stayley
-
Posts
42 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by stayley
-
I am getting a error when running the kaspersky scanner: Update has failed The program could not be started. Please close the window of Kaspersky Online Scanner 7.0 and start the program again from the web site of Kaspersky Lab. Successful updating of Kaspersky online scanner 7.- and scanning of your computer requires uninterrupted internet connection. Please make sure that the internet connection is established. [error: license has expired] I am downloading the free trial of the internet security 2011 & will post the log from it.
-
file attached. finally, sorry for the delay. thank you for all your help. I'm getting browser redirects and popups like crazy now ark1.txt
-
GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2010-12-03 09:50:21 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHV2100BH_PL rev.00000029 Running: 8efp5l4w.exe; Driver: C:\DOCUME~1\stephen\LOCALS~1\Temp\pxtdypoc.sys ---- System - GMER 1.0.15 ---- SSDT F7C4F2E6 ZwCreateKey SSDT \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys ZwCreateSection [0xF7B56700] SSDT F7C4F2DC ZwCreateThread SSDT F7C4F2EB ZwDeleteKey SSDT F7C4F2F5 ZwDeleteValueKey SSDT F7C4F2FA ZwLoadKey SSDT F7C4F2C8 ZwOpenProcess SSDT \SystemRoot\system32\drivers\dwprot.sys ZwOpenSection [0xA7E9E7E0] SSDT F7C4F2CD ZwOpenThread SSDT F7C4F304 ZwReplaceKey SSDT F7C4F2FF ZwRestoreKey SSDT F7C4F2F0 ZwSetValueKey SSDT \SystemRoot\system32\drivers\dwprot.sys ZwSystemDebugControl [0xA7E9E70E] ---- Kernel code sections - GMER 1.0.15 ---- ? system32\drivers\dwprot.sys The system cannot find the path specified. ! ? C:\DOCUME~1\stephen\LOCALS~1\Temp\45cXDpBS.sys The system cannot find the file specified. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9 .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[244] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9 .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9 .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00] .text C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 86B6B400 Device \FileSystem\Ntfs \Ntfs 86AF97B0 Device \FileSystem\Ntfs \Ntfs 86E50410 Device \FileSystem\Ntfs \Ntfs 86C2A548 Device \FileSystem\Ntfs \Ntfs 860A59E8 Device \FileSystem\Ntfs \Ntfs 86158AD0 AttachedDevice \FileSystem\Ntfs \Ntfs dwprot.sys AttachedDevice \Driver\Tcpip \Device\Ip dwprot.sys AttachedDevice \Driver\Tcpip \Device\Tcp dwprot.sys AttachedDevice \Driver\Tcpip \Device\Udp dwprot.sys AttachedDevice \Driver\Tcpip \Device\RawIp dwprot.sys ---- EOF - GMER 1.0.15 ----
-
I've been trying to cut & paste the results of the last scan but the site keeps freezing up on me. I've attached the results to this post. CureIt.log
-
disregard last post.
-
MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows XP Home Edition Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x0000001c Kernel Drivers (total 141): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806D0000 \WINDOWS\system32\hal.dll 0xF7B3E000 \WINDOWS\system32\KDCOM.DLL 0xF7A4E000 \WINDOWS\system32\BOOTVID.dll 0xF750F000 ACPI.sys 0xF7B40000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xF74FE000 pci.sys 0xF763E000 isapnp.sys 0xF764E000 ohci1394.sys 0xF765E000 \WINDOWS\system32\DRIVERS\1394BUS.SYS 0xF7A52000 compbatt.sys 0xF7A56000 \WINDOWS\system32\DRIVERS\BATTC.SYS 0xF7C06000 pciide.sys 0xF78BE000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xF7B42000 intelide.sys 0xF74E0000 pcmcia.sys 0xF766E000 MountMgr.sys 0xF74C1000 ftdisk.sys 0xF7A5A000 ACPIEC.sys 0xF7C07000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 0xF78C6000 PartMgr.sys 0xF767E000 VolSnap.sys 0xF74A9000 atapi.sys 0xF768E000 disk.sys 0xF769E000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xF7489000 fltmgr.sys 0xF76AE000 PxHelp20.sys 0xF7472000 KSecDD.sys 0xF745F000 WudfPf.sys 0xF73D2000 Ntfs.sys 0xF73A5000 NDIS.sys 0xF738B000 Mup.sys 0xF6E9A000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xF7B1A000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0xF6B0F000 \SystemRoot\system32\DRIVERS\ialmnt5.sys 0xF6AFB000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xF6AD3000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xF799E000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xF6AAF000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xF79A6000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xF6A9C000 \SystemRoot\system32\DRIVERS\Rtlnicxp.sys 0xF6E8A000 \SystemRoot\system32\DRIVERS\nic1394.sys 0xF6A7F000 \SystemRoot\system32\drivers\tifmsony.sys 0xF675C000 \SystemRoot\system32\DRIVERS\w29n51.sys 0xF79AE000 \SystemRoot\System32\Drivers\SonyNC.sys 0xF6E7A000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xF79B6000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xF6742000 \SystemRoot\system32\DRIVERS\Apfiltr.sys 0xF79BE000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xF6E6A000 \SystemRoot\system32\DRIVERS\imapi.sys 0xF7B22000 \SystemRoot\system32\drivers\pfc.sys 0xF6E5A000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xF777E000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys 0xF7CB0000 \SystemRoot\system32\DRIVERS\audstub.sys 0xF778E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xF7B26000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xF672B000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xF779E000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xF77AE000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xF79C6000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xF671A000 \SystemRoot\system32\DRIVERS\psched.sys 0xF77BE000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xF79CE000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xF79D6000 \SystemRoot\system32\DRIVERS\raspti.sys 0xF77CE000 \SystemRoot\System32\Drivers\pcouffin.sys 0xF77DE000 \SystemRoot\system32\DRIVERS\termdd.sys 0xF7B7C000 \SystemRoot\system32\DRIVERS\swenum.sys 0xF66C3000 \SystemRoot\system32\DRIVERS\ks.sys 0xF6665000 \SystemRoot\system32\DRIVERS\update.sys 0xF7B3A000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xF77EE000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xAA3E2000 \SystemRoot\system32\drivers\RtkHDAud.sys 0xAA3BE000 \SystemRoot\system32\drivers\portcls.sys 0xF780E000 \SystemRoot\system32\drivers\drmk.sys 0xAA38C000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys 0xAA298000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys 0xAA1E7000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys 0xF79DE000 \SystemRoot\System32\Drivers\Modem.SYS 0xF782E000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xF7B80000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xF7B82000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xF7C30000 \SystemRoot\System32\Drivers\Null.SYS 0xF7B84000 \SystemRoot\System32\Drivers\Beep.SYS 0xF79FE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xF7A06000 \SystemRoot\System32\drivers\vga.sys 0xF7B86000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF7B88000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF7A0E000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF7A16000 \SystemRoot\System32\Drivers\Npfs.SYS 0xF7AE2000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xAA18C000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xAA133000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xAA10B000 \SystemRoot\system32\DRIVERS\netbt.sys 0xAA0E9000 \SystemRoot\System32\drivers\afd.sys 0xF783E000 \SystemRoot\system32\DRIVERS\netbios.sys 0xF7A1E000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0xAA0BE000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xAA04E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xF785E000 \SystemRoot\System32\Drivers\Fips.SYS 0xAA028000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xF786E000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xF787E000 \SystemRoot\system32\DRIVERS\arp1394.sys 0xF7D6C000 \SystemRoot\system32\DRIVERS\DMICall.sys 0xA9F12000 \SystemRoot\system32\DRIVERS\avipbb.sys 0xF7B92000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys 0xF6C1C000 \SystemRoot\System32\Drivers\ASPI32.SYS 0xA9E96000 \SystemRoot\System32\Drivers\usbvm321.sys 0xF771E000 \SystemRoot\System32\Drivers\STREAM.SYS 0xF78E6000 \SystemRoot\System32\Drivers\USBCAMD2.SYS 0xF78EE000 \SystemRoot\system32\DRIVERS\SonyImgF.sys 0xF78F6000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0xF7AF6000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xF772E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xF7AFA000 \SystemRoot\system32\DRIVERS\mouhid.sys 0xF7B06000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0xF776E000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xA9E7E000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xF7BA4000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xF7ADE000 \SystemRoot\System32\drivers\Dxapi.sys 0xF792E000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xF7D3F000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF020000 \SystemRoot\System32\ialmdnt5.dll 0xBF012000 \SystemRoot\System32\ialmrnt5.dll 0xBF041000 \SystemRoot\System32\ialmdev5.DLL 0xBF075000 \SystemRoot\System32\ialmdd5.DLL 0xBFFA0000 \SystemRoot\System32\ATMFD.DLL 0xA9D29000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0xA9CF5000 \SystemRoot\system32\DRIVERS\AegisP.sys 0xA9CE9000 \SystemRoot\system32\DRIVERS\s24trans.sys 0xA9CC1000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xA998C000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xA994F000 \SystemRoot\system32\drivers\wdmaud.sys 0xA9BE9000 \SystemRoot\system32\drivers\sysaudio.sys 0xA92F6000 \SystemRoot\System32\Drivers\HTTP.sys 0xA9226000 \SystemRoot\system32\DRIVERS\srv.sys 0xA9403000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys 0xF7BD4000 \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys 0xA8932000 \SystemRoot\system32\drivers\kmixer.sys 0x7C900000 \WINDOWS\system32\ntdll.dll Processes (total 68): 0 System Idle Process 4 System 640 C:\WINDOWS\system32\smss.exe 688 csrss.exe 712 C:\WINDOWS\system32\winlogon.exe 760 C:\WINDOWS\system32\services.exe 772 C:\WINDOWS\system32\lsass.exe 936 C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE 948 C:\WINDOWS\system32\svchost.exe 1004 svchost.exe 1096 C:\WINDOWS\system32\svchost.exe 1128 C:\WINDOWS\system32\svchost.exe 1284 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe 1432 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe 1452 C:\WINDOWS\explorer.exe 1500 svchost.exe 1620 svchost.exe 1888 C:\WINDOWS\system32\BRSVC01A.EXE 1908 