bedf-8a35b000442d}"
.\debug.cpp(400) : Destination="\Device\0000006b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THM_#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\0000003e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CB&SUBSYS_01BD1028&REV_01#3&61aaa01&0&EB#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0009"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{68f450d0-9f56-11df-9454-806d6172696f}"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{CDF277A7-5FDC-4944-BD01-FB101BAA6F41}"
.\debug.cpp(400) : Destination="\Device\{CDF277A7-5FDC-4944-BD01-FB101BAA6F41}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HSF_MDMDevice0"
.\debug.cpp(400) : Destination="\Device\HSF_MDMDevice0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"
.\debug.cpp(400) : Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"
.\debug.cpp(400) : Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_7690&SUBSYS_102801BD&REV_1022#4&2973568e&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\0000006b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{07dad660-22f1-11d1-a9f4-00c04fbbde8f}"
.\debug.cpp(400) : Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_14F100C3&REV_0900#4&2973568e&0&0102#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"
.\debug.cpp(400) : Destination="\Device\0000006c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ARP1394"
.\debug.cpp(400) : Destination="\Device\ARP1394"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_7690&SUBSYS_102801BD&REV_1022#4&2973568e&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\0000006b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27C8&SUBSYS_01BD1028&REV_01#3&61aaa01&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0006"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_14E4&DEV_4311&SUBSYS_00071028&REV_01#4&6c79fc5&0&00E0#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0021"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0F13#4&25e2ff18&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000059"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{2CB0AE6D-366B-4095-BEBB-6B5665AD412E}"
.\debug.cpp(400) : Destination="\Device\{2CB0AE6D-366B-4095-BEBB-6B5665AD412E}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination="\Device\MountPointManager"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000044"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmConfig"
.\debug.cpp(400) : Destination="\Device\DmControl\DmConfig"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbDlDp32"
.\debug.cpp(400) : Destination="\Device\PxHelperDevice0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_14#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination="\Device\0000003c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000002c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_7690&SUBSYS_102801BD&REV_1022#4&2973568e&0&0001#{5f6b13e4-6814-4fb4-bf50-84cbb4297800}"
.\debug.cpp(400) : Destination="\Device\0000006b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\00000004"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination="\Device\WANARP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmTrace"
.\debug.cpp(400) : Destination="\Device\DmControl\DmTrace"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination="\Device\NdisWanIp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27C9&SUBSYS_01BD1028&REV_01#3&61aaa01&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0007"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SASKUTIL"
.\debug.cpp(400) : Destination="\Device\SASKUTIL"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\00000003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&1a83cd01&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CA&SUBSYS_01BD1028&REV_01#3&61aaa01&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0008"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}"
.\debug.cpp(400) : Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}"
.\debug.cpp(400) : Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{27C516A6-D79B-40A8-B169-30F5E2569C79}"
.\debug.cpp(400) : Destination="\Device\{27C516A6-D79B-40A8-B169-30F5E2569C79}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0"
.\debug.cpp(400) : Destination="\Device\1394BUS0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_14F100C3&REV_0900#4&2973568e&0&0102#{adb44c00-1b8d-11d4-8d5e-00a0c90d1c42}"
.\debug.cpp(400) : Destination="\Device\0000006c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"
.\debug.cpp(400) : Destination="\Device\ParTechInc0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\V1394#NIC1394#1c2f2070314fc000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000063"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000002f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmLoader"
.\debug.cpp(400) : Destination="\Device\DmLoader"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"
.\debug.cpp(400) : Destination="\Device\ParTechInc1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27A6&SUBSYS_01BD1028&REV_03#3&61aaa01&0&11#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MICH_AZ0"
.\debug.cpp(400) : Destination="\Device\MICH_AZ0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"
.\debug.cpp(400) : Destination="\Device\IPMULTICAST"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination="\Device\NdisWan"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI"
.\debug.cpp(400) : Destination="\Device\NdisTapi"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"
.\debug.cpp(400) : Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"
.\debug.cpp(400) : Destination="\Device\LanmanRedirector"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\TPkdDevice0"
.\debug.cpp(400) : Destination="\Device\TPkdDevice0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"
.\debug.cpp(400) : Destination="\Device\ParTechInc2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_14#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination="\Device\0000003d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_8384&DEV_7690&SUBSYS_102801BD&REV_1022#4&2973568e&0&0001#{ba0afe40-6d0a-4d2c-954f-6f7b82187a14}"
.\debug.cpp(400) : Destination="\Device\0000006b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination="\Device\FtControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C0403969-7ABD-4D98-A029-A00BE2173433}"
.\debug.cpp(400) : Destination="\Device\{C0403969-7ABD-4D98-A029-A00BE2173433}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SABDIFSV"
.\debug.cpp(400) : Destination="\Device\SASDIFSV"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCTCoreDriver"
.\debug.cpp(400) : Destination="\Device\PCTCoreDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&10d90b96&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination="\DosDevices\COM1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination="\Device\MailSlot"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination=""

