Solved google redirects to other search engines 2

joemamma · 2010/06/05

ok should i still have my antivirus and antispyware deactivated when i run TDSSKiller?

broni · 2010/06/05

It doesn't matter, but you can leave them off, because in next step we'll attempt to run Combofix again, but in little bit different way.

joemamma · 2010/06/05

here is the log for TDSSKiller

22:28:20:031 3736 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
22:28:20:031 3736 ================================================================================
22:28:20:031 3736 SystemInfo:

22:28:20:031 3736 OS Version: 6.0.6001 ServicePack: 1.0
22:28:20:031 3736 Product type: Workstation
22:28:20:031 3736 ComputerName: PRABHJIT-PC
22:28:20:047 3736 UserName: Prabhjit
22:28:20:047 3736 Windows directory: C:\Windows
22:28:20:047 3736 Processor architecture: Intel x86
22:28:20:047 3736 Number of processors: 2
22:28:20:047 3736 Page size: 0x1000
22:28:20:047 3736 Boot type: Normal boot
22:28:20:047 3736 ================================================================================
22:28:20:655 3736 Initialize success
22:28:20:655 3736
22:28:20:655 3736 Scanning Services ...
22:28:21:341 3736 Raw services enum returned 430 services
22:28:21:341 3736
22:28:21:341 3736 Scanning Drivers ...
22:28:21:981 3736 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
22:28:22:106 3736 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
22:28:22:277 3736 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
22:28:22:355 3736 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
22:28:22:496 3736 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
22:28:22:605 3736 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
22:28:22:699 3736 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
22:28:22:808 3736 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:28:22:870 3736 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
22:28:22:948 3736 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
22:28:23:026 3736 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
22:28:23:073 3736 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
22:28:23:120 3736 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
22:28:23:245 3736 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
22:28:23:401 3736 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
22:28:23:494 3736 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
22:28:23:541 3736 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
22:28:23:650 3736 athr (600efe56f37adbd65a0fb076b50d1b8d) C:\Windows\system32\DRIVERS\athr.sys
22:28:23:806 3736 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
22:28:23:853 3736 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:28:23:900 3736 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
22:28:23:947 3736 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
22:28:24:040 3736 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:28:24:071 3736 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:28:24:134 3736 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:28:24:165 3736 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:28:24:212 3736 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:28:24:274 3736 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:28:24:368 3736 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
22:28:24:399 3736 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:28:24:493 3736 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
22:28:24:571 3736 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
22:28:24:664 3736 CLFS (0703b9dee7eec6d6370edebd43d0f5c2) C:\Windows\system32\CLFS.sys
22:28:24:711 3736 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
22:28:24:789 3736 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
22:28:25:070 3736 CnxtHdAudService (dda0cb141150fef87419926790cd26c8) C:\Windows\system32\drivers\CHDRT32.sys
22:28:25:210 3736 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
22:28:25:491 3736 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
22:28:25:538 3736 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
22:28:25:631 3736 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
22:28:25:803 3736 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
22:28:25:865 3736 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
22:28:25:990 3736 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
22:28:26:115 3736 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:28:26:224 3736 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
22:28:26:380 3736 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
22:28:26:474 3736 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
22:28:26:567 3736 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
22:28:26:770 3736 F-Secure Filter (d4980588ed87f8bb16be43ddd0fbd5fe) C:\Program Files\Shaw Secure\Anti-Virus\Win2K\FSfilter.sys
22:28:26:848 3736 F-Secure Gatekeeper (a45556cf065133a9224646707bade64e) C:\Program Files\Shaw Secure\Anti-Virus\minifilter\fsgk.sys
22:28:27:004 3736 F-Secure HIPS (f5aca65237c7511d5803cdc5e7003d75) C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys
22:28:27:098 3736 F-Secure Recognizer (6ce1195511533c9359f91a9e63792f5e) C:\Program Files\Shaw Secure\Anti-Virus\Win2K\FSrec.sys
22:28:27:207 3736 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
22:28:27:254 3736 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
22:28:27:332 3736 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:28:27:410 3736 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:28:27:457 3736 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
22:28:27:581 3736 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
22:28:27:706 3736 fsbts (de7cba8a38ae0c404eb2acd08d18aa3e) C:\Windows\system32\Drivers\fsbts.sys
22:28:27:784 3736 FSES (c5e2c835074cf73655fcdd3273a3bbf5) C:\Windows\system32\drivers\fses.sys
22:28:27:831 3736 FSFW (7c54f491c35e74cb0a81ba7ec5af7b2f) C:\Windows\system32\drivers\fsdfw.sys
22:28:28:034 3736 fsvista (f4a1769bd7a3f073c492663e6a7decd1) C:\Program Files\Shaw Secure\Anti-Virus\minifilter\fsvista.sys
22:28:28:205 3736 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
22:28:28:237 3736 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
22:28:28:283 3736 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
22:28:28:439 3736 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:28:28:471 3736 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
22:28:28:549 3736 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