C:\WINDOWS\system32\BRSS01A.EXE 1916 C:\WINDOWS\system32\spoolsv.exe 1960 C:\Program Files\Avira\AntiVir Desktop\sched.exe 2024 svchost.exe 584 C:\Program Files\Apoint\Apoint.exe 360 C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe 660 C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe 676 C:\Program Files\Java\jre6\bin\jusched.exe 672 C:\Program Files\Sony\VAIO Power Management\SPMgr.exe 720 C:\WINDOWS\RTHDCPL.EXE 892 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe 956 C:\Program Files\Sony\ISB Utility\ISBMgr.exe 1048 C:\WINDOWS\system32\igfxpers.exe 1056 C:\WINDOWS\system32\hkcmd.exe 1168 C:\Program Files\iTunes\iTunesHelper.exe 1224 C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe 1244 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 1364 C:\Program Files\Google\Gmail Notifier\gnotify.exe 1380 C:\Program Files\Windows Media Player\wmpnscfg.exe 1568 C:\WINDOWS\system32\ctfmon.exe 152 C:\Program Files\Apoint\ApntEx.exe 416 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 432 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 452 C:\Program Files\Bonjour\mDNSResponder.exe 1156 C:\WINDOWS\system32\svchost.exe 616 C:\Program Files\Java\jre6\bin\jqs.exe 1944 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe 1592 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 1556 C:\Program Files\Microsoft SQL Server\MSSQL$EMMSDE\Binn\sqlservr.exe 2256 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe 2460 C:\WINDOWS\system32\svchost.exe 2576 C:\Program Files\Sony\VAIO Event Service\VESMgr.exe 2640 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe 2884 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe 3032 wmpnetwk.exe 3264 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe 3544 igfxext.exe 3644 igfxsrvc.exe 448 C:\Program Files\iPod\bin\iPodService.exe 2268 alg.exe 3360 C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe 3652 C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe 3664 C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe 3736 C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe 3916 C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe 2712 C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe 3804 C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe 664 C:\Program Files\iTunes\iTunes.exe 4032 C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe 1756 C:\Documents and Settings\stephen\Desktop\Virus Cleaning\MBRCheck (1).exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`805e2000 (NTFS) PhysicalDrive0 Model Number: FUJITSUMHV2100BHPL, Rev: 00000029 Size Device Name MBR Status -------------------------------------------- 93 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A Done!
-
MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows XP Home Edition Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x0000001c Kernel Drivers (total 141): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806D0000 \WINDOWS\system32\hal.dll 0xF7B3E000 \WINDOWS\system32\KDCOM.DLL 0xF7A4E000 \WINDOWS\system32\BOOTVID.dll 0xF750F000 ACPI.sys 0xF7B40000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xF74FE000 pci.sys 0xF763E000 isapnp.sys 0xF764E000 ohci1394.sys 0xF765E000 \WINDOWS\system32\DRIVERS\1394BUS.SYS 0xF7A52000 compbatt.sys 0xF7A56000 \WINDOWS\system32\DRIVERS\BATTC.SYS 0xF7C06000 pciide.sys 0xF78BE000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xF7B42000 intelide.sys 0xF74E0000 pcmcia.sys 0xF766E000 MountMgr.sys 0xF74C1000 ftdisk.sys 0xF7A5A000 ACPIEC.sys 0xF7C07000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 0xF78C6000 PartMgr.sys 0xF767E000 VolSnap.sys 0xF74A9000 atapi.sys 0xF768E000 disk.sys 0xF769E000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xF7489000 fltmgr.sys 0xF76AE000 PxHelp20.sys 0xF7472000 KSecDD.sys 0xF745F000 WudfPf.sys 0xF73D2000 Ntfs.sys 0xF73A5000 NDIS.sys 0xF738B000 Mup.sys 0xF6A9E000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xF7B22000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0xF6701000 \SystemRoot\system32\DRIVERS\ialmnt5.sys 0xF66ED000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xF66C5000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xF7996000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xF66A1000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xF799E000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xF668E000 \SystemRoot\system32\DRIVERS\Rtlnicxp.sys 0xF6A8E000 \SystemRoot\system32\DRIVERS\nic1394.sys 0xF6671000 \SystemRoot\system32\drivers\tifmsony.sys 0xF634E000 \SystemRoot\system32\DRIVERS\w29n51.sys 0xF79A6000 \SystemRoot\System32\Drivers\SonyNC.sys 0xF6A7E000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xF79AE000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xF6334000 \SystemRoot\system32\DRIVERS\Apfiltr.sys 0xF79B6000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xF6A6E000 \SystemRoot\system32\DRIVERS\imapi.sys 0xF7B2A000 \SystemRoot\system32\drivers\pfc.sys 0xF6A5E000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xF6A4E000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys 0xF7D62000 \SystemRoot\system32\DRIVERS\audstub.sys 0xF6A3E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xF7B2E000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xF62AB000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xF777E000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xF778E000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xF79D6000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xF629A000 \SystemRoot\system32\DRIVERS\psched.sys 0xF779E000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xF79DE000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xF79E6000 \SystemRoot\system32\DRIVERS\raspti.sys 0xF77BE000 \SystemRoot\System32\Drivers\pcouffin.sys 0xF77CE000 \SystemRoot\system32\DRIVERS\termdd.sys 0xF7B7A000 \SystemRoot\system32\DRIVERS\swenum.sys 0xF625F000 \SystemRoot\system32\DRIVERS\ks.sys 0xF6201000 \SystemRoot\system32\DRIVERS\update.sys 0xF7356000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xF77DE000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xAA3F5000 \SystemRoot\system32\drivers\RtkHDAud.sys 0xAA3D1000 \SystemRoot\system32\drivers\portcls.sys 0xF77FE000 \SystemRoot\system32\drivers\drmk.sys 0xAA39F000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys 0xAA2AB000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys 0xAA1FA000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys 0xF79F6000 \SystemRoot\System32\Drivers\Modem.SYS 0xF781E000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xF7B88000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xF7B8A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xF7C37000 \SystemRoot\System32\Drivers\Null.SYS 0xF7B8C000 \SystemRoot\System32\Drivers\Beep.SYS 0xF7A16000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xF7A1E000 \SystemRoot\System32\drivers\vga.sys 0xF7B8E000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF7B90000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF7A26000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF7A2E000 \SystemRoot\System32\Drivers\Npfs.SYS 0xF7AEE000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xAA19F000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xAA146000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xAA11E000 \SystemRoot\system32\DRIVERS\netbt.sys 0xAA0FC000 \SystemRoot\System32\drivers\afd.sys 0xF782E000 \SystemRoot\system32\DRIVERS\netbios.sys 0xF7A36000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0xAA0D1000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xAA061000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xF784E000 \SystemRoot\System32\Drivers\Fips.SYS 0xAA03B000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xF785E000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xF786E000 \SystemRoot\system32\DRIVERS\arp1394.sys 0xF7C45000 \SystemRoot\system32\DRIVERS\DMICall.sys 0xA9F50000 \SystemRoot\system32\DRIVERS\avipbb.sys 0xF7B9C000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys 0xF7AFA000 \SystemRoot\System32\Drivers\ASPI32.SYS 0xF76FE000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xA9F13000 \SystemRoot\System32\Drivers\usbvm321.sys 0xF770E000 \SystemRoot\System32\Drivers\STREAM.SYS 0xF7A46000 \SystemRoot\System32\Drivers\USBCAMD2.SYS 0xF78E6000 \SystemRoot\system32\DRIVERS\SonyImgF.sys 0xF78F6000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0xAA1F6000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xF772E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xAA1F2000 \SystemRoot\system32\DRIVERS\mouhid.sys 0xAA1EA000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0xA9EFB000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xF7BC8000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xAA037000 \SystemRoot\System32\drivers\Dxapi.sys 0xF790E000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xF7D91000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF020000 \SystemRoot\System32\ialmdnt5.dll 0xBF012000 \SystemRoot\System32\ialmrnt5.dll 0xBF041000 \SystemRoot\System32\ialmdev5.DLL 0xBF075000 \SystemRoot\System32\ialmdd5.DLL 0xBFFA0000 \SystemRoot\System32\ATMFD.DLL 0xA9DA6000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0xA9E03000 \SystemRoot\system32\DRIVERS\AegisP.sys 0xA9DFF000 \SystemRoot\system32\DRIVERS\s24trans.sys 0xA9D8A000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xA9981000 \SystemRoot\system32\drivers\wdmaud.sys 0xA9E93000 \SystemRoot\system32\drivers\sysaudio.sys 0xA9814000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xA934B000 \SystemRoot\System32\Drivers\HTTP.sys 0xA939C000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys 0xA91DB000 \SystemRoot\system32\DRIVERS\srv.sys 0xF7BAA000 \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys 0xA8641000 \SystemRoot\system32\drivers\kmixer.sys 0x7C900000 \WINDOWS\system32\ntdll.dll Processes (total 72): 0 System Idle Process 4 System 608 C:\WINDOWS\system32\smss.exe 680 csrss.exe 704 C:\WINDOWS\system32\winlogon.exe 752 C:\WINDOWS\system32\services.exe 764 C:\WINDOWS\system32\lsass.exe 924 C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE 936 C:\WINDOWS\system32\svchost.exe 1000 svchost.exe 1092 C:\WINDOWS\system32\svchost.exe 1124 C:\WINDOWS\system32\svchost.exe 1268 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe 1424 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe 1448 C:\WINDOWS\explorer.exe 1504 svchost.exe 1612 svchost.exe 1888 C:\WINDOWS\system32\BRSVC01A.EXE 1908 C:\WINDOWS\system32\BRSS01A.EXE 1916 