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&27a8915e&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination="\Device\Null"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000036"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) : Destination="\Device\Ndisuio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{ace9e66b-3784-11df-abf8-806d6172696f}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000035"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo"
.\debug.cpp(400) : Destination="\Device\DmControl\DmInfo"

.\debug.cpp(451) : **********************************************
.\boot_cleaner.cpp(1077) : System volume is \\.\C:
.\boot_cleaner.cpp(1113) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
.\boot_cleaner.cpp(424) : Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd
.\boot_cleaner.cpp(1151) :
.\boot_cleaner.cpp(1152) : Size Device Name MBR Status
.\boot_cleaner.cpp(1153) : --------------------------------------------
.\boot_cleaner.cpp(1197) : 149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
.\boot_cleaner.cpp(1203) :
.\boot_cleaner.cpp(1242) : Done;


GooredFix by jpshortstuff (03.07.10.1)
Log created at 09:21 on 21/08/2010 (Richmanu)
Firefox version 3.6.8 (en-GB)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [07:55 06/08/2010]

C:\Documents and Settings\Richmanu\Application Data\Mozilla\Firefox\Profiles\34qxdrvh.default\extensions\
firefox@tvunetworks.com [13:18 08/08/2010]
staged-xpis [11:26 17/08/2010]
{20a82645-c095-46ed-80e3-08825760534b} [11:26 17/08/2010]
{841468a1-d7f4-4bd3-84e6-bb0f13a06c64} [07:58 06/08/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [22:03 25/04/2010]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [01:26 15/08/2010]

-=E.O.F=-

0

Those look ok.

Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.

  • You will need to use Internet Explorer to complete this scan.
  • You will need to temporarily Disable your current Anti-virus program.
  • Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
  • When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

NOTE: If you are unable to complete the ESET scan, please try another from the list below:

Kaspersky Online Scanner Panda Active Scan Trend Micro HouseCall F-Secure Online Virus Scanner

0

as requested.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17080 (vista_gdr.100616-0452)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=5ae104304e175345b958392fead4021d
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-08-21 10:27:15
# local_time=2010-08-21 11:27:15 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 1338251 1338251 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 251 251 0 0
# scanned=152252
# found=17
# cleaned=0
# scan_time=4641
C:\WINDOWS\system32\spool\prtprocs\w32x86\C93uOCE.dll a variant of Win32/Kryptik.FIX trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\spool\prtprocs\w32x86\CE793eIQ.dll a variant of Win32/Kryptik.FIX trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\spool\prtprocs\w32x86\cE931e.dll a variant of Win32/Kryptik.FIX trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\spool\prtprocs\w32x86\G79aA7.dll a variant of Win32/Kryptik.FIX trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\spool\prtprocs\w32x86\i17q3w79.dll a variant of Win32/Kryptik.FIX trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\spool\prtprocs\w32x86\i793qG.dll a variant of Win32/Kryptik.FIX trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\spool\prtprocs\w32x86\IQ31c9s.dll a variant of Win32/Kryptik.FIX trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\spool\prtprocs\w32x86\iQ55c.dll a variant of Win32/Kryptik.FIX trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\spool\prtprocs\w32x86\IQG55.dll a variant of Win32/Kryptik.FIX trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\spool\prtprocs\w32x86\K317wS1e9.dll a variant of Win32/Kryptik.FIX trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\spool\prtprocs\w32x86\k7y317.dll a variant of Win32/Kryptik.FIX trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\spool\prtprocs\w32x86\S79s1e.dll a variant of Win32/Kryptik.FIX trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\spool\prtprocs\w32x86\s7eIQG.dll a variant of Win32/Kryptik.FIX trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\spool\prtprocs\w32x86\U317a3kUO.dll a variant of Win32/Kryptik.FIX trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\spool\prtprocs\w32x86\y179m1gM.dll a variant of Win32/Kryptik.FIX trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\spool\prtprocs\w32x86\Y17o3o79.dll a variant of Win32/Kryptik.FIX trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\spool\prtprocs\w32x86\y31o93179.dll a variant of Win32/Kryptik.FIX trojan 00000000000000000000000000000000 I