22:28:28:611 3736 HidUsb (e2b5bd48afcc0f0974fb44641b223250) C:\Windows\system32\DRIVERS\hidusb.sys
22:28:28:783 3736 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
22:28:28:861 3736 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
22:28:29:017 3736 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
22:28:29:079 3736 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
22:28:29:219 3736 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
22:28:29:297 3736 HTTP (e046fbc483b041a41b1e922c97cfcc0d) C:\Windows\system32\drivers\HTTP.sys
22:28:29:407 3736 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
22:28:29:531 3736 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
22:28:29:656 3736 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
22:28:29:750 3736 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:28:29:781 3736 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
22:28:29:843 3736 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
22:28:29:890 3736 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:28:29:937 3736 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
22:28:30:046 3736 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:28:30:109 3736 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:28:30:171 3736 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
22:28:30:218 3736 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
22:28:30:327 3736 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:28:30:405 3736 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:28:30:452 3736 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:28:30:655 3736 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
22:28:30:717 3736 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\Windows\system32\drivers\klmd.sys
22:28:30:842 3736 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
22:28:31:029 3736 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:28:31:107 3736 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
22:28:31:169 3736 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
22:28:31:294 3736 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
22:28:31:341 3736 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:28:31:403 3736 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
22:28:31:481 3736 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
22:28:31:762 3736 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
22:28:31:840 3736 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:28:31:981 3736 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
22:28:32:043 3736 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:28:32:105 3736 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
22:28:32:183 3736 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:28:32:355 3736 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
22:28:32:464 3736 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:28:32:527 3736 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:28:32:620 3736 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
22:28:32:729 3736 mrxsmb (66592e91051728c3571b0d77175686ab) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:28:32:807 3736 mrxsmb10 (aa9496b3b8f1d3cb2d2a731ba05464e0) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:28:32:885 3736 mrxsmb20 (3268b8c3fa92bfc086355c39b45e9cc9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:28:32:995 3736 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
22:28:33:088 3736 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
22:28:33:197 3736 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:28:33:369 3736 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:28:33:463 3736 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:28:33:556 3736 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:28:33:665 3736 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:28:33:712 3736 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
22:28:33:775 3736 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:28:33:853 3736 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:28:33:946 3736 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
22:28:34:055 3736 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
22:28:34:211 3736 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
22:28:34:336 3736 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:28:34:383 3736 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:28:34:414 3736 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
22:28:34:461 3736 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:28:34:617 3736 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:28:34:726 3736 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
22:28:34:867 3736 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:28:34:913 3736 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
22:28:35:007 3736 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:28:35:179 3736 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
22:28:35:257 3736 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:28:35:319 3736 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:28:35:413 3736 NVENETFD (ae78a7285df03a277415fc62f8ce8f24) C:\Windows\system32\DRIVERS\nvmfdx32.sys
22:28:35:475 3736 NVHDA (b0dd52428bf564f5fc5ee331060be2a6) C:\Windows\system32\drivers\nvhda32v.sys
22:28:35:974 3736 nvlddmkm (9dac05d828e56801fd6ce5fdfced64af) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:28:36:286 3736 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
22:28:36:317 3736 nvsmu (0fb6bf3ab170fc5bd403d25e134eafde) C:\Windows\system32\DRIVERS\nvsmu.sys
22:28:36:395 3736 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
22:28:36:536 3736 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
22:28:36:614 3736 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
22:28:36:661 3736 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:28:36:801 3736 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
22:28:36:973 3736 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:28:37:066 3736 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\Windows\system32\drivers\pavboot.sys
22:28:37:175 3736 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
22:28:37:347 3736 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
22:28:37:425 3736 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
22:28:37:487 3736 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:28:37:597 3736 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:28:37:659 3736 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
