Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help please

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Help please

Unread postby Qubie » November 14th, 2009, 12:00 am

New DDS log for review. Hope we can get this fixed soon I hate not being able to search for things.

DDS (Ver_09-10-26.01) - NTFSx86
Run by Charlie at 21:47:16.40 on Fri 11/13/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2045.1032 [GMT -6:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\hasplms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Charlie\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\users\charlie\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
AppInit_DLLs: c:\windows\system32\ c:\windows\system32\guard32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\charlie\appdata\roaming\mozilla\firefox\profiles\m4ml714g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\charlie\appdata\local\yahoo!\browserplus\2.4.17\plugins\npybrowserplus_2.4.17.dll
FF - plugin: c:\users\charlie\appdata\roaming\mozilla\firefox\profiles\m4ml714g.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071301000019.dll
FF - plugin: c:\users\charlie\appdata\roaming\mozilla\plugins\npatgpc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-11-4 128888]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-11-4 29520]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-4-24 347648]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2008-1-20 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2008-1-20 251904]

=============== Created Last 30 ================

2009-11-11 23:17:16 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 23:17:11 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-07 03:57:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-07 03:57:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-07 03:57:52 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-05 14:05:41 0 d-----w- C:\32788R22FWJFW.5.tmp
2009-11-05 14:04:17 0 d-----w- C:\32788R22FWJFW.4.tmp
2009-11-05 14:03:38 256 ----a-w- c:\windows\system32\pool.bin
2009-11-04 14:22:44 0 d-----w- c:\users\charlie\appdata\roaming\webex
2009-11-04 14:22:27 0 d-----w- c:\programdata\WebEx
2009-11-04 14:15:48 0 d-----w- C:\32788R22FWJFW.3.tmp
2009-11-04 14:11:54 0 d-----w- C:\32788R22FWJFW.0.tmp
2009-11-04 13:16:05 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-11-04 13:13:53 131 ----a-w- c:\windows\CRC.INI
2009-11-04 13:12:32 29520 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-11-04 13:12:32 179792 ----a-w- c:\windows\system32\guard32.dll
2009-11-04 13:12:32 128888 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-11-04 03:32:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2009-11-02 14:01:18 98816 ----a-w- c:\windows\sed.exe
2009-11-02 14:01:18 77312 ----a-w- c:\windows\MBR.exe
2009-11-02 14:01:18 236544 ----a-w- c:\windows\PEV.exe
2009-11-02 14:01:18 161792 ----a-w- c:\windows\SWREG.exe
2009-11-01 16:20:54 0 d-----w- c:\program files\iPod
2009-11-01 16:20:51 0 d-----w- c:\program files\iTunes
2009-11-01 14:59:32 0 d-----w- C:\32788R22FWJFW.2.tmp
2009-11-01 14:57:21 0 d-----w- C:\32788R22FWJFW.1.tmp
2009-10-29 13:15:15 0 d-----w- c:\program files\common files\Sonic Shared
2009-10-29 13:15:14 0 d-----w- c:\program files\Roxio
2009-10-28 13:20:58 0 d-----w- c:\program files\Trend Micro
2009-10-28 11:32:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 11:32:17 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-22 02:05:35 0 d-----w- c:\users\charlie\appdata\roaming\Malwarebytes
2009-10-22 02:05:26 0 d-----w- c:\programdata\Malwarebytes
2009-10-21 13:21:49 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-10-18 17:44:12 0 d-----w- c:\programdata\Lavasoft
2009-10-16 02:49:37 0 d-----w- c:\users\charlie\Office Genuine Advantage

==================== Find3M ====================

2009-11-04 13:13:56 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-04 13:13:56 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-04 13:13:56 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-03 02:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-11 10:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-23 02:36:59 262144 ----a-w- C:\ntuser.dat
2009-09-10 16:48:01 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 11:41:59 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 00:27:49 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-18 04:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-06-03 01:47:09 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:58 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-11 13:45:55 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-06-11 13:45:55 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-06-11 13:45:55 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-06-11 13:45:55 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 21:49:54.02 ===============

Here is the attach.txt


DDS (Ver_09-10-26.01)

Microsoft® Windows Vista™ Business
Boot Device: \Device\HarddiskVolume2
Install Date: 4/4/2009 10:19:37 PM
System Uptime: 11/12/2009 7:57:55 AM (38 hours ago)

Motherboard: Dell Inc. | | 0RY007
Processor: Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz | Socket 775 | 2200/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 233 GiB total, 51.699 GiB free.
D: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
I: is FIXED (NTFS) - 149 GiB total, 40.118 GiB free.
J: is Removable

==== Disabled Device Manager Items =============

Class GUID:
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_020D1028&REV_02\3&2411E6FE&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_020D1028&REV_02\3&2411E6FE&0&FB
Service:

==== System Restore Points ===================

RP352: 11/3/2009 1:00:03 AM - Scheduled Checkpoint
RP353: 11/3/2009 2:42:30 AM - Windows Update
RP354: 11/3/2009 10:42:21 PM - Windows Update
RP356: 11/4/2009 8:12:40 AM - COMODO Registry Cleaner 04-11-09_07-12-40
RP357: 11/4/2009 8:13:45 AM - Device Driver Package Install: COMODO Network Service
RP358: 11/5/2009 1:00:02 AM - Scheduled Checkpoint
RP359: 11/6/2009 1:00:05 AM - Scheduled Checkpoint
RP360: 11/7/2009 1:00:06 AM - Scheduled Checkpoint
RP361: 11/7/2009 3:14:56 AM - Windows Update
RP362: 11/8/2009 2:19:27 AM - Scheduled Checkpoint
RP363: 11/9/2009 12:00:06 AM - Scheduled Checkpoint
RP364: 11/9/2009 1:37:44 PM - Installed Java(TM) 6 Update 17
RP365: 11/9/2009 3:31:56 PM - Windows Update
RP366: 11/11/2009 1:03:36 AM - Scheduled Checkpoint
RP367: 11/11/2009 11:01:40 PM - Windows Update
RP368: 11/13/2009 12:00:04 AM - Scheduled Checkpoint
RP369: 11/13/2009 2:17:42 AM - Windows Update