0

I'm out for the rest of the day. so I will back on here tomorrow.

thank you so very much for taking time out to help. its very much appreciated.

0

After deleting I still got re directs, so I did another scan with ESET and it found 18 more threats. which I cleaned.


C:\Documents and Settings\Richmanu\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0015ce Win32/Koobface.NDI worm cleaned by deleting - quarantined
C:\System Volume Information\_restore{852EB477-BF53-4E63-9776-4B36050D1813}\RP51\A0013961.dll a variant of Win32/Kryptik.FIX trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{852EB477-BF53-4E63-9776-4B36050D1813}\RP51\A0013962.dll a variant of Win32/Kryptik.FIX trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{852EB477-BF53-4E63-9776-4B36050D1813}\RP51\A0013963.dll a variant of Win32/Kryptik.FIX trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{852EB477-BF53-4E63-9776-4B36050D1813}\RP51\A0013964.dll a variant of Win32/Kryptik.FIX trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{852EB477-BF53-4E63-9776-4B36050D1813}\RP51\A0013965.dll a variant of Win32/Kryptik.FIX trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{852EB477-BF53-4E63-9776-4B36050D1813}\RP51\A0013966.dll a variant of Win32/Kryptik.FIX trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{852EB477-BF53-4E63-9776-4B36050D1813}\RP51\A0013967.dll a variant of Win32/Kryptik.FIX trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{852EB477-BF53-4E63-9776-4B36050D1813}\RP51\A0013968.dll a variant of Win32/Kryptik.FIX trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{852EB477-BF53-4E63-9776-4B36050D1813}\RP51\A0013969.dll a variant of Win32/Kryptik.FIX trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{852EB477-BF53-4E63-9776-4B36050D1813}\RP51\A0013970.dll a variant of Win32/Kryptik.FIX trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{852EB477-BF53-4E63-9776-4B36050D1813}\RP51\A0013971.dll a variant of Win32/Kryptik.FIX trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{852EB477-BF53-4E63-9776-4B36050D1813}\RP51\A0013972.dll a variant of Win32/Kryptik.FIX trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{852EB477-BF53-4E63-9776-4B36050D1813}\RP51\A0013973.dll a variant of Win32/Kryptik.FIX trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{852EB477-BF53-4E63-9776-4B36050D1813}\RP51\A0013974.dll a variant of Win32/Kryptik.FIX trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{852EB477-BF53-4E63-9776-4B36050D1813}\RP51\A0013975.dll a variant of Win32/Kryptik.FIX trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{852EB477-BF53-4E63-9776-4B36050D1813}\RP51\A0013976.dll a variant of Win32/Kryptik.FIX trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{852EB477-BF53-4E63-9776-4B36050D1813}\RP51\A0013977.dll a variant of Win32/Kryptik.FIX trojan cleaned by deleting - quarantined