22:28:37:753 3736 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
22:28:37:924 3736 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
22:28:38:080 3736 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:28:38:127 3736 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:28:38:189 3736 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:28:38:314 3736 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:28:38:361 3736 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
22:28:38:423 3736 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
22:28:38:517 3736 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
22:28:38:626 3736 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:28:38:689 3736 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
22:28:38:751 3736 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:28:38:798 3736 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
22:28:38:985 3736 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:28:39:032 3736 RTSTOR (4f31cfdebd0a5bc27d45e7ebfefaaf6f) C:\Windows\system32\drivers\RTSTOR.SYS
22:28:39:157 3736 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:28:39:235 3736 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:28:39:266 3736 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
22:28:39:328 3736 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
22:28:39:391 3736 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:28:39:437 3736 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
22:28:39:562 3736 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
22:28:39:593 3736 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
22:28:39:640 3736 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:28:39:718 3736 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
22:28:39:905 3736 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
22:28:39:983 3736 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
22:28:40:124 3736 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
22:28:40:186 3736 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:28:40:311 3736 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
22:28:40:483 3736 srv (8e5fc19b3b38364c5f44ccecec5248e9) C:\Windows\system32\DRIVERS\srv.sys
22:28:40:561 3736 srv2 (4ceeb95e0b79e48b81f2da0a6c24c64b) C:\Windows\system32\DRIVERS\srv2.sys
22:28:40:639 3736 srvnet (f9c65e1e00a6bbf7c57d9b8ea068c525) C:\Windows\system32\DRIVERS\srvnet.sys
22:28:40:810 3736 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:28:40:888 3736 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:28:40:982 3736 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:28:41:075 3736 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:28:41:138 3736 SynTP (00b19f27858f56181edb58b71a7c67a0) C:\Windows\system32\DRIVERS\SynTP.sys
22:28:41:325 3736 Tcpip (1acbb7a47e78f4cc82d2effb72901528) C:\Windows\system32\drivers\tcpip.sys
22:28:41:590 3736 Tcpip6 (1acbb7a47e78f4cc82d2effb72901528) C:\Windows\system32\DRIVERS\tcpip.sys
22:28:41:824 3736 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
22:28:41:871 3736 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:28:41:918 3736 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:28:42:027 3736 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
22:28:42:183 3736 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
22:28:42:261 3736 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:28:42:308 3736 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
22:28:42:417 3736 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
22:28:42:448 3736 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
22:28:42:495 3736 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
22:28:42:589 3736 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
22:28:42:854 3736 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
22:28:42:947 3736 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:28:43:072 3736 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:28:43:150 3736 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:28:43:353 3736 UnlockerDriver5 (b2af2ba8a3205a8458b61f638fb431dd) C:\Program Files\Unlocker\UnlockerDriver5.sys
22:28:43:493 3736 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
22:28:43:556 3736 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:28:43:603 3736 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
22:28:43:634 3736 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
22:28:43:696 3736 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
22:28:43:805 3736 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
22:28:43:883 3736 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:28:43:930 3736 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
22:28:44:024 3736 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
22:28:44:071 3736 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
22:28:44:149 3736 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:28:44:195 3736 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
22:28:44:242 3736 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
22:28:44:351 3736 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
22:28:44:492 3736 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:28:44:726 3736 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
22:28:44:866 3736 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
22:28:44:991 3736 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
22:28:45:085 3736 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:28:45:178 3736 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:28:45:194 3736 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:28:45:303 3736 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
22:28:45:443 3736 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
22:28:45:599 3736 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
22:28:45:662 3736 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:28:45:755 3736 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
22:28:45:802 3736 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:28:45:849 3736 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:28:45:896 3736 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
22:28:45:896 3736
22:28:45:896 3736 Completed
22:28:45:896 3736
22:28:45:911 3736 Results:
22:28:45:911 3736 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
22:28:45:911 3736 File objects infected / cured / cured on reboot: 0 / 0 / 0
22:28:45:911 3736
22:28:45:911 3736 KLMD(ARK) unloaded successfully