==== Installed Programs ======================

4D Embroidery System 8.0
4D Embroidery System 8.2 Documentation Update
4D Embroidery System 8.21A Update
4D Embroidery System 8.21B Update
4D Embroidery System 8.3 Update
AAC Decoder
AC3Filter (remove only)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
BlackBerry Desktop Software 5.0.1
BlackBerry® Media Sync
Bonjour
CA Yahoo! Anti-Spy (remove only)
Choice Guard
COMODO Internet Security
COMODO Registry Cleaner 1.0.17.23
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
EQ5
EQ6
EQ6 Update
H.264 Decoder
HASP Device Drivers
HASP SRM Run-time
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iTunes
Japanese Fonts Support For Adobe Reader 9
Java(TM) 6 Update 17
Junk Mail filter update
LimeWire 4.18.8
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Platform Installer 2.0 RC
MKV Splitter
Mozilla Firefox (3.5.5)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OverDrive Media Console
PDF to PNG Converter
Picasa 3
QuickTime
RapidShare Manager
Realtek High Definition Audio Driver
Roxio Media Manager
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Spelling Dictionaries Support For Adobe Reader 9
STASH
TweetDeck
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb975960)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebEx
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Media Player Firefox Plugin
WinRAR archiver
Yahoo! BrowserPlus
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

11/9/2009 7:47:34 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer BOONE2 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{328E4CBA-8A78-4731-8C4F-E97B743CCF8. The master browser is stopping or an election is being forced.
11/8/2009 4:59:56 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer BOONE1 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{328E4CBA-8A78-4731-8C4F-E97B743CCF8. The master browser is stopping or an election is being forced.
11/12/2009 8:00:30 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 9 service to connect.
11/11/2009 11:06:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
11/11/2009 11:06:40 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/11/2009 11:03:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

==== End Of File ===========================

Thanks again.
Qubie
Regular Member
 
Posts: 15
Joined: October 28th, 2009, 9:26 am
Advertisement
Register to Remove

Re: Help please

Unread postby gringo_pr » November 14th, 2009, 11:24 pm

Hello Qubie

In order to let combofix to do the job that it needs to do I am going to need you to temparaly uninstall Comodo - when we are done you can uninstall it back after we have finished.

next I would like you tyo delete the combofix you have now and download a new copy from one of the links below ( it gets updated allot)

Link 1
Link 2

then i would like you to try and run it again please.

also can you tell me some of the sites you get redirected to - sometimes that will help us pinpoint what is wrong

thanks gringo
User avatar
gringo_pr
Site Moderator
Site Moderator
 
Posts: 1816
Joined: March 31st, 2007, 1:35 pm
Location: puerto rico

Re: Help please

Unread postby Qubie » November 15th, 2009, 10:57 am

Hey it worked this time. I think Comodo might of been keeping it from running last time or maybe there was an update. What ever the case maybe here is the log and the sites that I get when I do a search.

ComboFix 09-11-15.02 - Charlie 11/15/2009 8:26..2 - FAT32x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2045.1115 [GMT -6:00]
Running from: c:\users\Charlie\Desktop\Husylock Pics\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-10-15 to 2009-11-15 )))))))))))))))))))))))))))))))
.