0

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
0

2010/08/23 14:58:21.0656 TDSS rootkit removing tool 2.4.1.2 Aug 16 2010 09:46:23
2010/08/23 14:58:21.0656 ================================================================================
2010/08/23 14:58:21.0656 SystemInfo:
2010/08/23 14:58:21.0656
2010/08/23 14:58:21.0656 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/23 14:58:21.0656 Product type: Workstation
2010/08/23 14:58:21.0656 ComputerName: SLR3000
2010/08/23 14:58:21.0656 UserName: Richmanu
2010/08/23 14:58:21.0656 Windows directory: C:\WINDOWS
2010/08/23 14:58:21.0656 System windows directory: C:\WINDOWS
2010/08/23 14:58:21.0656 Processor architecture: Intel x86
2010/08/23 14:58:21.0656 Number of processors: 2
2010/08/23 14:58:21.0656 Page size: 0x1000
2010/08/23 14:58:21.0656 Boot type: Normal boot
2010/08/23 14:58:21.0656 ================================================================================
2010/08/23 14:58:22.0031 Initialize success
2010/08/23 14:58:27.0171 ================================================================================
2010/08/23 14:58:27.0171 Scan started
2010/08/23 14:58:27.0171 Mode: Manual;
2010/08/23 14:58:27.0171 ================================================================================
2010/08/23 14:58:29.0171 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/23 14:58:29.0343 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/08/23 14:58:29.0453 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/23 14:58:29.0515 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/23 14:58:29.0781 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/08/23 14:58:29.0890 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/23 14:58:29.0937 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/23 14:58:29.0984 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/23 14:58:30.0046 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/23 14:58:30.0203 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2010/08/23 14:58:30.0281 bcm4sbxp (6489310d11971f6ba6c7f49be0baf6e0) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2010/08/23 14:58:30.0328 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/23 14:58:30.0656 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/23 14:58:30.0718 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/08/23 14:58:30.0796 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/23 14:58:30.0843 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/23 14:58:30.0906 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/23 14:58:30.0953 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2010/08/23 14:58:31.0109 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/08/23 14:58:31.0140 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/08/23 14:58:31.0250 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/23 14:58:31.0312 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/23 14:58:31.0390 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/23 14:58:31.0421 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/23 14:58:31.0562 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/23 14:58:31.0640 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/23 14:58:31.0703 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/23 14:58:31.0765 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/08/23 14:58:31.0812 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/23 14:58:31.0937 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/08/23 14:58:31.0984 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/08/23 14:58:32.0046 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/23 14:58:32.0062 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/23 14:58:32.0125 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/08/23 14:58:32.0187 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/23 14:58:32.0343 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/08/23 14:58:32.0375 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/23 14:58:32.0515 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
2010/08/23 14:58:32.0656 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
2010/08/23 14:58:32.0718 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/23 14:58:32.0796 hwdatacard (20330198554b7ddb44403af21d6ae179) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
2010/08/23 14:58:32.0906 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/23 14:58:33.0015 ialm (cc449157474d5e43daea7e20f52c635a) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/08/23 14:58:33.0203 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/23 14:58:33.0312 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/23 14:58:33.0343 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/08/23 14:58:33.0406 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/23 14:58:33.0437 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/23 14:58:33.0484 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/23 14:58:33.0609 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/23 14:58:33.0656 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/23 14:58:33.0703 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/23 14:58:33.0765 ivusb (339dea550cc17283d6fd689ac7e67c57) C:\WINDOWS\system32\DRIVERS\ivusb.sys