broni · 2010/06/05

Delete your Combofix file, download fresh one, but rename combofix.exe to broni.com BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.pif
* Rkill.exe

* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run then try to immediately run broni.com

If the above still doesn't work, try to run both programs (rKill + broni.com) from Safe Mode.

If we still struggle, in next step, we'll access your hard drive from an external source.

broni · 2010/06/05

Just in case...
I don't know, if you're having same issue, but I've been having problems with accessing WindowsBBS over last few minutes.
I have to reload the page several times in order for it to load.

joemamma · 2010/06/05

here is the combofix log

ComboFix 10-06-05.01 - Prabhjit 06/05/2010 23:03:14.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.2814.1850 [GMT -5:00]
Running from: c:\users\Prabhjit\Desktop\broni.com
FW: Shaw Secure 2.0 7.00 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\div888F.tmp
C:\div9388.tmp

.
((((((((((((((((((((((((( Files Created from 2010-05-06 to 2010-06-06 )))))))))))))))))))))))))))))))
.

2010-06-06 04:08 . 2010-06-06 04:09 -------- d-----w- c:\users\Prabhjit\AppData\Local\temp
2010-06-06 04:08 . 2010-06-06 04:08 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-06-06 04:08 . 2010-06-06 04:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-06 04:08 . 2010-06-06 04:08 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-06-06 04:08 . 2010-06-06 04:08 -------- d-----w- c:\users\extra\AppData\Local\temp
2010-06-05 18:28 . 2009-06-30 14:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-06-05 18:28 . 2010-06-05 18:28 -------- d-----w- c:\program files\Panda Security
2010-06-05 13:01 . 2010-06-05 13:01 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2010-06-05 07:41 . 2010-06-05 07:41 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Malwarebytes
2010-06-05 07:41 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-05 07:41 . 2010-06-05 07:41 -------- d-----w- c:\programdata\Malwarebytes
2010-06-05 07:41 . 2010-06-05 07:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-05 07:41 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-04 05:45 . 2010-06-04 05:45 -------- d-----r- C:\comment.htt
2010-06-04 05:07 . 2010-06-04 05:07 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Mozilla
2010-06-04 05:00 . 2010-06-04 05:03 -------- d-----w- c:\windows\system32\catroot2
2010-06-04 01:08 . 2010-06-04 01:08 -------- d-----w- c:\windows\RestoreSafeDeleted
2010-06-04 00:44 . 2010-06-04 00:44 2 --shatr- c:\windows\winstart.bat
2010-06-04 00:43 . 2010-06-06 03:13 -------- d-----w- c:\program files\UnHackMe
2010-06-03 05:19 . 2010-06-03 05:19 -------- d-----w- C:\$regrest
2010-06-03 05:08 . 2010-06-03 05:09 -------- d-----w- c:\programdata\Hitman Pro
2010-05-20 04:04 . 2010-05-24 05:59 -------- d-----w- c:\users\Prabhjit\AppData\Roaming\DivX
2010-05-20 04:03 . 2010-06-04 02:34 -------- d-----w- c:\program files\Common Files\PX Storage Engine

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-06 03:10 . 2008-08-05 10:35 683776 ----a-w- c:\windows\system32\perfh00C.dat
2010-06-06 03:10 . 2008-08-05 10:35 135064 ----a-w- c:\windows\system32\perfc00C.dat
2010-06-06 03:03 . 2008-11-03 05:30 127444 ----a-w- c:\programdata\nvModes.dat
2010-06-04 05:48 . 2009-01-26 02:25 -------- d-----w- c:\program files\Google
2010-06-04 02:35 . 2010-04-11 07:39 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-04 02:35 . 2010-04-11 07:32 -------- d-----w- c:\programdata\DivX
2010-06-04 02:34 . 2010-04-11 07:32 -------- d-----w- c:\program files\DivX
2010-06-03 16:31 . 2008-11-02 22:07 87224 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-03 06:32 . 2008-11-03 05:34 -------- d-----w- c:\users\Prabhjit\AppData\Roaming\uTorrent
2010-06-03 06:32 . 2008-11-03 03:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-03 06:32 . 2008-11-03 02:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-03 06:32 . 2008-11-03 02:16 -------- d-----w- c:\program files\SpywareBlaster
2010-06-03 06:32 . 2009-10-26 08:34 -------- d-----w- c:\program files\Common Files\ParallelGraphics
2010-05-20 04:01 . 2010-04-11 07:33 1180952 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-05-08 05:40 . 2009-05-08 12:39 87224 ----a-w- c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-06 05:53 . 2008-11-02 22:31 87224 ----a-w- c:\users\Prabhjit\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-02 19:16 . 2008-11-02 22:21 -------- d-----w- c:\programdata\Microsoft Help
2010-03-31 17:28 . 2009-01-23 18:39 2090 ----a-w- c:\users\Prabhjit\AppData\Roaming\wklnhst.dat
2010-03-30 06:02 . 2010-03-30 06:02 0 ----a-w- c:\windows\nsreg.dat
2010-03-17 16:16 . 2008-11-03 02:25 35792 ----a-w- c:\windows\system32\drivers\fses.sys
2010-03-10 06:15 . 2010-03-10 06:15 10134 ----a-r- c:\users\Prabhjit\AppData\Roaming\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2008-11-03 00:54 . 2008-11-03 00:54 22 --sha-w- c:\windows\SMINST\HPCD.sys
2008-08-05 10:37 . 2008-08-05 10:37 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"F-Secure Manager "= "c:\program files\Shaw Secure\Common\FSM32.EXE" [2009-08-05 199264]
"F-Secure TNB "= "c:\program files\Shaw Secure\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
"HP Health Check Scheduler "= "c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-02-16 417792]