2009-11-15 14:34 . 2009-11-15 14:34 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-15 14:34 . 2009-11-15 14:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-15 14:34 . 2009-11-15 14:34 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2009-11-11 23:17 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 23:17 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-07 13:57 . 2009-11-07 13:57 -------- d-----w- c:\windows\Sun
2009-11-07 03:57 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-07 03:57 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-07 03:57 . 2009-11-07 03:57 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-05 14:05 . 2009-11-05 14:07 40960 d-----w- C:\32788R22FWJFW.5.tmp
2009-11-05 14:04 . 2009-11-05 14:05 40960 d-----w- C:\32788R22FWJFW.4.tmp
2009-11-05 14:03 . 2009-11-05 14:04 256 ----a-w- c:\windows\system32\pool.bin
2009-11-05 14:03 . 2009-11-05 14:03 -------- d-----w- c:\users\Administrator\AppData\Roaming\Research In Motion
2009-11-04 14:21 . 2009-11-04 14:21 61848 ----a-w- c:\users\Charlie\AppData\Roaming\Mozilla\plugins\npatgpc.dll
2009-11-04 14:15 . 2009-11-05 14:04 40960 d-----w- C:\32788R22FWJFW.3.tmp
2009-11-04 13:16 . 2009-11-15 14:15 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-11-04 13:12 . 2009-11-04 13:12 74328 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-11-02 14:24 . 2009-11-15 14:34 28672 d-----w- c:\users\Charlie\AppData\Local\temp
2009-11-01 16:20 . 2009-11-01 16:20 -------- d-----w- c:\program files\iPod
2009-11-01 16:20 . 2009-11-01 16:21 4096 d-----w- c:\program files\iTunes
2009-11-01 16:16 . 2009-11-01 16:16 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-01 14:59 . 2009-11-01 15:22 40960 d-----w- C:\32788R22FWJFW.2.tmp
2009-11-01 14:57 . 2009-11-01 14:59 40960 d-----w- C:\32788R22FWJFW.1.tmp
2009-10-30 01:10 . 2009-10-30 01:10 -------- d-----w- c:\users\Charlie\AppData\Roaming\Roxio
2009-10-29 13:15 . 2009-10-29 13:15 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-10-29 13:15 . 2009-10-29 13:16 4096 d-----w- c:\program files\Roxio
2009-10-28 13:20 . 2009-10-28 13:20 -------- d-----w- c:\program files\Trend Micro
2009-10-28 11:32 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 11:32 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-22 02:05 . 2009-10-22 02:05 -------- d-----w- c:\users\Charlie\AppData\Roaming\Malwarebytes
2009-10-22 02:05 . 2009-10-22 02:05 -------- d-----w- c:\programdata\Malwarebytes
2009-10-21 13:21 . 2009-10-22 02:00 8192 d-----w- c:\program files\Spybot - Search & Destroy
2009-10-18 17:44 . 2009-10-21 13:27 -------- d-----w- c:\programdata\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-15 14:16 . 2009-04-05 01:43 -------- d-----w- c:\program files\COMODO
2009-11-12 13:58 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-12 05:06 . 2009-04-07 16:26 12288 d-----w- c:\programdata\Microsoft Help
2009-11-09 19:39 . 2009-04-05 19:26 -------- d-----w- c:\program files\Java
2009-11-09 17:46 . 2009-04-07 13:23 8192 d-----w- c:\users\Charlie\AppData\Roaming\LimeWire
2009-11-05 14:02 . 2009-07-31 13:12 119488 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-05 14:02 . 2009-07-31 13:21 -------- d-----w- c:\users\Administrator\AppData\Roaming\Yahoo!
2009-11-03 02:42 . 2009-10-03 12:16 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-01 16:20 . 2009-08-19 16:50 -------- d-----w- c:\program files\Common Files\Apple
2009-11-01 14:32 . 2009-09-23 02:33 -------- d-----w- c:\users\Charlie\AppData\Roaming\Research In Motion
2009-10-29 13:28 . 2009-04-05 01:26 119488 ----a-w- c:\users\Charlie\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-29 13:19 . 2009-09-22 15:01 4096 d-----w- c:\program files\Common Files\Roxio Shared
2009-10-29 13:16 . 2009-04-20 03:45 4096 d-----w- c:\program files\Common Files\PX Storage Engine
2009-10-29 13:15 . 2009-09-22 15:01 -------- d-----w- c:\programdata\Roxio
2009-10-29 12:54 . 2009-10-03 13:07 -------- d-----w- c:\programdata\Research In Motion
2009-10-22 01:59 . 2009-04-05 01:49 4096 d-----w- c:\programdata\Spybot - Search & Destroy
2009-10-21 13:06 . 2009-08-01 02:16 4096 d-----w- c:\program files\Pdf to Png Converter 3000
2009-10-19 13:29 . 2009-04-05 18:27 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-13 14:02 . 2009-10-13 14:02 -------- d-----w- c:\program files\AVG
2009-10-12 02:09 . 2009-10-12 02:09 -------- d-----w- c:\users\Charlie\AppData\Roaming\InstallShield
2009-10-11 21:03 . 2009-10-11 21:03 4096 d-----w- c:\program files\Microsoft Games
2009-10-11 10:17 . 2009-04-05 19:26 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-10 02:45 . 2009-10-10 02:45 -------- d-----w- c:\program files\Sloud
2009-10-10 02:36 . 2009-10-10 02:20 -------- d-----w- c:\program files\Remove Duplicate Songs
2009-10-10 02:34 . 2009-10-10 02:21 -------- d-----w- c:\users\Charlie\AppData\Roaming\Remove Duplicate Songs
2009-10-10 00:58 . 2009-08-19 16:57 4096 d-----w- c:\users\Charlie\AppData\Roaming\Apple Computer
2009-10-04 02:02 . 2009-10-04 02:02 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-10-03 13:07 . 2009-09-22 14:54 -------- d-----w- c:\program files\Research In Motion
2009-10-03 13:03 . 2009-09-22 14:54 4096 d-----w- c:\program files\Common Files\Research In Motion
2009-09-25 03:06 . 2009-04-11 15:38 -------- d-----w- c:\users\Charlie\AppData\Roaming\Yahoo!
2009-09-23 08:00 . 2009-09-23 08:00 -------- d-----w- c:\program files\MSXML 4.0
2009-09-23 02:36 . 2009-09-23 02:36 262144 ----a-w- C:\ntuser.dat
2009-09-23 02:36 . 2009-04-11 15:38 4096 d-----w- c:\programdata\Yahoo! Companion
2009-09-23 02:36 . 2009-04-11 15:35 4096 d-----w- c:\program files\Yahoo!
2009-09-23 02:36 . 2009-04-11 15:35 -------- d-----w- c:\programdata\Yahoo!
2009-09-22 15:06 . 2009-09-22 15:06 -------- d-----w- c:\programdata\InstallShield
2009-09-22 15:05 . 2009-09-22 15:05 -------- d-----w- c:\programdata\Sonic
2009-09-22 15:01 . 2009-04-05 17:47 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-14 09:29 . 2009-10-14 02:20 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 16:48 . 2009-10-14 02:20 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 11:41 . 2009-10-14 02:20 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 00:27 . 2009-09-02 23:34 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 23:34 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22 . 2009-10-14 02:20 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-14 02:20 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-14 02:20 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-14 02:20 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-18 04:33 . 2009-08-18 04:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-04-07 00:29 . 2009-04-07 00:29 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-07 00:29 . 2009-04-07 00:29 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-28 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-28 92704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-08-31 623960]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-17 4907008]

c:\users\Charlie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2009-8-31 1799512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):07,d4,95,6a,ee,e3,c9,01