2010/08/23 14:58:33.0812 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/23 14:58:33.0875 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/23 14:58:33.0906 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/23 14:58:34.0062 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/08/23 14:58:34.0125 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/23 14:58:34.0187 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/23 14:58:34.0234 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/23 14:58:34.0343 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/23 14:58:34.0390 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/23 14:58:34.0468 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/23 14:58:34.0500 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/23 14:58:34.0546 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/23 14:58:34.0718 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/23 14:58:34.0750 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/23 14:58:34.0781 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/23 14:58:34.0843 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/08/23 14:58:34.0906 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/23 14:58:34.0968 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/08/23 14:58:35.0062 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/23 14:58:35.0140 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/08/23 14:58:35.0171 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/23 14:58:35.0218 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/23 14:58:35.0281 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/23 14:58:35.0328 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/23 14:58:35.0375 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/23 14:58:35.0437 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/23 14:58:35.0484 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/08/23 14:58:35.0546 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/23 14:58:35.0656 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/23 14:58:35.0765 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/23 14:58:35.0875 NvnUsbAudio (8dd29b418c65aca68b461c667287ebaf) C:\WINDOWS\system32\DRIVERS\nvnusbaudio.sys
2010/08/23 14:58:35.0968 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/23 14:58:35.0984 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/23 14:58:36.0046 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/08/23 14:58:36.0109 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/08/23 14:58:36.0140 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/23 14:58:36.0203 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/23 14:58:36.0250 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/23 14:58:36.0312 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/23 14:58:36.0343 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/23 14:58:36.0421 PCTCore (807ff1dd6e1bdf8e7d2062fca0daecaf) C:\WINDOWS\system32\drivers\PCTCore.sys
2010/08/23 14:58:36.0718 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/23 14:58:36.0734 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/23 14:58:36.0812 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/23 14:58:36.0843 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/08/23 14:58:36.0984 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/23 14:58:37.0046 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/23 14:58:37.0156 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/23 14:58:37.0203 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/23 14:58:37.0250 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/23 14:58:37.0281 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/23 14:58:37.0343 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/08/23 14:58:37.0484 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/23 14:58:37.0531 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/23 14:58:37.0703 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/08/23 14:58:37.0781 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/08/23 14:58:37.0875 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/08/23 14:58:38.0000 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/23 14:58:38.0046 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/08/23 14:58:38.0093 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/23 14:58:38.0171 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/08/23 14:58:38.0296 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/23 14:58:38.0375 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/23 14:58:38.0437 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/23 14:58:38.0531 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
2010/08/23 14:58:38.0687 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/08/23 14:58:38.0781 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/23 14:58:38.0828 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/23 14:58:38.0937 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/23 14:58:39.0015 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/23 14:58:39.0125 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/23 14:58:39.0187 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/23 14:58:39.0234 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/23 14:58:39.0328 TPkd (409a577fd5781c717e55a28717514c58) C:\WINDOWS\system32\drivers\TPkd.sys
2010/08/23 14:58:39.0625 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/23 14:58:39.0828 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/23 14:58:39.0906 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/08/23 14:58:39.0921 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/23 14:58:39.0953 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/23 14:58:40.0015 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/23 14:58:40.0109 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/23 14:58:40.0156 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/23 14:58:40.0187 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/23 14:58:40.0250 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/23 14:58:40.0312 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/23 14:58:40.0406 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/23 14:58:40.0484 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
2010/08/23 14:58:40.0578 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/08/23 14:58:40.0656 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/08/23 14:58:40.0718 ================================================================================
2010/08/23 14:58:40.0718 Scan finished
2010/08/23 14:58:40.0718 ================================================================================