c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA "= 0 (0x0)
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux "=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-02 18:05 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2008-09-23 22:21 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-02-16 00:50 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Registry Repair Wizard Scheduler "= "c:\program files\SmartPCTools\Registry Repair Wizard\RCHelper.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UCam_Menu "= "c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0 "
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_05\bin\jusched.exe "
"QPService "= "c:\program files\HP\QuickPlay\QPService.exe "
"QlbCtrl.exe "=c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
"hpWirelessAssistant "=c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
"HP Software Update "=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"HP Health Check Scheduler "=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2945392943-2531225668-2341114136-1000]
"EnableNotificationsRef "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2945392943-2531225668-2341114136-501]
"EnableNotificationsRef "=dword:00000001

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-11-11 717296]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-11 133104]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Shaw Secure\ORSP Client\fsorsp.exe [2010-05-18 55992]
R4 F-Secure Filter;F-Secure File System Filter;c:\program files\Shaw Secure\Anti-Virus\Win2K\FSfilter.sys [2009-08-05 39776]
R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Shaw Secure\Anti-Virus\Win2K\FSrec.sys [2009-08-05 25184]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2010-02-14 33920]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Shaw Secure\HIPS\drivers\fshs.sys [2009-08-05 68064]
S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2010-03-17 35792]
S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-08-05 71040]
S1 fsvista;F-Secure Vista Support Driver;c:\program files\Shaw Secure\Anti-Virus\minifilter\fsvista.sys [2009-08-05 12384]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-26 361808]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Shaw Secure\Anti-Virus\minifilter\fsgk.sys [2010-05-06 113856]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-09 43040]
S4 RegGuard;RegGuard;c:\windows\system32\Drivers\regguard.sys [x]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMD23
*Deregistered* - klmd23
*Deregistered* - Partizan
.
Contents of the 'Scheduled Tasks' folder

2010-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-11 10:14]

2010-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-11 10:14]

2010-05-16 c:\windows\Tasks\HPCeeScheduleForPrabhjit.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-08-05 22:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xport to Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Shaw Secure\FSPS\program\FSLSP.DLL
FF - ProfilePath - c:\users\Prabhjit\AppData\Roaming\Mozilla\Firefox\Profiles\c64iuw1h.default\
FF - component: c:\program files\Shaw Secure\NRS\litmus-ff@f-secure.com\components\litmus-ff.dll
FF - plugin: c:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-05 23:09
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2945392943-2531225668-2341114136-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3E4EC8F3-3D55-AB64-7CDD-8A9138A74C9B}*]
"iaaaicjkliededhigk "=hex:6a,61,65,6a,70,66,6f,66,69,64,64,66,70,69,6e,61,61,70,
64,69,00,00
"haoaoaficajcdpfm "=hex:6a,61,65,6a,64,67,63,64,65,70,62,6e,70,65,67,62,6d,65,
68,6e,00,00
"habfkakiagfmoccf "=hex:66,61,66,6a,6c,64,6f,67,69,70,6b,70,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
Completion time: 2010-06-05 23:12:00
ComboFix-quarantined-files.txt 2010-06-06 04:11

Pre-Run: 89,674,268,672 bytes free
Post-Run: 89,028,153,344 bytes free

- - End Of File - - 2E6FBC2DE13E3DE4C6CD0F563CC69A5D

broni · 2010/06/05

Very good

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
C:\comment.htt
c:\windows\winstart.bat

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
 "DisableMonitoring "=-


RegNull::
[HKEY_USERS\S-1-5-21-2945392943-2531225668-2341114136-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3E4EC8F3-3D55-AB64-7CDD-8A9138A74C9B}*]
3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

joemamma · 2010/06/05

hey broni i just want to thank you for your help so far.
i will do this tomarrow since it is close to midnight over here, so in about 10 hours.

thanks again

broni · 2010/06/05

Not a problem
We're doing good progress...

joemamma · 2010/06/06

hey i just ran combofix again and it seems to be taking a long time at part where it says
' preparing log report'

broni · 2010/06/06

Be patient.

joemamma · 2010/06/06

hey its been over 4 hours, should i still wait or just redo it again?

broni · 2010/06/06

No, stop the process.

Please download OTM

Save it to your desktop.

Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code:
:Processes

:Services

:Reg
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
 "DisableMonitoring "=-
[-HKEY_USERS\S-1-5-21-2945392943-2531225668-2341114136-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3E4EC8F3-3D55-AB64-7CDD-8A9138A74C9B}]

:Files
C:\comment.htt
c:\windows\winstart.bat
      
:Commands
[purity]
[resethosts]
[emptytemp]
[Reboot]
Return to OTM, right click in the Paste Instructions for Items to be Movedwindow (under the yellow bar) and choose Paste.

Click the red Moveit! button.

Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.

Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

joemamma · 2010/06/06

i was also wonderin, i still have my guest account on, should i turn it off?

broni · 2010/06/06

I'm not sure, what you're saying.
What guest account?

joemamma · 2010/06/06

i have 2 accounts on vista, ie when i am at the starting windows, i chose which profile i want to log in, either mine or guest

broni · 2010/06/06

Nah, don't worry about guest account.

joemamma · 2010/06/06

here is the otm log

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\\DisableMonitoring not found.
Registry key HKEY_USERS\S-1-5-21-2945392943-2531225668-2341114136-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3E4EC8F3-3D55-AB64-7CDD-8A9138A74C9B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E4EC8F3-3D55-AB64-7CDD-8A9138A74C9B}\ not found.
========== FILES ==========
C:\comment.htt folder moved successfully.
File/Folder c:\windows\winstart.bat not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: extra
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 111692 bytes
->Flash cache emptied: 934 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32969 bytes
->Java cache emptied: 70302957 bytes
->FireFox cache emptied: 72642504 bytes
->Flash cache emptied: 15805 bytes

User: Prabhjit
->Temp folder emptied: 945 bytes
->Temporary Internet Files folder emptied: 1892736 bytes
->Java cache emptied: 1470990 bytes
->FireFox cache emptied: 78862384 bytes
->Flash cache emptied: 28029 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 7749 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24100 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78991 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 334 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 215.00 mb

OTM by OldTimer - Version 3.1.12.2 log created on 06062010_172646

Files moved on Reboot...
C:\Users\Prabhjit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BJ3R7VDW\ads[4].htm moved successfully.
C:\Users\Prabhjit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BJ3R7VDW\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Users\Prabhjit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9IS7M6CG\ads[1].htm moved successfully.
C:\Users\Prabhjit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9IS7M6CG\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Users\Prabhjit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6B9ADV76\113ce987-2b1b-469e-b639-39b1d3dac068_3rd_party_BBS[1].htm moved successfully.
C:\Users\Prabhjit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6B9ADV76\93382-active-google-redirects-other-search-engines-2-a-3[1].htm moved successfully.
C:\Users\Prabhjit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6B9ADV76\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Users\Prabhjit\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.

Registry entries deleted on Reboot...

broni · 2010/06/06

Good

Delete your GMER file, download new one and post fresh log.

joemamma · 2010/06/06

here is the gmers log 2

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-06 18:25:12
Windows 6.0.6001 Service Pack 1
Running: gmer.exe; Driver: C:\Users\Prabhjit\AppData\Local\Temp\fgloakog.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys ZwCreateThread [0x90526E8C]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys ZwLoadDriver [0x905271BC]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys ZwMapViewOfSection [0x90526BCC]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys ZwOpenSection [0x905275EE]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys ZwRenameKey [0x9052888C]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys ZwSetSystemInformation [0x9052743E]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys ZwSuspendProcess [0x90526A4C]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys ZwSuspendThread [0x90526EC0]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys ZwSystemDebugControl [0x90527042]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys ZwTerminateProcess [0x905269A6]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys ZwTerminateThread [0x90526B06]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys ZwWriteVirtualMemory [0x90526F86]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys ZwCreateThreadEx [0x90526EA6]