R2 AERTFilters;Andrea RT Filters Service;c:\windows\System32\AERTSrv.exe [12/5/2007 5:17 AM 77824]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [3/30/2009 3:28 PM 1533808]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187B.sys [4/24/2009 1:31 AM 347648]
R3 VST_DPV;VST_DPV;c:\windows\System32\drivers\VSTDPV3.SYS [1/20/2008 8:23 PM 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\System32\drivers\VSTBS23.SYS [1/20/2008 8:23 PM 251904]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\m4ml714g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Charlie\AppData\Local\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll
FF - plugin: c:\users\Charlie\AppData\Roaming\Mozilla\Firefox\Profiles\m4ml714g.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071301000019.dll
FF - plugin: c:\users\Charlie\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-15 08:34
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-11-15 08:37
ComboFix-quarantined-files.txt 2009-11-15 14:37
ComboFix2.txt 2009-11-02 14:24

Pre-Run: 53,406,433,280 bytes free
Post-Run: 53,515,673,600 bytes free

- - End Of File - - A6F2A5478C89A8E2ABC65A26FB8A8E8A

Sites from search:

http://www.healthvideo.com/heart-health ... olesterol|

http://www.toseeka.com/search.php?q=moda

http://www.caring4cancer.com/?ref=[PID]

http://www.myoptumhealth.com/portal/Inf ... icked=true

http://www.bighealthtree.com/video/s-2/

It seems that they are health web sites that I keep getting sent to. Is this someone way of telling me I need to watch my health? lol

Charlie
Qubie
Regular Member
 
Posts: 15
Joined: October 28th, 2009, 9:26 am

Re: Help please

Unread postby gringo_pr » November 16th, 2009, 2:51 am

Hello Qubie

:P2P Warning!:

I must draw your attention to the >malwareremoval< policy regarding P2P programs. You must uninstall all P2P programs before I can continue with cleaning your computer.

go to Start > Control Panel > Add/Remove Programs
If present, remove the following programs:


Limewire
etc


*NOTE* Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.


If you continue to use P2P programs, we see no purpose in cleaning your machine as it is pretty much certain that, if you continue to use them, your computer will get infected again.

:upload files to jotti:

    Please upload a file for scanning:
    • Open virusscan.jotti
    • Copy/paste this file and path into the white box at the top:

    c:\windows\system32\ws2_32.dll

    Press Submit - this will submit the file for testing.
    Please wait for all the scanners to finish then copy and paste the results in your next response.

    save the report and send with your next reply
    Note: If Jotti is busy, you can use VirusTotal instead.

gringo
User avatar
gringo_pr
Site Moderator
Site Moderator
 
Posts: 1816
Joined: March 31st, 2007, 1:35 pm
Location: puerto rico

Re: Help please

Unread postby Qubie » November 16th, 2009, 11:38 pm

Filename: ws2_32.dll
Status:
Scan finished. 0 out of 21 scanners reported malware.
Scan taken on: Tue 17 Nov 2009 04:32:30 (CET) Permalink


We will get to the bottom of this soon I hope.
Qubie
Regular Member
 
Posts: 15
Joined: October 28th, 2009, 9:26 am

Re: Help please

Unread postby gringo_pr » November 17th, 2009, 10:18 pm

Hello Qubie

We will get to the bottom of this soon I hope.
Oh we will (I hope)

I have a couple of great people checking on this also.

Question - does this happen only in Firefox or does it happen in both firefox and IE

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer than a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

GooredFix

Please download GooredFix and save it to your Desktop.

  • Double-click Goored.exe to run it.
  • Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
  • A log will open, please post the contents of that log in your next reply
      (it can also be found on your desktop, called Goored.txt).
Note: Do not run Option #2 yet.

:information and logs:

    In your next post I need the following

    1. log from Goored fix
    2. let me know of any problems you may have had
    3. How is the computer doing now?

Gringo
User avatar
gringo_pr
Site Moderator
Site Moderator
 
Posts: 1816
Joined: March 31st, 2007, 1:35 pm
Location: puerto rico

Re: Help please

Unread postby Qubie » November 18th, 2009, 2:03 pm

GooredFix by jpshortstuff (18.11.09.1)
Log created at 12:00 on 18/11/2009 (Charlie)
Firefox version 3.5.5 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [05:59 05/04/2009]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [19:26 05/04/2009]
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [19:07 09/08/2009]
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [01:18 21/10/2009]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [19:39 09/11/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [06:22 05/04/2009]

---------- Old Logs ----------
GooredFix[17.55.55_18-11-2009].txt
GooredFix[17.56.08_18-11-2009].txt
GooredFix[17.57.37_18-11-2009].txt

-=E.O.F=-

It never did ask me to hit 1 or 2 just gave me this log.

Computer is still going to the wrong sites.
Qubie
Regular Member
 
Posts: 15
Joined: October 28th, 2009, 9:26 am

Re: Help please

Unread postby gringo_pr » November 18th, 2009, 9:46 pm

Hello Charlie

here is what I would like you to do next

Download OTL to your desktop.

Double click the icon to start the tool.