C:\WINDOWS\system32\spoolsv.exe 1960 C:\Program Files\Avira\AntiVir Desktop\sched.exe 196 svchost.exe 640 C:\Program Files\Apoint\Apoint.exe 656 C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe 668 C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe 684 C:\Program Files\Java\jre6\bin\jusched.exe 728 C:\Program Files\Sony\VAIO Power Management\SPMgr.exe 944 C:\WINDOWS\RTHDCPL.EXE 980 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe 1040 C:\Program Files\Sony\ISB Utility\ISBMgr.exe 1064 C:\WINDOWS\system32\igfxpers.exe 1076 C:\WINDOWS\system32\hkcmd.exe 1260 C:\Program Files\iTunes\iTunesHelper.exe 1256 C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe 1288 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 1344 C:\Program Files\Google\Gmail Notifier\gnotify.exe 1384 C:\Program Files\Windows Media Player\wmpnscfg.exe 1536 C:\WINDOWS\system32\ctfmon.exe 2036 C:\Program Files\Apoint\ApntEx.exe 500 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 512 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1228 C:\Program Files\Bonjour\mDNSResponder.exe 156 C:\WINDOWS\system32\svchost.exe 1668 C:\Program Files\Java\jre6\bin\jqs.exe 1764 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe 1768 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 2080 C:\Program Files\Microsoft SQL Server\MSSQL$EMMSDE\Binn\sqlservr.exe 2476 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe 2584 C:\WINDOWS\system32\svchost.exe 2640 C:\Program Files\Sony\VAIO Event Service\VESMgr.exe 2712 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe 2884 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe 2992 wmpnetwk.exe 3112 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe 3408 igfxext.exe 3432 igfxsrvc.exe 1560 C:\Program Files\iPod\bin\iPodService.exe 2344 alg.exe 540 C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe 2472 C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe 3380 C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe 3580 C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe 2352 C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe 3876 C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe 3084 C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe 3160 C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe 2688 C:\Documents and Settings\stephen\Local Settings\temp\wze161\remover.exe 1380 C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe 232 C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe 2336 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe 3768 C:\Documents and Settings\stephen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe 464 C:\Documents and Settings\stephen\Desktop\Virus Cleaning\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`805e2000 (NTFS) PhysicalDrive0 Model Number: FUJITSUMHV2100BHPL, Rev: 00000029 Size Device Name MBR Status -------------------------------------------- 93 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A Done!
-
Bootkit Remover © 2009 eSage Lab www.esagelab.com Program version: 1.2.0.0 OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) System volume is \\.\C: \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000001`805e2000 Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd Size Device Name MBR Status -------------------------------------------- 93 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found) Done; Press any key to quit...
-
still getting browser popups.
-
This is the log for the program that was created: I hope that it is what you're looking for: Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: FUJITSU_MHV2100BH_PL rev.00000029 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK
-
Tdsskiller report: 2010/11/24 16:53:30.0906 TDSS rootkit removing tool 2.4.8.0 Nov 17 2010 07:23:12 2010/11/24 16:53:30.0906 ================================================================================ 2010/11/24 16:53:30.0906 SystemInfo: 2010/11/24 16:53:30.0906 2010/11/24 16:53:30.0906 OS Version: 5.1.2600 ServicePack: 3.0 2010/11/24 16:53:30.0906 Product type: Workstation 2010/11/24 16:53:30.0906 ComputerName: MAMA 2010/11/24 16:53:30.0906 UserName: stephen 2010/11/24 16:53:30.0906 Windows directory: C:\WINDOWS 2010/11/24 16:53:30.0906 System windows directory: C:\WINDOWS 2010/11/24 16:53:30.0906 Processor architecture: Intel x86 2010/11/24 16:53:30.0906 Number of processors: 1 2010/11/24 16:53:30.0906 Page size: 0x1000 2010/11/24 16:53:30.0906 Boot type: Normal boot 2010/11/24 16:53:30.0906 ================================================================================ 2010/11/24 16:53:31.0171 Initialize success 2010/11/24 16:54:00.0078 ================================================================================ 2010/11/24 16:54:00.0078 Scan started 2010/11/24 16:54:00.0078 Mode: Manual; 2010/11/24 16:54:00.0078 ================================================================================ 2010/11/24 16:54:01.0406 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2010/11/24 16:54:01.0484 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 2010/11/24 16:54:01.0593 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2010/11/24 16:54:01.0703 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys 2010/11/24 16:54:01.0843 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2010/11/24 16:54:02.0078 ApfiltrService (b21fcbc58cb13bac70f74b5ac5da7409) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 2010/11/24 16:54:02.0203 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2010/11/24 16:54:02.0343 ASPI32 (5b01af89d16d562825c4db4530f20cbb) C:\WINDOWS\system32\drivers\ASPI32.sys 2010/11/24 16:54:02.0453 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2010/11/24 16:54:02.0546 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2010/11/24 16:54:02.0640 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2010/11/24 16:54:02.0734 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2010/11/24 16:54:02.0859 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2010/11/24 16:54:02.0937 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 2010/11/24 16:54:03.0046 avipbb (f8c56231ed5ecf7d1b46b0330880ccef) C:\WINDOWS\system32\DRIVERS\avipbb.sys 2010/11/24 16:54:03.0187 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2010/11/24 16:54:03.0343 brfilt (4ba311473e0d8557827e6f2fe33a8095) C:\WINDOWS\system32\Drivers\Brfilt.sys 2010/11/24 16:54:03.0468 BrSerWDM (791ef93168dcf057715493d607e37983) C:\WINDOWS\system32\Drivers\BrSerWdm.sys 2010/11/24 16:54:03.0562 BrUsbMdm (37e2d0b12ddf536cd64af6eb3b580ef8) C:\WINDOWS\system32\Drivers\BrUsbMdm.sys 2010/11/24 16:54:03.0640 BrUsbScn (1c5f014048e5b2748c1a8ad297c50b6f) C:\WINDOWS\system32\Drivers\BrUsbScn.sys 2010/11/24 16:54:03.0781 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2010/11/24 16:54:03.0906 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2010/11/24 16:54:04.0093 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2010/11/24 16:54:04.0203 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2010/11/24 16:54:04.0265 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2010/11/24 16:54:04.0437 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2010/11/24 16:54:04.0593 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2010/11/24 16:54:04.0812 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2010/11/24 16:54:04.0921 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2010/11/24 16:54:05.0015 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys 2010/11/24 16:54:05.0109 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2010/11/24 16:54:05.0218 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2010/11/24 16:54:05.0296 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2010/11/24 16:54:05.0437 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys 2010/11/24 16:54:05.0546 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys 2010/11/24 16:54:05.0625 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys 2010/11/24 16:54:05.0859 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2010/11/24 16:54:05.0937 esgiguard (051a2e2a75adb6d1c5c27e940fdabcba) C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys 2010/11/24 16:54:06.0046 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2010/11/24 16:54:06.0140 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2010/11/24 16:54:06.0265 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2010/11/24 16:54:06.0359 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2010/11/24 16:54:06.0453 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2010/11/24 16:54:06.0531 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2010/11/24 16:54:06.0625 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2010/11/24 16:54:06.0687 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 2010/11/24 16:54:06.0796 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2010/11/24 16:54:06.0875 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2010/11/24 16:54:06.0984 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2010/11/24 16:54:07.0125 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 2010/11/24 16:54:07.0187 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 2010/11/24 16:54:07.0296 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 2010/11/24 16:54:07.0390 HSFHWAZL (acc46dda7fece95a253ae88cea172e12) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 2010/11/24 16:54:07.0531 HSF_DPV (c9f4e7da78a02623abf78a4a34ce79b1) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 2010/11/24 16:54:07.0718 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2010/11/24 16:54:07.0937 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2010/11/24 16:54:08.0093 ialm (240d0f5d7caafd87bd8d801a97bbe041) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 2010/11/24 16:54:08.0265 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2010/11/24 16:54:08.0578 IntcAzAudAddService (8443479648f804445e9dafef0f219231) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2010/11/24 16:54:08.0906 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2010/11/24 16:54:09.0015 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2010/11/24 16:54:09.0109 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2010/11/24 16:54:09.0218 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2010/11/24 16:54:09.0343 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2010/11/24 16:54:09.0421 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2010/11/24 16:54:09.0531 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2010/11/24 16:54:09.0578 