INT 0x62 ? 86851BF8
INT 0x72 ? 86851BF8
INT 0x92 ? 84BE5BF8
INT 0xA2 ? 84BE5BF8
INT 0xB2 ? 84BE5BF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 454 81F06A18 4 Bytes [8C, 6E, 52, 90] {MOV WORD [ESI+0x52], GS; NOP }
.text ntkrnlpa.exe!KeSetTimerEx + 5B0 81F06B74 4 Bytes [BC, 71, 52, 90]
.text ntkrnlpa.exe!KeSetTimerEx + 5E0 81F06BA4 4 Bytes [CC, 6B, 52, 90]
.text ntkrnlpa.exe!KeSetTimerEx + 630 81F06BF4 4 Bytes [EE, 75, 52, 90] {OUT DX, AL ; JNZ 0x55; NOP }
.text ntkrnlpa.exe!KeSetTimerEx + 748 81F06D0C 4 Bytes [8C, 88, 52, 90]
.text ...
? System32\Drivers\spqr.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 8E63446F 5 Bytes JMP 868511D8
.text aj87w7w0.SYS 8F999000 22 Bytes [26, 22, E2, 81, 10, 21, E2, ...]
.text aj87w7w0.SYS 8F999017 78 Bytes [00, 32, 07, 71, 80, 3D, 05, ...]
.text aj87w7w0.SYS 8F999066 66 Bytes JMP EA1C3081
.text aj87w7w0.SYS 8F9990A9 35 Bytes JMP EA07A081
.text aj87w7w0.SYS 8F9990CE 10 Bytes [00, 00, 00, 00, 00, 00, 66, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2352] kernel32.dll!LoadLibraryExW 764430C3 5 Bytes JMP 0373000C
.text C:\Program Files\Internet Explorer\iexplore.exe[2352] USER32.dll!DialogBoxIndirectParamW 7637BD25 5 Bytes JMP 6F67076D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2352] USER32.dll!DialogBoxParamW 76391FD5 5 Bytes JMP 6F6706F7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2352] USER32.dll!DialogBoxParamA 763B80B2 5 Bytes JMP 6F670732 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2352] USER32.dll!DialogBoxIndirectParamA 763B83DD 5 Bytes JMP 6F6707A8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2352] USER32.dll!MessageBoxIndirectA 763CD471 5 Bytes JMP 6F6706B3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2352] USER32.dll!MessageBoxIndirectW 763CD56B 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[2352] USER32.dll!MessageBoxIndirectW 763CD56B 5 Bytes JMP 6F67066F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2352] USER32.dll!MessageBoxExA 763CD5D1 5 Bytes JMP 6F670635 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2352] USER32.dll!MessageBoxExW 763CD5F5 5 Bytes JMP 6F6705FB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2352] ole32.dll!OleLoadFromStream 76169726 5 Bytes JMP 6F67096A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806076D2] \SystemRoot\System32\Drivers\spqr.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80607040] \SystemRoot\System32\Drivers\spqr.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [806077FC] \SystemRoot\System32\Drivers\spqr.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806070BE] \SystemRoot\System32\Drivers\spqr.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8060713C] \SystemRoot\System32\Drivers\spqr.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [80617048] \SystemRoot\System32\Drivers\spqr.sys
IAT \SystemRoot\System32\Drivers\aj87w7w0.SYS[ataport.SYS!AtaPortNotification] 24488B66
IAT \SystemRoot\System32\Drivers\aj87w7w0.SYS[ataport.SYS!AtaPortWritePortUchar] E84D8966
IAT \SystemRoot\System32\Drivers\aj87w7w0.SYS[ataport.SYS!AtaPortWritePortUlong] 83E84D8B
IAT \SystemRoot\System32\Drivers\aj87w7w0.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 896602C1
IAT \SystemRoot\System32\Drivers\aj87w7w0.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 488BEA4D
IAT \SystemRoot\System32\Drivers\aj87w7w0.SYS[ataport.SYS!AtaPortGetScatterGatherList] 8DC80320
IAT \SystemRoot\System32\Drivers\aj87w7w0.SYS[ataport.SYS!AtaPortReadPortUchar] 57500845
IAT \SystemRoot\System32\Drivers\aj87w7w0.SYS[ataport.SYS!AtaPortStallExecution] F0458D57
IAT \SystemRoot\System32\Drivers\aj87w7w0.SYS[ataport.SYS!AtaPortGetParentBusType] 00006850
IAT \SystemRoot\System32\Drivers\aj87w7w0.SYS[ataport.SYS!AtaPortRequestCallback] 458DB002
IAT \SystemRoot\System32\Drivers\aj87w7w0.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 35FF50E8
IAT \SystemRoot\System32\Drivers\aj87w7w0.SYS[ataport.SYS!AtaPortGetUnCachedExtension] [8F9BEFBC] \SystemRoot\System32\Drivers\aj87w7w0.SYS (ATAPI IDE Miniport Driver/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\aj87w7w0.SYS[ataport.SYS!AtaPortCompleteRequest] 57EC4D89
IAT \SystemRoot\System32\Drivers\aj87w7w0.SYS[ataport.SYS!AtaPortMoveMemory] 01F045C7
IAT \SystemRoot\System32\Drivers\aj87w7w0.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] E8000000
IAT \SystemRoot\System32\Drivers\aj87w7w0.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 0001E4E4
IAT \SystemRoot\System32\Drivers\aj87w7w0.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 4675C73B
IAT \SystemRoot\System32\Drivers\aj87w7w0.SYS[ataport.SYS!AtaPortReadPortUshort] 9BEFC8A1
IAT \SystemRoot\System32\Drivers\aj87w7w0.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 8D526A8F
IAT \SystemRoot\System32\Drivers\aj87w7w0.SYS[ataport.SYS!AtaPortInitialize] 00009A88
IAT \SystemRoot\System32\Drivers\aj87w7w0.SYS[ataport.SYS!AtaPortGetDeviceBase] 48C08300
IAT \SystemRoot\System32\Drivers\aj87w7w0.SYS[ataport.SYS!AtaPortDeviceStateChange] 8D076A50