Look toward the bottom of the window and you'll see a 'Custom Scans/Fixes area. Copy/paste the following bolded text into that area

%systemroot%\system32\drivers\*.sys

In the upper left corner of the window:
  • Click the None button
  • Click Run Scan.
When the scan is complete, the log will pop open in Notepad. Please attach that report to your next post.

please let me have the log it makes

gringo
User avatar
gringo_pr
Site Moderator
Site Moderator
 
Posts: 1816
Joined: March 31st, 2007, 1:35 pm
Location: puerto rico

Re: Help please

Unread postby Qubie » November 19th, 2009, 10:25 am

OTL logfile created on: 11/19/2009 8:24:43 AM - Run 1
OTL by OldTimer - Version 3.1.6.0 Folder = C:\Users\Charlie\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 49.28% Memory free
4.00 Gb Paging File | 3.27 Gb Available in Paging File | 81.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.77 Gb Total Space | 49.46 Gb Free Space | 21.25% Space Free | Partition Type: NTFS
Drive D: | 451.16 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 149.05 Gb Total Space | 40.12 Gb Free Space | 26.92% Space Free | Partition Type: NTFS
Drive J: | 1.89 Gb Total Space | 1.81 Gb Free Space | 95.94% Space Free | Partition Type: FAT

Computer Name: QUBIE
Current User Name: Charlie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Custom Scans ==========