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2010/11/24 16:54:09.0656 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2010/11/24 16:54:09.0765 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2010/11/24 16:54:09.0859 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2010/11/24 16:54:09.0937 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2010/11/24 16:54:10.0093 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2010/11/24 16:54:10.0296 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 2010/11/24 16:54:10.0421 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys 2010/11/24 16:54:10.0500 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2010/11/24 16:54:10.0593 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2010/11/24 16:54:10.0640 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2010/11/24 16:54:10.0734 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2010/11/24 16:54:10.0781 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2010/11/24 16:54:10.0890 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2010/11/24 16:54:10.0984 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2010/11/24 16:54:11.0140 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2010/11/24 16:54:11.0265 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2010/11/24 16:54:11.0312 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2010/11/24 16:54:11.0390 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2010/11/24 16:54:11.0484 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2010/11/24 16:54:11.0593 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2010/11/24 16:54:11.0703 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2010/11/24 16:54:11.0765 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2010/11/24 16:54:11.0890 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2010/11/24 16:54:11.0968 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2010/11/24 16:54:12.0031 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2010/11/24 16:54:12.0125 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2010/11/24 16:54:12.0343 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2010/11/24 16:54:12.0406 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 2010/11/24 16:54:12.0500 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2010/11/24 16:54:12.0562 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2010/11/24 16:54:12.0687 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2010/11/24 16:54:12.0828 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2010/11/24 16:54:12.0890 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2010/11/24 16:54:13.0046 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2010/11/24 16:54:13.0140 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2010/11/24 16:54:13.0187 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2010/11/24 16:54:13.0296 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2010/11/24 16:54:13.0453 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 2010/11/24 16:54:13.0515 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2010/11/24 16:54:13.0593 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2010/11/24 16:54:13.0687 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2010/11/24 16:54:13.0796 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2010/11/24 16:54:13.0859 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 2010/11/24 16:54:14.0000 pcouffin (02aaafb7ba137ce5ddabcdf8090954d9) C:\WINDOWS\system32\Drivers\pcouffin.sys 2010/11/24 16:54:14.0250 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys 2010/11/24 16:54:14.0375 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2010/11/24 16:54:14.0453 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2010/11/24 16:54:14.0515 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2010/11/24 16:54:14.0578 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2010/11/24 16:54:14.0890 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2010/11/24 16:54:15.0015 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2010/11/24 16:54:15.0109 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2010/11/24 16:54:15.0187 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2010/11/24 16:54:15.0312 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2010/11/24 16:54:15.0375 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/11/24 16:54:15.0500 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2010/11/24 16:54:15.0687 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2010/11/24 16:54:15.0843 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys 2010/11/24 16:54:15.0953 s24trans (9c40cb317400f2cf643b8706147dd06d) C:\WINDOWS\system32\DRIVERS\s24trans.sys 2010/11/24 16:54:16.0062 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2010/11/24 16:54:16.0140 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 2010/11/24 16:54:16.0250 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys 2010/11/24 16:54:16.0343 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2010/11/24 16:54:16.0406 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys 2010/11/24 16:54:16.0437 SonyImgF (fb77021110eaa16ea6e0961c844ef0d2) C:\WINDOWS\system32\DRIVERS\SonyImgF.sys 2010/11/24 16:54:16.0515 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2010/11/24 16:54:16.0593 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2010/11/24 16:54:16.0671 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys 2010/11/24 16:54:16.0765 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 2010/11/24 16:54:16.0859 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2010/11/24 16:54:16.0890 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2010/11/24 16:54:16.0921 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2010/11/24 16:54:17.0046 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2010/11/24 16:54:17.0140 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2010/11/24 16:54:17.0281 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2010/11/24 16:54:17.0359 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2010/11/24 16:54:17.0421 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2010/11/24 16:54:17.0562 tifmsony (72aaa3343af62e02ae37001eea5c9a0e) C:\WINDOWS\system32\drivers\tifmsony.sys 2010/11/24 16:54:17.0828 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2010/11/24 16:54:17.0984 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2010/11/24 16:54:18.0078 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2010/11/24 16:54:18.0187 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2010/11/24 16:54:18.0234 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2010/11/24 16:54:18.0359 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2010/11/24 16:54:18.0390 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2010/11/24 16:54:18.0437 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2010/11/24 16:54:18.0500 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2010/11/24 16:54:18.0562 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2010/11/24 16:54:18.0640 usbvm321 (f9d550545afec1d581d2539f3488c4cd) C:\WINDOWS\system32\Drivers\usbvm321.sys 2010/11/24 16:54:18.0765 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys 2010/11/24 16:54:18.0890 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2010/11/24 16:54:19.0046 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2010/11/24 16:54:19.0328 w29n51 (adb2f5af36155c9f1fbfd66a3acacbe6) C:\WINDOWS\system32\DRIVERS\w29n51.sys 2010/11/24 16:54:19.0734 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2010/11/24 16:54:19.0843 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2010/11/24 16:54:19.0968 winachsf (c1d5cbd8aa0d674da1ba1bb189696396) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 2010/11/24 16:54:20.0218 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 2010/11/24 16:54:20.0312 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2010/11/24 16:54:20.0406 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2010/11/24 16:54:20.0484 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2010/11/24 16:54:20.0781 ================================================================================ 2010/11/24 16:54:20.0781 Scan finished 2010/11/24 16:54:20.0781 ================================================================================
-
I'm still getting random popups in my browsers & certain items in webpages won't load.
-
Rookkit Unhooker Report: RkU Version: 3.8.388.590, Type LE (SR2) ============================================== OS Name: Windows XP Version 5.1.2600 (Service Pack 3) Number of processors #1 ============================================== >Drivers ============================================== 0xAA3F5000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 3977216 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver) 0xF6E6D000 C:\WINDOWS\system32\DRIVERS\w29n51.sys 3289088 bytes (Intel
-
Can't download rootkit AV Scan results: Avira AntiVir Personal Report file date: Monday, November 22, 2010 22:37 Scanning for 3077234 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : MAMA Version information: BUILD.DAT : 10.0.0.596 31825 Bytes 11/16/2010 15:57:00 AVSCAN.EXE : 10.0.3.1 434344 Bytes 8/2/2010 21:09:56 AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 18:57:04 LUKE.DLL : 10.0.2.3 104296 Bytes 8/2/2010 21:10:00 LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49 VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36 VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 01:27:49 VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 23:37:42 VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 22:37:42 VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 17:29:03 VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 21:10:03 VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 21:10:04 VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 21:10:06 VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 02:22:23 VBASE009.VDF : 7.10.13.80 2265600 Bytes 11/2/2010 02:22:29 VBASE010.VDF : 7.10.13.81 2048 Bytes 11/2/2010 02:22:29 VBASE011.VDF : 7.10.13.82 2048 Bytes 11/2/2010 02:22:29 VBASE012.VDF : 7.10.13.83 2048 Bytes 11/2/2010 02:22:29 VBASE013.VDF : 7.10.13.116 147968 Bytes 11/4/2010 02:22:30 VBASE014.VDF : 7.10.13.147 146944 Bytes 11/7/2010 02:22:30 VBASE015.VDF : 7.10.13.180 123904 Bytes 11/9/2010 02:22:31 VBASE016.VDF : 7.10.13.211 122368 Bytes 11/11/2010 02:22:31 VBASE017.VDF : 7.10.13.243 147456 Bytes 11/15/2010 02:22:31 VBASE018.VDF : 7.10.14.15 142848 Bytes 11/17/2010 