0

I'm having the same problem/virus if you can help me crunchie

Not in this thread, sorry. You need to read the sticky at the top of the forum and then start your own thread please.

0

Hi, .

Sorry for the slow response, my internet keeps disappearing. I dont think it's related to this spyware issue. that, and I have been out for most of the weekend.

Yes I keep getting redirects. Still mainly off Twitter, when I'm linking to somewhere else. But to be honest its still fairly random where it goes. The worst is when it just loads up a blank page, and will do nothing but re load a blank page. I have to leave it and come back. Whatever it is, is certainly a tricky bugger!

Its driving me nuts :(

0

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

0

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 123):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F87000 fltmgr.sys
0xB9F59000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F48000 pci.sys
0xBA0A8000 isapnp.sys
0xBA0B8000 ohci1394.sys
0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0D8000 MountMgr.sys
0xB9F29000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F03000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0E8000 VolSnap.sys
0xB9EEB000 atapi.sys
0xBA338000 cercsr6.sys
0xB9ED3000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xBA0F8000 disk.sys
0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9EC1000 sr.sys
0xB9E88000 PCTCore.sys
0xBA118000 PxHelp20.sys
0xB9E6A000 TPkd.sys
0xB9E53000 KSecDD.sys
0xB9DC6000 Ntfs.sys
0xB9D99000 NDIS.sys
0xB9D7F000 Mup.sys
0xBA148000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB9D5B000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xB9D57000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB94C9000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xB94B5000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB948D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB93F9000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xBA410000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB93D5000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA418000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA158000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xBA168000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB93C1000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xBA178000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA420000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA428000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA188000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA430000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xBA6A5000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA198000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9D53000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB93AA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA438000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB9399000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA440000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA448000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB9369000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA60A000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB9346000 \SystemRoot\system32\DRIVERS\ks.sys
0xB92E8000 \SystemRoot\system32\DRIVERS\update.sys
0xB9D37000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA1E8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA90D2000 \SystemRoot\system32\drivers\sthda.sys
0xA90AE000 \SystemRoot\system32\drivers\portcls.sys
0xBA218000 \SystemRoot\system32\drivers\drmk.sys
0xA9074000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0xA8F7D000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0xA8EC7000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0xBA450000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA228000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA61C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA61E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA79C000 \SystemRoot\System32\Drivers\Null.SYS
0xBA620000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA470000 \SystemRoot\System32\drivers\vga.sys
0xBA622000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA624000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA478000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA480000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA570000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA8E6C000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA8E13000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA8DEB000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA8DC5000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA8DA3000 \SystemRoot\System32\drivers\afd.sys
0xBA238000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA8D81000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xBA488000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xA8D56000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA8CE6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA268000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA288000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA298000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xA8CAD000 \SystemRoot\System32\Drivers\Udfs.SYS
0xA8C95000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5B2000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA8CCA000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA390000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA6A8000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF042000 \SystemRoot\System32\ialmdev5.DLL
0xBF077000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA8B99000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA88F8000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA8959000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA87A3000 \SystemRoot\system32\drivers\wdmaud.sys
0xA88B8000 \SystemRoot\system32\drivers\sysaudio.sys
0xA874C000 \SystemRoot\system32\DRIVERS\srv.sys
0xA834D000 \SystemRoot\System32\Drivers\HTTP.sys
0xA818D000 \SystemRoot\system32\DRIVERS\secdrv.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 34):
0 System Idle Process
4 System
780 C:\WINDOWS\system32\smss.exe
836 csrss.exe
860 C:\WINDOWS\system32\winlogon.exe
904 C:\WINDOWS\system32\services.exe
916 C:\WINDOWS\system32\lsass.exe
1080 C:\WINDOWS\system32\svchost.exe
1156 svchost.exe
1196 C:\WINDOWS\system32\svchost.exe
1316 svchost.exe
1344 svchost.exe
1476 C:\WINDOWS\system32\WLTRYSVC.EXE
1496 C:\WINDOWS\system32\BCMWLTRY.EXE
1608 C:\WINDOWS\system32\spoolsv.exe
1724 svchost.exe
1760 C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
316 C:\WINDOWS\explorer.exe
820 alg.exe
1120 C:\WINDOWS\system32\WLTRAY.EXE
3636 C:\Documents and Settings\Richmanu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
492 C:\Documents and Settings\Richmanu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3368 C:\Documents and Settings\Richmanu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
660 C:\Documents and Settings\Richmanu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
2192 C:\Documents and Settings\Richmanu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
280 C:\Documents and Settings\Richmanu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
188 C:\Documents and Settings\Richmanu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
1180 C:\Documents and Settings\Richmanu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
2064 C:\Documents and Settings\Richmanu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
312 C:\Documents and Settings\Richmanu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
1132 C:\Documents and Settings\Richmanu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3080 C:\WINDOWS\system32\windowspowershell\v1.0\powershell.exe
3012 C:\Documents and Settings\Richmanu\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
2616 C:\Documents and Settings\Richmanu\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK1637GSX, Rev: DL040D

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

0

Please delete the version of combofix that is on your pc now and then download it again from the link I provided earlier.

============

1. Please open Notepad Click Start , then Run
Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:



KillAll::

File::
c:\windows\temp\Sxr.exe
c:\windows\temp\Sx8.exe
c:\windows\temp\Sxx.exe
c:\windows\temp\Sxw.exe

Domains::

ADS::


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter youre-enable all the programs that were disabled during the running of ComboFix:Combofix.txt
Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

===========

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT


* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Edited by crunchie: n/a

Attachments CFScript.gif 27.09 KB
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.