< >

< %systemroot%\system32\drivers\*.sys >
[2006/11/02 02:55:12 | 00,053,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\1394bus.sys
[2009/04/11 00:32:46 | 00,265,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\acpi.sys
[2008/01/20 20:23:45 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys
[2008/01/20 20:23:50 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys
[2008/01/20 20:23:50 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys
[2008/01/20 20:23:51 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys
[2009/04/10 22:47:03 | 00,273,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\afd.sys
[2008/01/20 20:23:26 | 00,056,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AGP440.sys
[2009/04/21 15:37:42 | 00,011,520 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\drivers\aksclass.sys
[2009/01/16 11:42:28 | 00,352,256 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\drivers\aksfridge.sys
[2009/04/21 15:37:40 | 00,238,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\drivers\akshasp.sys
[2009/04/21 15:37:34 | 00,046,336 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\drivers\akshhl.sys
[2009/04/21 15:37:36 | 00,020,480 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\drivers\aksusb.sys
[2008/01/20 20:23:26 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys
[2008/01/20 20:23:26 | 00,057,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS
[2008/01/20 20:23:26 | 00,017,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys
[2008/01/20 20:23:26 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys
[2008/01/20 20:23:26 | 00,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys
[2008/01/20 20:23:48 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys
[2008/01/20 20:23:49 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys
[2008/01/20 20:24:30 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\asyncmac.sys
[2009/04/11 00:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 00:32:42 | 00,109,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2008/01/20 20:23:26 | 00,028,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\battc.sys
[2008/01/20 20:23:57 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bdasup.sys
[2008/01/20 20:24:11 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\beep.sys
[2008/01/20 20:23:27 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\blbdrive.sys
[2008/01/20 20:24:17 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys
[2006/11/02 02:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys
[2006/11/02 02:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys
[2009/04/10 23:42:55 | 00,093,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bridge.sys
[2006/11/02 02:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys
[2006/11/02 02:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys
[2006/11/02 02:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys
[2006/11/02 02:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys
[2006/11/02 02:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys
[2008/01/20 20:24:15 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\cdfs.sys
[2007/02/02 03:00:00 | 00,009,336 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\cdr4_xp.sys
[2007/02/02 03:00:00 | 00,009,464 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\cdralw2k.sys
[2009/04/10 22:39:17 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\cdrom.sys
[2008/01/20 20:23:50 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys
[2009/04/11 00:32:43 | 00,125,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys
[2008/01/20 20:23:26 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys
[2008/01/20 20:23:26 | 00,020,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\compbatt.sys
[2009/04/11 00:32:30 | 00,035,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys
[2008/01/20 20:23:46 | 00,024,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys
[2008/01/20 20:23:26 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys
[2009/04/10 22:14:52 | 00,351,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\csc.sys
[2009/04/10 22:14:12 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys
[2009/04/11 00:32:31 | 00,053,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\disk.sys
[2009/04/10 22:39:11 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2006/11/02 03:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys
[2008/01/20 20:23:45 | 00,130,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
[2008/01/20 20:23:45 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmkaud.sys
[2009/04/11 00:32:29 | 00,027,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys
[2008/01/20 20:24:47 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxapi.sys
[2009/04/10 22:23:23 | 00,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys
[2009/09/24 19:27:25 | 00,634,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2008/01/20 20:23:50 | 00,220,672 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\e1e6032.sys
[2008/01/20 20:23:49 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys
[2009/04/11 00:32:43 | 00,141,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys
[2008/01/20 20:23:46 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys
[2008/01/20 20:23:26 | 00,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\errdev.sys
[2009/04/10 22:13:53 | 00,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\exfat.sys
[2009/04/10 22:13:52 | 00,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fastfat.sys
[2008/01/20 20:23:44 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fdc.sys
[2008/01/20 20:24:29 | 00,058,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys
[2008/01/20 20:24:47 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys
[2008/01/20 20:23:44 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\flpydisk.sys
[2009/04/11 00:32:46 | 00,190,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fltMgr.sys
[2008/01/20 20:24:32 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fs_rec.sys
[2009/04/11 00:32:43 | 00,099,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2008/01/20 20:23:46 | 00,061,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS
[2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys
[2009/03/13 10:55:28 | 00,586,752 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\drivers\hardlock.sys
[2009/07/31 07:27:39 | 00,047,616 | ---- | M] (Aladdin Knowledge Systems) -- C:\Windows\System32\drivers\Haspnt.sys
[2009/04/10 22:42:42 | 00,561,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys
[2006/11/02 01:36:49 | 00,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys
[2006/11/02 02:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys
[2009/04/10 22:42:48 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2006/11/02 02:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys
[2008/01/20 20:23:51 | 00,025,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2009/04/10 22:42:48 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidusb.sys
[2008/01/20 20:23:51 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys
[2009/04/10 22:45:32 | 00,401,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\http.sys
[2008/01/20 20:23:28 | 00,019,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\i2omgmt.sys
[2008/01/20 20:23:28 | 00,030,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\i2omp.sys
[2008/01/20 20:23:44 | 00,054,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\i8042prt.sys
[2008/01/20 20:23:47 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 03:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys
[2009/11/04 07:12:31 | 00,074,328 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2008/01/20 20:23:26 | 00,017,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\intelide.sys
[2008/01/20 20:23:26 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\intelppm.sys
[2008/01/20 20:25:09 | 00,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ipfltdrv.sys
[2008/01/20 20:23:46 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys
[2008/01/20 20:24:51 | 00,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ipnat.sys
[2008/01/20 20:24:56 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\irda.sys
[2008/01/20 20:24:18 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\irenum.sys
[2008/01/20 20:23:26 | 00,049,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\isapnp.sys
[2006/11/02 03:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys
[2006/11/02 03:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys
[2008/01/20 20:23:48 | 00,035,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdclass.sys
[2009/04/10 22:38:40 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys
[2009/04/10 22:38:49 | 00,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2009/06/15 17:15:25 | 00,439,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys
[2008/01/20 20:25:02 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys
[2008/01/20 20:23:48 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys
[2008/01/20 20:23:50 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys
[2008/01/20 20:23:47 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys
[2008/01/20 20:25:02 | 00,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2008/01/20 20:25:10 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mcd.sys
[2008/01/20 20:23:51 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\System32\drivers\megasas.sys
[2008/01/20 20:23:51 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\System32\drivers\MegaSR.sys
[2008/01/20 20:25:22 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\modem.sys
[2008/01/20 20:23:46 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys
[2008/01/20 20:23:44 | 00,034,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mouclass.sys
[2008/01/20 20:23:44 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mouhid.sys
[2008/01/20 20:24:11 | 00,057,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mountmgr.sys
[2008/01/20 20:23:45 | 00,105,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys
[2008/01/20 20:25:11 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys
[2006/11/02 03:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys
[2009/04/10 22:14:40 | 00,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxdav.sys
[2009/04/10 22:14:28 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2009/04/10 22:14:36 | 00,212,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2009/04/10 22:14:29 | 00,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2008/01/20 20:23:26 | 00,028,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys
[2008/01/20 20:23:45 | 00,094,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys
[2008/01/20 20:24:15 | 00,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msfs.sys
[2008/01/20 20:23:26 | 00,016,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys
[2009/04/11 00:32:46 | 00,180,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys
[2008/01/20 20:25:18 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mskssrv.sys
[2008/01/20 20:25:18 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mspclock.sys
[2008/01/20 20:25:18 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mspqm.sys
[2009/04/11 00:32:46 | 00,161,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys
[2008/01/20 20:23:26 | 00,031,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mssmbios.sys
[2008/01/20 20:25:18 | 00,006,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mstee.sys