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 855891F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 855651F8
Device \Driver\netbt \Device\NetBT_Tcpip_{0E9A2169-0ADF-42C3-98E4-49DA56F3119B} 8782D500
Device \Driver\usbohci \Device\USBPDO-0 866C61F8
Device \Driver\usbehci \Device\USBPDO-1 866C41F8
Device \Driver\sptd \Device\3223138272 spqr.sys
Device \Driver\usbohci \Device\USBPDO-2 866C61F8
Device \Driver\usbehci \Device\USBPDO-3 866C41F8
Device \Driver\volmgr \Device\HarddiskVolume1 855651F8
Device \Driver\netbt \Device\NetBT_Tcpip_{925277CE-3B31-41A0-AF18-A9E525185964} 8782D500
Device \Driver\volmgr \Device\HarddiskVolume2 855651F8
Device \Driver\cdrom \Device\CdRom0 8660C1F8
Device \Driver\volmgr \Device\HarddiskVolume3 855651F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 855681F8
Device \Driver\atapi \Device\Ide\IdePort0 855681F8
Device \Driver\atapi \Device\Ide\IdePort1 855681F8
Device \Driver\atapi \Device\Ide\IdePort2 855681F8
Device \Driver\atapi \Device\Ide\IdePort3 855681F8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-5 855681F8
Device \Driver\netbt \Device\NetBt_Wins_Export 8782D500
Device \Driver\Smb \Device\NetbiosSmb 878291F8
Device \Driver\iScsiPrt \Device\RaidPort0 867241F8
Device \Driver\usbohci \Device\USBFDO-0 866C61F8
Device \Driver\PCI_PNP4263 \Device\0000007a spqr.sys
Device \Driver\usbehci \Device\USBFDO-1 866C41F8
Device \Driver\usbohci \Device\USBFDO-2 866C61F8
Device \Driver\usbehci \Device\USBFDO-3 866C41F8
Device \Driver\aj87w7w0 \Device\Scsi\aj87w7w01 8673E1F8
Device \FileSystem\cdfs \Cdfs 87F7C1F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5C 0xA8 0x45 0x13 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x87 0x8F 0xEC 0xA8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x3D 0xAA 0xB9 0xDF ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5C 0xA8 0x45 0x13 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x87 0x8F 0xEC 0xA8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x3D 0xAA 0xB9 0xDF ...

---- EOF - GMER 1.0.15 ----

Log in or Sign up

Solved google redirects to other search engines 2

joemamma Inactive Thread Starter

broni Moderator Malware Analyst

joemamma Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

joemamma Inactive Thread Starter

broni Moderator Malware Analyst

joemamma Inactive Thread Starter

broni Moderator Malware Analyst

joemamma Inactive Thread Starter

broni Moderator Malware Analyst

joemamma Inactive Thread Starter

broni Moderator Malware Analyst

joemamma Inactive Thread Starter

broni Moderator Malware Analyst

joemamma Inactive Thread Starter

broni Moderator Malware Analyst

joemamma Inactive Thread Starter

broni Moderator Malware Analyst

joemamma Inactive Thread Starter

Share This Page

Log in or Sign up

Solved google redirects to other search engines 2

joemamma Inactive Thread Starter

broni Moderator Malware Analyst

joemamma Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

joemamma Inactive Thread Starter

broni Moderator Malware Analyst

joemamma Inactive Thread Starter

broni Moderator Malware Analyst

joemamma Inactive Thread Starter

broni Moderator Malware Analyst

joemamma Inactive Thread Starter

broni Moderator Malware Analyst

joemamma Inactive Thread Starter

broni Moderator Malware Analyst

joemamma Inactive Thread Starter

broni Moderator Malware Analyst

joemamma Inactive Thread Starter

broni Moderator Malware Analyst

joemamma Inactive Thread Starter

Share This Page

Useful Searches