02:22:32 VBASE019.VDF : 7.10.14.41 134144 Bytes 11/19/2010 01:06:00 VBASE020.VDF : 7.10.14.42 2048 Bytes 11/19/2010 01:06:00 VBASE021.VDF : 7.10.14.43 2048 Bytes 11/19/2010 01:06:00 VBASE022.VDF : 7.10.14.44 2048 Bytes 11/19/2010 01:06:01 VBASE023.VDF : 7.10.14.45 2048 Bytes 11/19/2010 01:06:01 VBASE024.VDF : 7.10.14.46 2048 Bytes 11/19/2010 01:06:01 VBASE025.VDF : 7.10.14.47 2048 Bytes 11/19/2010 01:06:02 VBASE026.VDF : 7.10.14.48 2048 Bytes 11/19/2010 01:06:03 VBASE027.VDF : 7.10.14.49 2048 Bytes 11/19/2010 01:06:03 VBASE028.VDF : 7.10.14.50 2048 Bytes 11/19/2010 01:06:03 VBASE029.VDF : 7.10.14.51 2048 Bytes 11/19/2010 01:06:03 VBASE030.VDF : 7.10.14.52 2048 Bytes 11/19/2010 01:06:04 VBASE031.VDF : 7.10.14.60 108544 Bytes 11/22/2010 14:36:48 Engineversion : 8.2.4.112 AEVDF.DLL : 8.1.2.1 106868 Bytes 8/2/2010 21:09:54 AESCRIPT.DLL : 8.1.3.47 1294716 Bytes 11/22/2010 14:38:49 AESCN.DLL : 8.1.7.2 127349 Bytes 11/22/2010 14:38:29 AESBX.DLL : 8.1.3.2 254324 Bytes 11/22/2010 14:38:53 AERDL.DLL : 8.1.9.2 635252 Bytes 11/19/2010 02:22:45 AEPACK.DLL : 8.2.3.11 471416 Bytes 11/19/2010 02:22:43 AEOFFICE.DLL : 8.1.1.10 201084 Bytes 11/22/2010 14:38:27 AEHEUR.DLL : 8.1.2.44 3076471 Bytes 11/22/2010 14:38:20 AEHELP.DLL : 8.1.14.0 246134 Bytes 11/19/2010 02:22:38 AEGEN.DLL : 8.1.4.2 401781 Bytes 11/22/2010 14:37:13 AEEMU.DLL : 8.1.3.0 393589 Bytes 11/22/2010 14:37:01 AECORE.DLL : 8.1.18.1 196984 Bytes 11/22/2010 14:36:54 AEBB.DLL : 8.1.1.0 53618 Bytes 8/2/2010 21:09:48 AVWINLL.DLL : 10.0.0.0 19304 Bytes 8/2/2010 21:09:56 AVPREF.DLL : 10.0.0.0 44904 Bytes 8/2/2010 21:09:55 AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 20:27:13 AVREG.DLL : 10.0.3.2 53096 Bytes 8/2/2010 21:09:55 AVSCPLR.DLL : 10.0.3.1 83816 Bytes 8/2/2010 21:09:56 AVARKT.DLL : 10.0.0.14 227176 Bytes 8/2/2010 21:09:54 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 8/2/2010 21:09:55 SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 20:27:22 AVSMTP.DLL : 10.0.0.17 63848 Bytes 8/2/2010 21:09:56 NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 20:27:21 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 19:10:20 RCTEXT.DLL : 10.0.58.0 97128 Bytes 8/2/2010 21:10:08 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, Process scan........................: on Extended process scan...............: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Start of the scan: Monday, November 22, 2010 22:37 Starting search for hidden objects. HKEY_USERS\S-1-5-21-763951124-3310558196-3032050449-1006\Software\Microsoft\Protected Storage System Provider\S-1-5-21-763951124-3310558196-3032050449-1006\data [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\Software\Microsoft\Microsoft SQL Server\EMMSDE\MSSQLServer\uptime_time_utc [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc\Config\Standalone\drivelist [NOTE] The registry entry is invisible. c:\windows\system32\rundll32.exe c:\WINDOWS\system32\rundll32.exe [NOTE] The process is not visible. The scan of running processes will be started Scan process 'rsmsink.exe' - '29' Module(s) have been scanned Scan process 'msdtc.exe' - '40' Module(s) have been scanned Scan process 'dllhost.exe' - '61' Module(s) have been scanned Scan process 'dllhost.exe' - '45' Module(s) have been scanned Scan process 'vssvc.exe' - '67' Module(s) have been scanned Scan process 'avscan.exe' - '70' Module(s) have been scanned Scan process 'avscan.exe' - '60' Module(s) have been scanned Scan process 'avcenter.exe' - '64' Module(s) have been scanned Scan process 'gnotify.exe' - '72' Module(s) have been scanned Scan process 'avshadow.exe' - '26' Module(s) have been scanned Scan process 'avguard.exe' - '55' Module(s) have been scanned Scan process 'alg.exe' - '33' Module(s) have been scanned Scan process 'iPodService.exe' - '30' Module(s) have been scanned Scan process 'ctfmon.exe' - '25' Module(s) have been scanned Scan process 'WMPNSCFG.exe' - '28' Module(s) have been scanned Scan process 'avgnt.exe' - '53' Module(s) have been scanned Scan process 'SpyHunter4.exe' - '99' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '54' Module(s) have been scanned Scan process 'Apntex.exe' - '16' Module(s) have been scanned Scan process 'hkcmd.exe' - '22' Module(s) have been scanned Scan process 'igfxpers.exe' - '23' Module(s) have been scanned Scan process 'ISBMgr.exe' - '32' Module(s) have been scanned Scan process 'PDVDServ.exe' - '25' Module(s) have been scanned Scan process 'RTHDCPL.EXE' - '51' Module(s) have been scanned Scan process 'SPMgr.exe' - '40' Module(s) have been scanned Scan process 'jusched.exe' - '21' Module(s) have been scanned Scan process 'VAIOUpdt.exe' - '63' Module(s) have been scanned Scan process 'VCUServe.exe' - '34' Module(s) have been scanned Scan process 'Apoint.exe' - '38' Module(s) have been scanned Scan process 'VzFw.exe' - '34' Module(s) have been scanned Scan process 'VzCdbSvc.exe' - '53' Module(s) have been scanned Scan process 'igfxsrvc.exe' - '22' Module(s) have been scanned Scan process 'igfxext.exe' - '20' Module(s) have been scanned Scan process 'WMPNetwk.exe' - '53' Module(s) have been scanned Scan process 'VCSW.exe' - '35' Module(s) have been scanned Scan process 'VESMgr.exe' - '61' Module(s) have been scanned Scan process 'svchost.exe' - '42' Module(s) have been scanned Scan process 'RegSrvc.exe' - '21' Module(s) have been scanned Scan process 'sqlservr.exe' - '53' Module(s) have been scanned Scan process 'MDM.EXE' - '21' Module(s) have been scanned Scan process 'jqs.exe' - '33' Module(s) have been scanned Scan process 'svchost.exe' - '34' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '32' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '25' Module(s) have been scanned Scan process 'svchost.exe' - '34' Module(s) have been scanned Scan process 'sched.exe' - '43' Module(s) have been scanned Scan process 'spoolsv.exe' - '92' Module(s) have been scanned Scan process 'brss01a.exe' - '18' Module(s) have been scanned Scan process 'brsvc01a.exe' - '9' Module(s) have been scanned Scan process 'svchost.exe' - '41' Module(s) have been scanned Scan process 'svchost.exe' - '32' Module(s) have been scanned Scan process 'Explorer.EXE' - '137' Module(s) have been scanned Scan process 'S24EvMon.exe' - '29' Module(s) have been scanned Scan process 'EvtEng.exe' - '55' Module(s) have been scanned Scan process 'svchost.exe' - '30' Module(s) have been scanned Scan process 'svchost.exe' - '171' Module(s) have been scanned Scan process 'svchost.exe' - '40' Module(s) have been scanned Scan process 'svchost.exe' - '54' Module(s) have been scanned Scan process 'SH4SER~1.EXE' - '14' Module(s) have been scanned Scan process 'lsass.exe' - '58' Module(s) have been scanned Scan process 'services.exe' - '39' Module(s) have been scanned Scan process 'winlogon.exe' - '68' Module(s) have been scanned Scan process 'csrss.exe' - '14' Module(s) have been scanned Scan process 'smss.exe' - '2' Module(s) have been scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '1797' files ). Starting the file scan: Begin scan in 'C:\' C:\Program Files\Enigma Software Group\SpyHunter\Backup\a0045827.dll.dat [0] Archive type: ZIP [DETECTION] Contains recognition pattern of the ADSPY/MartSho.dll.3 adware or spyware --> System Volume Information/_restore{64A8D0A0-6094-4429-A400-B81F08F758ED}/RP293/A0045827.dll [DETECTION] Contains recognition pattern of the ADSPY/MartSho.dll.3 adware or spyware C:\Program Files\Enigma Software Group\SpyHunter\Backup\coresrv.dll.dat [0] Archive type: ZIP [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware --> Program Files/Zango/bin/10.0.370.0/CoreSrv.dll [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware C:\Program Files\Enigma Software Group\SpyHunter\Backup\hostie.dll.dat [0] Archive type: ZIP [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware --> Program Files/Zango/bin/10.0.370.0/HostIE.dll [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware C:\Program Files\Enigma Software Group\SpyHunter\Backup\hostoe.dll.dat [0] Archive type: ZIP [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware --> Program Files/Zango/bin/10.0.370.0/HostOE.dll [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware C:\Program Files\Enigma Software Group\SpyHunter\Backup\hostol.dll.dat [0] Archive type: ZIP [DETECTION] Contains recognition pattern of the ADSPY/Zangomail.A adware or spyware --> Program Files/Zango/bin/10.0.370.0/HostOL.dll [DETECTION] Contains recognition pattern of the ADSPY/Zangomail.A adware or spyware C:\Program Files\Enigma Software Group\SpyHunter\Backup\instie.dll.dat [0] Archive type: ZIP [DETECTION] Contains recognition pattern of the ADSPY/Hotbar.AY.5 adware or spyware --> Program Files/Zango/bin/10.0.370.0/InstIE.dll [DETECTION] Contains recognition pattern of the ADSPY/Hotbar.AY.5 adware or spyware C:\Program Files\Enigma Software Group\SpyHunter\Backup\npclntax_zangosa.dll.dat [0] Archive type: ZIP [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware --> Program Files/Zango/bin/10.0.370.0/firefox/extensions/plugins/npclntax_ZangoSA.dll [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware --> Program Files/Mozilla Firefox/plugins/npclntax_ZangoSA.dll [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware C:\Program Files\Enigma Software Group\SpyHunter\Backup\oeaddon.exe.dat [0] Archive type: ZIP [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware --> Program Files/Zango/bin/10.0.370.0/OEAddOn.exe [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware C:\Program Files\Enigma Software Group\SpyHunter\Backup\shoppingreport.dll.dat [0] Archive type: ZIP [DETECTION] Contains recognition pattern of the ADSPY/MartSho.dll.3 adware or spyware --> Program Files/ShoppingReport/Bin/2.0.26/ShoppingReport.dll [DETECTION] Contains recognition pattern of the ADSPY/MartSho.dll.3 adware or spyware C:\Program Files\Enigma Software Group\SpyHunter\Backup\srv.exe.dat [0] Archive type: ZIP [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware --> Program Files/Zango/bin/10.0.370.0/Srv.exe [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware C:\Program Files\Enigma Software Group\SpyHunter\Backup\toolbar.dll.dat [0] Archive type: ZIP [DETECTION] Contains recognition pattern of the ADSPY/Zango.E adware or spyware --> Program Files/Zango/bin/10.0.370.0/Toolbar.dll [DETECTION] Contains recognition pattern of the ADSPY/Zango.E adware or spyware C:\Program Files\Enigma Software Group\SpyHunter\Backup\wallpaper.dll.dat [0] Archive type: ZIP [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware --> Program