[2009/04/11 00:32:31 | 00,048,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mup.sys
[2009/04/11 00:32:49 | 00,527,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndis.sys
[2008/01/20 20:24:50 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndistapi.sys
[2008/01/20 20:25:20 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndisuio.sys
[2009/04/10 22:46:32 | 00,121,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndiswan.sys
[2008/01/20 20:24:50 | 00,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndproxy.sys
[2008/01/20 20:24:46 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netbios.sys
[2009/04/10 22:45:37 | 00,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netbt.sys
[2009/04/11 00:32:46 | 00,223,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2006/11/02 03:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys
[2009/04/10 22:14:01 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\npfs.sys
[2008/01/20 20:25:11 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys
[2009/04/11 00:32:49 | 01,083,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ntfs.sys
[2006/11/02 01:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys
[2008/01/20 20:24:14 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\null.sys
[2009/03/27 23:03:00 | 07,738,816 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2008/01/20 20:23:45 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys
[2008/01/20 20:23:45 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 20:23:26 | 00,109,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS
[2009/04/10 22:43:28 | 00,148,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys
[2006/11/02 02:55:16 | 00,062,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ohci1394.sys
[2009/04/10 22:45:51 | 00,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys
[2006/11/02 02:51:30 | 00,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\parport.sys
[2009/04/11 00:32:31 | 00,054,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\partmgr.sys
[2006/11/02 02:51:23 | 00,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\parvdm.sys
[2009/04/11 00:32:55 | 00,149,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pci.sys
[2009/04/11 00:32:49 | 00,014,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciide.sys
[2009/04/11 00:32:52 | 00,043,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2006/11/02 03:51:12 | 00,167,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pcmcia.sys
[2006/11/02 03:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys
[2009/04/10 22:42:50 | 00,167,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2008/01/20 20:23:26 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\processr.sys
[2008/11/20 13:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\pxhelp20.sys
[2008/01/20 20:23:49 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys
[2006/11/02 03:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys
[2008/01/20 20:23:57 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys
[2008/01/20 20:24:45 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rasacd.sys
[2008/01/20 20:25:21 | 00,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rasl2tp.sys
[2009/04/10 22:46:30 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\raspppoe.sys
[2008/01/20 20:25:21 | 00,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\raspptp.sys
[2009/04/10 22:46:40 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rassstp.sys
[2009/04/10 22:14:29 | 00,225,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdbss.sys
[2008/01/20 20:24:32 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPCDD.sys
[2009/04/10 22:52:34 | 00,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpdr.sys
[2008/01/20 20:25:17 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys
[2009/04/10 22:51:27 | 00,180,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpwd.sys
[2009/01/09 15:18:02 | 00,027,136 | ---- | M] (Research in Motion Ltd) -- C:\Windows\System32\drivers\RimSerial.sys
[2008/05/20 17:33:50 | 00,022,784 | ---- | M] (Research In Motion Limited) -- C:\Windows\System32\drivers\RimUsb.sys
[2009/04/10 22:45:24 | 00,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2009/04/10 22:46:07 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2008/01/20 20:25:17 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rootmdm.sys
[2008/01/20 20:25:02 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys
[2008/01/24 10:06:40 | 02,054,872 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys
[2009/04/24 01:31:12 | 00,347,648 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\Windows\System32\drivers\RTL8187B.sys
[2006/11/02 03:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys
[2008/01/20 20:24:18 | 00,142,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\scsiport.sys
[2006/11/02 00:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys
[2006/11/02 02:51:25 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\serenum.sys
[2006/11/02 02:51:30 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\serial.sys
[2008/01/20 20:23:44 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys
[2008/01/20 20:23:47 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys
[2008/01/20 20:23:47 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys
[2008/01/20 20:23:47 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys
[2006/11/02 02:51:40 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sfloppy.sys
[2008/01/20 20:23:26 | 00,055,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\SISAGP.SYS
[2008/01/20 20:23:50 | 00,041,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sisraid2.sys
[2008/01/20 20:23:51 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys
[2009/04/10 22:45:22 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys
[2008/01/20 20:25:21 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smclib.sys
[2008/01/20 20:24:38 | 00,021,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys
[2009/04/10 20:52:40 | 00,684,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys
[2009/04/10 22:15:20 | 00,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2009/09/14 03:29:50 | 00,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2009/04/10 22:15:02 | 00,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys
[2009/04/11 00:32:54 | 00,122,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys
[2009/04/10 22:42:47 | 00,052,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys
[2008/01/20 20:23:26 | 00,015,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\swenum.sys
[2006/11/02 03:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys
[2006/11/02 03:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys
[2006/11/02 03:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys
[2008/01/20 20:25:08 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tape.sys
[2009/08/14 10:27:34 | 00,904,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2009/08/14 07:48:21 | 00,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys
[2008/01/20 20:24:30 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdi.sys
[2008/01/20 20:24:34 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdpipe.sys
[2008/01/20 20:24:34 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdtcp.sys
[2009/04/10 22:45:56 | 00,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys
[2009/04/11 00:32:52 | 00,053,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\termdd.sys
[2008/01/20 20:25:25 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys
[2008/01/20 20:24:51 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS
[2008/01/20 20:24:51 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys
[2008/01/20 20:23:46 | 00,059,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS
[2009/04/10 22:13:59 | 00,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\udfs.sys
[2008/01/20 20:23:26 | 00,060,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS
[2008/01/20 20:23:45 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys
[2006/11/02 03:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys
[2008/01/20 20:23:47 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys
[2008/01/20 20:23:47 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys
[2008/01/20 20:24:14 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umpass.sys
[2009/04/10 22:46:08 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2009/04/10 22:42:56 | 00,025,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2009/04/10 22:42:56 | 00,025,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2008/01/20 20:23:44 | 00,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbccgp.sys
[2006/11/02 02:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys
[2008/01/20 20:23:28 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2009/04/10 22:42:52 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbehci.sys
[2009/04/10 22:43:16 | 00,196,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbhub.sys
[2006/11/02 02:55:05 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbohci.sys
[2009/04/10 22:42:57 | 00,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2006/11/02 03:14:58 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbprint.sys
[2008/01/20 20:23:52 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbscan.sys
[2009/04/10 22:42:55 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBSTOR.SYS
[2008/01/20 20:23:28 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbuhci.sys
[2008/01/20 20:25:18 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vga.sys
[2008/01/20 20:23:28 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys
[2008/01/20 20:23:26 | 00,056,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\VIAAGP.SYS
[2008/01/20 20:23:26 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys
[2008/01/20 20:23:26 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys
[2008/01/20 20:24:09 | 00,110,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\videoprt.sys
[2008/01/20 20:23:26 | 00,052,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys
[2009/04/11 00:33:03 | 00,292,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys
[2009/04/11 00:32:55 | 00,226,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volsnap.sys
[2008/01/20 20:23:48 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys
[2008/01/20 20:23:50 | 00,251,904 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\VSTBS23.SYS
[2008/01/20 20:23:50 | 00,654,336 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\VSTCNXT3.SYS
[2008/01/20 20:23:50 | 00,987,648 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\VSTDPV3.SYS
[2006/11/02 02:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys
[2008/01/20 20:24:50 | 00,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wanarp.sys
[2009/04/10 22:22:46 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys
[2008/01/20 20:23:49 | 00,022,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys
[2008/01/20 20:24:15 | 00,503,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys
[2008/01/20 20:24:15 | 00,035,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2008/01/20 20:23:26 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys
[2008/01/20 20:24:09 | 00,017,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmilib.sys
[2008/01/20 20:25:11 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008/01/20 20:25:25 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WUDFPf.sys
[2008/01/20 20:25:25 | 00,083,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WUDFRd.sys
< End of report >
Qubie
Regular Member
 