Files/Zango/bin/10.0.370.0/Wallpaper.dll [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware C:\Program Files\Enigma Software Group\SpyHunter\Backup\zangosa.exe.dat [0] Archive type: ZIP [DETECTION] Contains recognition pattern of the ADSPY/Zango.C adware or spyware --> Program Files/Zango/bin/10.0.370.0/ZangoSA.exe [DETECTION] Contains recognition pattern of the ADSPY/Zango.C adware or spyware C:\Program Files\Enigma Software Group\SpyHunter\Backup\zangosaax.dll.dat [0] Archive type: ZIP [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware --> Program Files/Zango/bin/10.0.370.0/ZangoSAAX.dll [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware C:\Program Files\Enigma Software Group\SpyHunter\Backup\zangosadf.exe.dat [0] Archive type: ZIP [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware --> Program Files/Zango/bin/10.0.370.0/ZangoSADF.exe [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware C:\Program Files\Enigma Software Group\SpyHunter\Backup\zangosahook.dll.dat [0] Archive type: ZIP [DETECTION] Contains recognition pattern of the ADSPY/Zango.G adware or spyware --> Program Files/Zango/bin/10.0.370.0/ZangoSAHook.dll [DETECTION] Contains recognition pattern of the ADSPY/Zango.G adware or spyware Beginning disinfection: C:\Program Files\Enigma Software Group\SpyHunter\Backup\zangosahook.dll.dat [DETECTION] Contains recognition pattern of the ADSPY/Zango.G adware or spyware [NOTE] The file was moved to the quarantine directory under the name '46356af7.qua'. C:\Program Files\Enigma Software Group\SpyHunter\Backup\zangosadf.exe.dat [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware [NOTE] The file was moved to the quarantine directory under the name '5ea24550.qua'. C:\Program Files\Enigma Software Group\SpyHunter\Backup\zangosaax.dll.dat [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware [NOTE] The file was moved to the quarantine directory under the name '0cfd1fb8.qua'. C:\Program Files\Enigma Software Group\SpyHunter\Backup\zangosa.exe.dat [DETECTION] Contains recognition pattern of the ADSPY/Zango.C adware or spyware [NOTE] The file was moved to the quarantine directory under the name '6aca507a.qua'. C:\Program Files\Enigma Software Group\SpyHunter\Backup\wallpaper.dll.dat [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware [NOTE] The file was moved to the quarantine directory under the name '2f407d44.qua'. C:\Program Files\Enigma Software Group\SpyHunter\Backup\toolbar.dll.dat [DETECTION] Contains recognition pattern of the ADSPY/Zango.E adware or spyware [NOTE] The file was moved to the quarantine directory under the name '50564f2b.qua'. C:\Program Files\Enigma Software Group\SpyHunter\Backup\srv.exe.dat [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware [NOTE] The file was moved to the quarantine directory under the name '1cd5637e.qua'. C:\Program Files\Enigma Software Group\SpyHunter\Backup\shoppingreport.dll.dat [DETECTION] Contains recognition pattern of the ADSPY/MartSho.dll.3 adware or spyware [NOTE] The file was moved to the quarantine directory under the name '60f62338.qua'. C:\Program Files\Enigma Software Group\SpyHunter\Backup\oeaddon.exe.dat [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware [NOTE] The file was moved to the quarantine directory under the name '4dba0c76.qua'. C:\Program Files\Enigma Software Group\SpyHunter\Backup\npclntax_zangosa.dll.dat [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware [NOTE] The file was moved to the quarantine directory under the name '54d037e7.qua'. C:\Program Files\Enigma Software Group\SpyHunter\Backup\instie.dll.dat [DETECTION] Contains recognition pattern of the ADSPY/Hotbar.AY.5 adware or spyware [NOTE] The file was moved to the quarantine directory under the name '389c1bd6.qua'. C:\Program Files\Enigma Software Group\SpyHunter\Backup\hostol.dll.dat [DETECTION] Contains recognition pattern of the ADSPY/Zangomail.A adware or spyware [NOTE] The file was moved to the quarantine directory under the name '49252242.qua'. C:\Program Files\Enigma Software Group\SpyHunter\Backup\hostoe.dll.dat [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware [NOTE] The file was moved to the quarantine directory under the name '473f1285.qua'. C:\Program Files\Enigma Software Group\SpyHunter\Backup\hostie.dll.dat [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware [NOTE] The file was moved to the quarantine directory under the name '02166bc7.qua'. C:\Program Files\Enigma Software Group\SpyHunter\Backup\coresrv.dll.dat [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware [NOTE] The file was moved to the quarantine directory under the name '0b1e6f6c.qua'. C:\Program Files\Enigma Software Group\SpyHunter\Backup\a0045827.dll.dat [DETECTION] Contains recognition pattern of the ADSPY/MartSho.dll.3 adware or spyware [NOTE] The file was moved to the quarantine directory under the name '5319765a.qua'. End of the scan: Tuesday, November 23, 2010 09:21 Used time: 2:08:46 Hour(s) The scan has been done completely. 9358 Scanned directories 404509 Files were scanned 17 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 16 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 404492 Files not concerned 9431 Archives were scanned 0 Warnings 16 Notes 444292 Objects were scanned with rootkit scan 4 Hidden objects were found
-
ComboFix 10-11-19.01 - stephen 11/19/2010 20:03:03.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.640 [GMT -5:00] Running from: c:\documents and settings\stephen\Desktop\Combo-Fix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\stephen\Recent\Thumbs.db c:\program files\Mozilla Firefox\components\npclntax.xpt c:\windows\jestertb.dll c:\windows\system32\gotomon.log c:\windows\system32\Thumbs.db c:\windows\system32\twain.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_usnjsvc ((((((((((((((((((((((((( Files Created from 2010-10-20 to 2010-11-20 ))))))))))))))))))))))))))))))) . 2010-11-20 00:56 . 2010-11-20 00:56 -------- d-sh--w- c:\documents and settings\stephen\IECompatCache 2010-11-19 18:12 . 2010-11-19 18:12 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2010-11-19 16:38 . 2010-11-19 16:38 -------- d-----w- c:\windows\LastGood.Tmp 2010-11-19 16:35 . 2010-11-19 16:35 -------- d-sh--w- c:\documents and settings\stephen\IETldCache 2010-11-19 16:28 . 2010-11-19 16:30 -------- dc-h--w- c:\windows\ie8 2010-11-19 16:26 . 2010-08-26 11:08 13312 -c----w- c:\windows\system32\dllcache\iecompat.dll 2010-11-19 16:26 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2010-11-19 16:26 . 2010-05-06 10:41 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2010-11-19 16:26 . 2010-05-06 10:41 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-11-19 16:26 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2010-11-19 16:26 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2010-11-19 16:26 . 2010-05-06 10:41 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2010-11-19 16:26 . 2010-05-06 10:41 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll 2010-11-19 13:42 . 2010-11-19 13:42 -------- d-----w- c:\windows\system32\XPSViewer 2010-11-19 13:42 . 2010-11-19 13:42 -------- d-----w- c:\program files\MSBuild 2010-11-19 13:42 . 2010-11-19 13:42 -------- d-----w- c:\program files\Reference Assemblies 2010-11-19 13:41 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2010-11-19 13:41 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2010-11-19 13:41 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2010-11-19 13:41 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2010-11-19 13:41 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2010-11-19 13:41 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2010-11-19 13:41 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2010-11-19 13:41 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2010-11-19 13:41 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2010-11-19 13:41 . 2010-11-19 13:41 -------- d-----w- C:\d8460462b997e73eef 2010-11-19 03:25 . 2010-11-19 03:25 -------- d-----w- c:\documents and settings\stephen\Application Data\Avira 2010-11-19 01:01 . 2010-11-19 01:02 -------- d-----w- c:\documents and settings\stephen\Local Settings\Application Data\Temp 2010-11-11 19:05 . 2010-08-02 21:10 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-11-11 19:05 . 2010-08-02 21:10 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-11-11 19:05 . 2010-06-17 20:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-11-11 19:05 . 2010-06-17 20:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-11-11 19:04 . 2010-11-11 19:04 -------- d-----w- c:\program files\Avira 2010-11-11 19:04 . 2010-11-11 19:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-11-11 18:38 . 2010-11-11 18:38 110080 ----a-r- c:\documents and settings\stephen\Application Data\Microsoft\Installer\{4E97AE47-1293-4669-BBF3-4BDE52501A1A}\IconF7A21AF7.exe 2010-11-11 18:38 . 2010-11-11 18:38 110080 ----a-r- c:\documents and settings\stephen\Application Data\Microsoft\Installer\{4E97AE47-1293-4669-BBF3-4BDE52501A1A}\IconD7F16134.exe 2010-11-11 18:38 . 2010-11-11 18:38 -------- d-----w- C:\sh4ldr 2010-11-11 18:37 . 2010-11-11 18:38 -------- d-----w- c:\windows\4E97AE4712934669BBF34BDE52501A1A.TMP 2010-11-11 18:37 . 2010-11-11 18:37 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-11-11 17:13 . 2010-09-18 06:53 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll 2010-11-11 17:13 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll 2010-11-11 17:13 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll 2010-11-11 17:12 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll 2010-11-11 17:11 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll 2010-11-11 17:10 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe 2010-11-11 17:08 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll 2010-11-11 17:08 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll 2010-11-11 17:08 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2010-11-11 17:04 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe 2010-11-11 16:56 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll 2010-11-11 16:47 . 2010-11-11 16:47 -------- d-----w- c:\documents and settings\stephen\Application Data\Malwarebytes 2010-11-11 16:47 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-11-11 16:47 . 2010-11-11 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-11-11 16:47 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-11 16:47 . 2010-11-11 16:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-18 17:23 . 2006-03-02 19:48 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53 . 2006-03-02 19:48 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53 . 2006-03-02 19:48 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53 . 2006-03-02 19:48 953856 ----a-w- c:\windows\system32\mfc40u.dll 2010-09-01 11:51 . 2006-03-02 19:48 285824 ----a-w- c:\windows\system32\atmfd.dll 2010-08-31 13:42 . 2006-03-02 19:48 1852800 ----a-w- c:\windows\system32\win32k.sys 2010-08-27 08:02 . 2006-03-02 19:48 119808 ----a-w- c:\windows\system32\t2embed.dll 2010-08-23 16:12 . 2006-03-02 19:48 617472 ----a-w- c:\windows\system32\comctl32.dll 2004-08-10 04:30 . 2008-03-09 02:45 40960 ----a-w- c:\program files\Uninstall_CDS.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] "Google Update"="c:\documents and settings\stephen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-11-19 136176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PartSeal"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672] "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784] "VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-01 69632] "VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552] "VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-12 136600] "SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-10-20 184320] "RTHDCPL"="RTHDCPL.EXE" [2005-08-09 14743552] "RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-06-29 32768] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-05 94208] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-05 114688] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-05 77824] "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "pdfFactory Dispatcher v3"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2008-10-28 573440] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312] "SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe" [2010-11-05 4098904] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2005-05-21 01:42 73728 ------w- c:\windows\system32\VESWinlogon.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk] backup=c:\windows\pss\Trend Micro Anti-Spyware.lnkCommon Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2007-10-18 16:34 5724184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ccProxy"=2 (0x2) "ccISPwdSvc"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/11/2010 2:05 PM 135336] R2 MSSQL$EMMSDE;MSSQL$EMMSDE;c:\program files\Microsoft SQL Server\MSSQL$EMMSDE\Binn\sqlservr.exe -sEMMSDE --> c:\program files\Microsoft SQL Server\MSSQL$EMMSDE\Binn\sqlservr.exe -sEMMSDE [?] R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [11/5/2010 5:53 PM 327000] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [1/27/2010 5:10 PM 5248] R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [3/2/2006 2:49 PM 29184] S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [8/15/2006 4:42 PM 2944] S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [8/15/2006 4:53 PM 61952] S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [8/15/2006 4:42 PM 11008] S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [8/15/2006 4:42 PM 10368] S3 OKI OPHD DCS Loader;OKI OPHD DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHDLDCS.EXE [12/26/2006 5:42 PM 24576] S3 SQLAgent$EMMSDE;SQLAgent$EMMSDE;c:\program files\Microsoft SQL Server\MSSQL$EMMSDE\Binn\sqlagent.EXE -i EMMSDE --> c:\program files\Microsoft SQL Server\MSSQL$EMMSDE\Binn\sqlagent.EXE -i EMMSDE [?] . Contents of the 'Scheduled Tasks' folder 2010-05-18 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] 2010-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-763951124-3310558196-3032050449-1006Core.job - c:\documents and settings\stephen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-19 01:00] 2010-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-763951124-3310558196-3032050449-1006UA.job - c:\documents and settings\stephen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-19 01:00] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://www.Google.com/ uSearchMigratedDefaultURL = hxxp://www.Google.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Transfer by Image Converter 2 Plus - c:\program files\Sony\Image Converter 2\menu.htm Trusted Zone: state.va.us\www.deq Trusted Zone: verizon.com DPF: {02A08EC5-C341-4BE5-AD4F-62215D2407EF} - hxxps://wip-data.webdialogs.com/components/WDATL70.CAB DPF: {58D5690D-55A6-4B0B-B735-D0C82E14700C} - hxxps://wip-data.webdialogs.com/components/WDATL72.CAB DPF: {CBF95A06-D408-46E3-8077-37E5B098EB84} - hxxps://ilnet.wellsfargo.com/ilonline/hmUpload/enclickloanwf.cab . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-Aim6 - c:\program files\AIM6\aim6.exe MSConfigStartUp-Messenger (Yahoo!) - c:\program files\Yahoo!\Messenger\YahooMessenger.exe MSConfigStartUp-Yahoo! Pager - c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE AddRemove-AOL Search Enhancement - c:\program files\AOL\AOL Search Enhancement\uninst.exe AddRemove-{EE5B8E34-973C-4FBE-AC83-99F064009FC7} - c:\program files\Enigma Software Group\SpyHunter\Uninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-11-19 20:15 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(704) c:\windows\system32\VESWinlogon.dll - - - - - - - > 'explorer.exe'(2896) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\windows\system32\brss01a.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\program files\Microsoft SQL Server\MSSQL$EMMSDE\Binn\sqlservr.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Sony\VAIO Event Service\VESMgr.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe c:\program files\Windows Media Player\WMPNetwk.exe c:\windows\system32\igfxext.exe c:\windows\system32\igfxsrvc.exe c:\windows\RTHDCPL.EXE c:\program files\Apoint\Apntex.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2010-11-19 20:22:27 - machine was rebooted ComboFix-quarantined-files.txt 2010-11-20 01:22 Pre-Run: 7,940,710,400 bytes free Post-Run: 8,579,362,816 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 82F27A3D51BB0E6C3936A9669CD40555
-
mbam log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5150 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18241 11/19/2010 9:23:56 AM mbam-log-2010-11-19 (09-23-56).txt Scan type: Quick scan Objects scanned: 178852 Time elapsed: 36 minute(s), 48 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS Log DDS (Ver_10-11-10.01) - NTFSx86 Run by stephen at 9:24:33.46 on Fri 11/19/2010 Internet Explorer: 8.0.6001.18241 BrowserJavaVersion: 1.6.0_11 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.361 [GMT -5:00] AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} ============== Running Processes =============== C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe svchost.exe svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint\Apoint.exe C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Apoint\Apntex.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$EMMSDE\Binn\sqlservr.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\WINDOWS\system32\BRMFRSMG.EXE C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\stephen\Desktop\dds.pif ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uDefault_Search_URL = hxxp://www.Google.com/ uSearchMigratedDefaultURL = hxxp://www.Google.com/ mDefault_Page_URL = hxxp://www.sony.com/vaiopeople mSearch Page = uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: CitiUSBrowserHelper Class: {387edf53-1cf2-4523-bc2f-13462651be8c} - c:\windows\system32\BhoCitUS.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll {7e853d72-626a-48ec-a868-ba8d5e23e045} BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Internet Service: {c46f137f-2c2a-4714-aa14-323137f882ae} - TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [Google Update] "c:\documents and settings\stephen\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [PartSeal] c:\windows\sonysys\vaio recovery\PartSeal.exe mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [VAIOCameraUtility] "c:\program files\sony\vaio camera utility\VCUServe.exe" mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [sonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [RemoteControl] "c:\program files\cyberlink dvd solution\powerdvd\PDVDServ.exe" mRun: [iSBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe mRun: [Alcmtr] ALCMTR.EXE mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [pdfFactory Dispatcher v3] "c:\windows\system32\spool\drivers\w32x86\3\fppdis3a.exe" /source=HKLM mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [spyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter4.exe mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min IE: &Search IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: Transfer by Image Converter 2 Plus - c:\program files\sony\image converter 2\menu.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL Trusted Zone: state.va.us\www.deq Trusted Zone: verizon.com DPF: {01111F00-3E00-11D2-8470-0060089874ED} - hxxp://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab DPF: {02A08EC5-C341-4BE5-AD4F-62215D2407EF} - hxxps://wip-data.webdialogs.com/components/WDATL70.CAB DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxps://www.taylorbeanonline.com/scriptx/smsx.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab DPF: {58D5690D-55A6-4B0B-B735-D0C82E14700C} - hxxps://wip-data.webdialogs.com/components/WDATL72.CAB DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163214234545 DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - hxxp://launch.gamespyarcade.com/software/launch/alaunch.cab DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxp://remote.ewmortgage.com/tsweb/msrdp.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - hxxp://www.photodex.com/pxplay.cab DPF: {CBF95A06-D408-46E3-8077-37E5B098EB84} - hxxps://ilnet.wellsfargo.com/ilonline/hmUpload/enclickloanwf.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://alamodetraining.webex.com/client/v_mywebex-t20/training/ieatgpc.cab Notify: VESWinlogon - VESWinlogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-11-11 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-11-11 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-11-11 267944] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-11-11 60936] R2 MSSQL$EMMSDE;MSSQL$EMMSDE;c:\program files\microsoft sql server\mssql$emmsde\binn\sqlservr.exe -semmsde --> c:\program files\microsoft sql server\mssql$emmsde\binn\sqlservr.exe -sEMMSDE [?] R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2010-11-5 327000] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-2-3 24652] R3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2006-8-15 2944] R3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2006-8-15 61952] R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2006-8-15 11008] R3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2006-8-15 10368] R3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2010-1-27 5248] R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2006-3-2 29184] S3 OKI OPHD DCS Loader;OKI OPHD DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHDLDCS.EXE [2006-12-26 24576] S3 SQLAgent$EMMSDE;SQLAgent$EMMSDE;c:\program files\microsoft sql server\mssql$emmsde\binn\sqlagent.exe -i emmsde --> c:\program files\microsoft sql server\mssql$emmsde\binn\sqlagent.EXE -i EMMSDE [?] =============== Created Last 30 ================ 2010-11-19 13:42:31 -------- d-----w- c:\windows\system32\XPSViewer 2010-11-19 13:41:52 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll 2010-11-19 13:41:29 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2010-11-19 13:41:29 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2010-11-19 13:41:29 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2010-11-19 13:41:29 117760 ------w- c:\windows\system32\prntvpt.dll 2010-11-19 13:41:28 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2010-11-19 13:41:28 575488 ------w- c:\windows\system32\xpsshhdr.dll 2010-11-19 13:41:28 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2010-11-19 13:41:28 1676288 ------w- c:\windows\system32\xpssvcs.dll 2010-11-19 13:41:27 -------- d-----w- C:\d8460462b997e73eef 2010-11-19 03:25:35 -------- d-----w- c:\docume~1\stephen\applic~1\Avira 2010-11-19 01:01:10 -------- d-----w- c:\docume~1\stephen\locals~1\applic~1\Temp 2010-11-11 19:05:01 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-11-11 19:04:36 -------- d-----w- c:\program files\Avira 2010-11-11 19:04:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira 2010-11-11 18:38:44 110080 ----a-r- c:\docume~1\stephen\applic~1\microsoft\installer\{4e97ae47-1293-4669-bbf3-4bde52501a1a}\IconF7A21AF7.exe 2010-11-11 18:38:44 110080 ----a-r- c:\docume~1\stephen\applic~1\microsoft\installer\{4e97ae47-1293-4669-bbf3-4bde52501a1a}\IconD7F16134.exe 2010-11-11 18:38:36 -------- d-----w- C:\sh4ldr 2010-11-11 18:37:44 -------- d-----w- c:\windows\4E97AE4712934669BBF34BDE52501A1A.TMP 2010-11-11 18:37:39 -------- d-----w- c:\program files\common files\Wise Installation Wizard 2010-11-11 17:13:22 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll 2010-11-11 17:13:21 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll 2010-11-11 17:13:21 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll 2010-11-11 17:12:04 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll 2010-11-11 17:11:48 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll 2010-11-11 17:10:52 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe 2010-11-11 17:08:58 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll 2010-11-11 17:08:58 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll 2010-11-11 17:08:21 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2010-11-11 17:04:31 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe 2010-11-11 16:56:23 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll 2010-11-11 16:47:49 -------- d-----w- c:\docume~1\stephen\applic~1\Malwarebytes 2010-11-11 16:47:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-11-11 16:47:24 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-11-11 16:47:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-11 16:47:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware ==================== Find3M ==================== 2010-09-18 17:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll 2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll 2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys 2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll 2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll 2004-08-10 04:30:22 40960 ----a-w- c:\program files\Uninstall_CDS.exe =================== ROOTKIT ==================== Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process. device: opened successfully user: error reading MBR Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x86F7AAB8] 3 CLASSPNP[0xF769EFD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\00000078[0x86EF62A0] 5 ACPI[0xF7515620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Ide\IdeDeviceP0T0L0-3[0x86F7F940] kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; } user != kernel MBR !!! ============= FINISH: 9:25:46.26 =============== Attach Log: UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-11-10.01) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 7/12/2006 4:13:22 PM System Uptime: 11/18/2010 10:54:30 PM (11 hours ago) Motherboard: Sony Corporation | | Q-Project Processor: Intel® Pentium® M processor 1.86GHz | N/A | 1321/133mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 87 GiB total, 7.628 GiB free. D: is Removable E: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP598: 5/16/2010 11:35:58 AM - System Checkpoint RP599: 6/3/2010 4:41:55 PM - System Checkpoint RP600: 11/11/2010 12:42:40 PM - System Checkpoint RP601: 11/11/2010 1:38:30 PM - Installed SpyHunter RP602: 11/11/2010 1:52:35 PM - Avira AntiVir Personal - 11/11/2010 13:52 RP603: 11/18/2010 7:44:14 PM - Software Distribution Service 3.0 RP604: 11/18/2010 9:27:43 PM - Configured FP3 Player RP605: 11/18/2010 9:46:11 PM - Removed MobileMe Control Panel RP606: 11/19/2010 8:34:42 AM - Software Distribution Service 3.0 ==== Installed Programs ====================== Sansa Media Converter Adobe Acrobat 5.0 Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Photoshop 7.0 Adobe Reader 8.1.2 Adobe Reader 8.1.2 Security Update 1 (KB403742) Adobe Shockwave Player 11 AoA DVD Copy Apple Mobile Device Support Apple Software Update Avira AntiVir Personal - Free Antivirus Bonjour Click to DVD 2.0.03 Menu Data Click to DVD 2.5.20 Critical Update for Windows Media Player 11 (KB959772) Digital Photo Navigator 1.5 DVgate Plus Google Chrome HDAUDIO SoftV92 Data Fax Modem with SmartCP High Definition Audio Driver Package - KB835221 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Image Converter 2 Plus Intel® Graphics Media Accelerator Driver for Mobile Intel® PROSet/Wireless Software InterActual Player InterVideo WinDVD for VAIO ISScript iTunes J2SE Runtime Environment 5.0 Update 11 J2SE Runtime Environment 5.0 Update 6 Java 6 Update 11 Macromedia Flash Player 8 Malwarebytes' Anti-Malware mCore mDriver Memory Stick Formatter Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2416447) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Access 2000 Runtime Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Data Access Components KB870669 Microsoft Digital Image Library 9 - Blocker Microsoft Digital Image Starter Edition 2006 Microsoft Digital Image Starter Edition 2006 Editor Microsoft Digital Image Starter Edition 2006 Library Microsoft Office Professional Edition 2003 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server Desktop Engine (EMMSDE) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual J# .NET Redistributable Package 1.1 Microsoft Works mMHouse Move Media Player mPfMgr mProSafe MSXML 4.0 SP2 (KB925672) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) mWlsSafe mXML Netflix Movie Viewer Netscape Browser (remove only) Office 2003 Trial Assistant OpenMG Secure Module 4.4.00 PCFriendly pdfFactory Photodex Presenter PowerDVD QuickTime Realtek High Definition Audio Driver Rhapsody Player Engine Roxio DigitalMedia Audio Roxio DigitalMedia Copy Roxio DigitalMedia Data Safari Search Enhancement by AOL Search Security Update for CAPICOM (KB931906) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 8 (KB960714) Security Update for Windows Internet Explorer 8 (KB961260) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Setting Utility Series SonicStage 3.4 Sony Certificate PCH Sony MP4 Shared Library Sony Utilities DLL Sony Video Shared Library SpyHunter Unity Web Player Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB973815) VAIO Breeze Wallpaper VAIO Camera Utility VAIO Central VAIO Entertainment Platform VAIO Event Service VAIO Light Flo Wallpaper VAIO Media 5.0 VAIO Media AC3 Decoder 1.0 VAIO Media Integrated Server 5.0 VAIO Media Redistribution 5.0 VAIO Media Registration Tool 5.0 VAIO Original Screen Saver VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents VAIO Power Management VAIO Registration VAIO Security Center VAIO Support Central VAIO Update 2 VAIO Wireless LAN Setup Utility VAIOSurveySA Viewpoint Media Player WebEx WebFldrs XP Winamp Windows Backup Utility Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Installer Clean Up Windows Internet Explorer 8 Beta 2 Windows Live installer Windows Live Mail Windows Live Messenger Windows Live OneCare safety scanner Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Writer Windows Media Format 11 runtime Windows Media Player 10 Hotfix - KB894476 Windows Media Player 10 Hotfix [see KB886612 for more information] Windows Media Player 11 Windows Media Player Hotfix [see KB832353 for more information] Windows XP Service Pack 3 ==== Event Viewer Messages From Past Week ======== 11/19/2010 9:24:38 AM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0. 11/19/2010 8:50:43 AM, error: Dhcp [1002] - The IP address lease 192.168.1.6 for the Network Card with network address 0013A935420A has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message). 11/18/2010 9:46:45 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found. 11/18/2010 9:09:45 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file serscan.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.0. 11/18/2010 7:39:19 PM, error: Service Control Manager [7000] - The tmcomm service failed to start due to the following error: The system cannot find the file specified. 11/18/2010 7:39:19 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified. ==== End Of File ===========================
-
I am getting redirects or popup in all of my browsers. I get the google analytics & epoclick popups. I cannot download hijackthis. Need help, please. Here is the log from MWB: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5095 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18241 11/18/2010 9:55:12 PM mbam-log-2010-11-18 (21-55-12).txt Scan type: Quick scan Objects scanned: 178248 Time elapsed: 34 minute(s), 13 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)