Posts: 15
Joined: October 28th, 2009, 9:26 am

Re: Help please

Unread postby gringo_pr » November 20th, 2009, 1:56 am

Hello Charlie

here is what i would like you to try next.

:use HostsXpert:

    Please download HostXpert.

    • Unzip HostsXpert.zip
    • right click on and run as admin HostsXpert.exe to launch the programme.
    • Check to see if top button on left hand side says Make Writable ?
      • If it does. click on it then proceed to next instruction.
      • If not, just proceed to next instruction
    • Then click on "Restore ms Hosts file" to restore your Hosts file to its default condidtion..
    • Click on Make Read Only to secure it against further infection.
    • Close program when complete.

then let me know if this stops the redirects

Gringo
User avatar
gringo_pr
Site Moderator
Site Moderator
 
Posts: 1816
Joined: March 31st, 2007, 1:35 pm
Location: puerto rico

Re: Help please

Unread postby Qubie » November 22nd, 2009, 1:24 pm

Hello,

Wish I had good news for you today, but I don't. It still redirects me. What ever I got I have it good.
Qubie
Regular Member
 
Posts: 15
Joined: October 28th, 2009, 9:26 am

Re: Help please

Unread postby gringo_pr » November 26th, 2009, 9:23 pm

Hello Qubie

I have not forgotten about you. I have been offline for two days and have been researching your problem and been asking around about possible solutions. Most of what other people suggest has been done. Before we do any more scans I would like to try one thing - I would like you to do a system restore point to see if that would fix the problem. Pick a restore point before you think the problem started. If you don't know how to do a system restore point check this -->link<--

Let me know if this works or not.

Gringo
User avatar
gringo_pr
Site Moderator
Site Moderator
 
Posts: 1816
Joined: March 31st, 2007, 1:35 pm
Location: puerto rico

Re: Help please

Unread postby Qubie » November 29th, 2009, 7:30 am

The very fist thing I had done before I came to this form was a system restore because most of the time it would clear my problem. Comodo did find some items that it had me quarantine. Here is the list.


Table

:

Antivirus Logs

Date Created

:

11/29/2009 5:26:06 AM

Log Scope

:

Today

Records count

:

12
Date/Time Action Location Malware Name Status
11/29/2009 12:31:04 AM Detect C:\Users\Administrator\Desktop\ComboFix.exe ApplicUnsaf.Win32.Hide.~AB@5325787 Success
11/29/2009 12:31:04 AM Detect C:\Users\Administrator\Desktop\ComboFix.exe Application.Win32.Nircmd.~@16774100 Success
11/29/2009 12:31:05 AM Detect C:\Users\Administrator\Desktop\ComboFix.exe Application.Win32.Nircmd.~@16774100 Success
11/29/2009 12:31:06 AM Detect C:\Users\Administrator\Desktop\ComboFix.exe Application.Win32.Nircmd.~@16774100 Success
11/29/2009 12:42:52 AM Detect C:\Windows\Installer\$PatchCache$\Managed\E153B171C52AAED4CA00B6B0B7288601\8.0.0\xsutility.bpl Heur.Packed.Unknown Success
11/29/2009 12:43:34 AM Detect C:\Windows\NIRCMD.exe Application.Win32.Nircmd.~@16774100 Success
11/29/2009 12:44:48 AM Detect C:\Windows\System32\config\systemprofile\{18b3828a-3125-4694-a403-2d6eb26acc62}\SETF387.tmp UnclassifiedMalware@15350223 Success
11/29/2009 12:45:00 AM Detect C:\Windows\System32\drivers\aksfridge.sys UnclassifiedMalware@15350223 Success
11/29/2009 12:45:11 AM Detect C:\Windows\System32\DriverStore\FileRepository\akshhl.inf_583eaa35\aksfridge.sys UnclassifiedMalware@15350223 Success
11/29/2009 12:45:12 AM Detect C:\Windows\System32\DriverStore\FileRepository\akshhl.inf_85356057\aksfridge.sys UnclassifiedMalware@15350223 Success
11/29/2009 12:45:13 AM Detect C:\Windows\System32\DriverStore\FileRepository\aksusb.inf_243a5a53\aksfridge.sys UnclassifiedMalware@15350223 Success
11/29/2009 12:45:14 AM Detect C:\Windows\System32\DriverStore\FileRepository\aksusb.inf_99e7d9da\aksfridge.sys UnclassifiedMalware@15350223 Success
End of The Report

My question is do I need to delete these?

Charlie
Qubie
Regular Member
 
Posts: 15
Joined: October 28th, 2009, 9:26 am

Re: Help please

Unread postby gringo_pr » November 30th, 2009, 12:40 am

Hello Qubie

all the findings from comodo are false positves so please tell comodo to ignore those.

Also I would like to know if you are behind a router?

First thing I would like you to do is to delete DDS, Gmer and combofix from the computer - they have been updated recently to better find some new nasties.

after you have deleted all of those programs please do the following

download DDS by sUBs from one of the links below and save it to your desktop:

Image
Download DDS and save it to your desktop

Link1
Link2
Link3

Please disable any anti-malware program that will block scripts from running before running DDS.

  • Double-Click on dds.scr and a command window will appear. This is normal.
  • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

GMER:

Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan..
Image
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

:information and logs:

    In your next post I need the following

      1.logs from DDS
      2.log from GMER
      3. let me know if you are behind a router

Gringo
User avatar
gringo_pr
Site Moderator
Site Moderator
 
Posts: 1816
Joined: March 31st, 2007, 1:35 pm
Location: puerto rico

Re: Help please

Unread postby NonSuch » December 3rd, 2009, 1:49 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27304
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 71 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware