Google Redirecting Malware

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

Re: Google Redirecting Malware

Post by crucifix676 on Wed Jul 28, 2010 11:24 am

*MultiFile Done* -> ->
< Protocol Filters [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ ->
text/xml:{807563E5-5146-11D5-A672-00B0D022E945} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL[Microsoft Office InfoPath XML Mime Filter] -> [2008/10/25 09:27:54 | 000,044,408 | ---- | M | MD5 = 40F9FC39CCF5445F3075083380BD5421] (Microsoft Corporation)
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
belarc:{6318E0AB-2E93-11D1-B8ED-00608CC9A71F} [HKLM] -> C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll[VoilaXctl Class] -> [2008/03/06 17:37:36 | 000,106,496 | ---- | M | MD5 = B66F539109299F530E534BF182232343] (Belarc, Inc.)
grooveLocalGWS:{88FED34C-F0CA-4636-A375-3CB6248B04CD} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll[Local Groove Web Services Protocol] -> [2009/02/12 15:19:38 | 000,178,040 | ---- | M | MD5 = 68747446F9D982938DB6B110F2908271] (Microsoft Corporation)
ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll[HxProtocol Class] -> [2006/10/26 13:45:02 | 000,873,216 | ---- | M | MD5 = 9E7370CC3D6A43942433F85D0E2BBDD8] (Microsoft Corporation)
skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKLM] -> C:\Program Files\Common Files\Skype\Skype4COM.dll[IEProtocolHandler Class] -> [2009/10/09 13:11:14 | 001,959,208 | R--- | M | MD5 = 1E79B48BC50B99FDC0066860BCEFBC23] (Skype Technologies)
< SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ ->
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
PCI Configuration -> Driver Group
PNP Filter -> Driver Group
Primary disk -> Driver Group
SCSI Class -> Driver Group
sermouse.sys -> Driver
System Bus Extender -> Driver Group
vds -> Service
vga.sys -> Driver
< SafeBoot-Network Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ ->
{1a3e09be-1e45-494b-9174-d7385b45bbf5} -> Reg Error: Value error.
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E972-E325-11CE-BFC1-08002BE10318} -> Net
{4D36E973-E325-11CE-BFC1-08002BE10318} -> NetClient
{4D36E974-E325-11CE-BFC1-08002BE10318} -> NetService
{4D36E975-E325-11CE-BFC1-08002BE10318} -> NetTrans
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
hitmanpro35 -> Reg Error: Value error.
hitmanpro35.sys -> Reg Error: Value error.
HitmanPro35Crusader -> Reg Error: Value error.
NDIS Wrapper -> Driver Group
NetBIOSGroup -> Driver Group
NetDDEGroup -> Driver Group
Network -> Driver Group
NetworkProvider -> Driver Group
PCI Configuration -> Driver Group
PNP Filter -> Driver Group
PNP_TDI -> Driver Group
Primary disk -> Driver Group
SCSI Class -> Driver Group
sermouse.sys -> Driver
Streams Drivers -> Driver Group
System Bus Extender -> Driver Group
TDI -> Driver Group
vga.sys -> Driver
< Security Center Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
\"FirstRunDisabled" -> [1] -> File not found
\"UpdatesDisableNotify" -> [0] -> File not found
\"AntiVirusOverride" -> [0] -> File not found
\"FirewallOverride" -> [0] -> File not found
\"AntiVirusDisableNotify" -> [0] -> File not found
\"FirewallDisableNotify" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall
\Monitoring\SymantecFirewall\"DisableMonitoring" -> [1] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
\"EnableFirewall" -> [1] -> File not found
\"DoNotAllowExceptions" -> [0] -> File not found
\"DisableNotifications" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> C:\Program Files\Bonjour\mdnsNSP.dll -> [2010/05/18 16:35:14 | 000,152,864 | ---- | M | MD5 = E19A4040E79BE0AACA971117378F7F2B] (Apple Inc.)
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
{048298C9-A4D3-490B-9FF9-AB023A9238F3} -> Steam
{0A65A3BD-54B5-4d0d-B084-7688507813F5} -> SlideShow
{0B33B738-AD79-4E32-90C5-E67BFB10BBFF} -> AiO_Scan
{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6} -> TrayApp
{0CB9668D-F979-4F31-B8B8-67FE90F929F8} -> Bonjour
{0D499481-22C6-4B25-8AC2-6D3F6C885FB9} -> OpenOffice.org Installer 1.0
{1341D838-719C-4A05-B50F-49420CA1B4BB} -> HP Boot Optimizer
{15C0AF59-4877-49B6-B8C6-A61CE54515F5} -> cp_OnlineProjectsConfig
{1DCC7418-2089-4BDD-B321-3771956160FC} -> ijji Auto Installer
{1E1F1E70-14D8-4380-8652-BD1A895A7D65} -> Status
{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} -> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
{21199F32-B676-4FE2-A443-EF7DB6B8FD4F} -> Opera 10.10
{23012310-3E05-46A5-88A9-C6CBCABCAC79} -> Customer Experience Enhancement
{2376813B-2E5A-4641-B7B3-A0D5ADB55229} -> HPPhotoSmartExpress
{26A24AE4-039D-4CA4-87B4-2F83216020FF} -> Java(TM) 6 Update 20
{2818095F-FB6C-42C8-827E-0A406CC9AFF5} -> Quicken 2006
{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD} -> QuickTime
{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0} -> HP Deskjet Printer Preload
{2E660A2A-A55F-43CD-9F73-CAD7382EEB78} -> Microsoft Games for Windows - LIVE Redistributable
{2F58D60D-2BFD-4467-9B4D-64E7355C329D} -> Sonic_PrimoSDK
{31263605-FC84-4787-B847-BA445B147E24} -> ScannerCopy
{3248F0A8-6813-11D6-A77B-00B0D0150050} -> J2SE Runtime Environment 5.0 Update 5
{3248F0A8-6813-11D6-A77B-00B0D0160050} -> Java(TM) 6 Update 5
{3248F0A8-6813-11D6-A77B-00B0D0160070} -> Java(TM) 6 Update 7
{33BF0960-DBA3-4187-B6CC-C969FCFA2D25} -> SkinsHP1
{33D6CC28-9F75-4d1b-A11D-98895B3A3729} -> HP Photosmart 330,380,420,470,7800,8000,8200 Series
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP
{352F5013-07DC-446D-8DB6-38F339086C60} -> LightScribe 1.4.84.1
{36D620AD-EEBA-4973-BA86-0C9AE6396620} -> OptionalContentQFolder
{3CF99DC3-38FD-46E6-A6B4-9C70074E020C} -> DocumentViewer
{416D80BA-6F6D-4672-B7CF-F54DA2F80B44} -> Microsoft Works
{41E776A5-9B12-416D-9A12-B4F7B044EBED} -> CP_Package_Basic1
{45B8A76B-57EC-4242-B019-066400CD8428} -> BufferChm
{45D707E9-F3C4-11D9-A373-0050BAE317E1} -> HP DVD Play 2.1
{4A03706F-666A-4037-7777-5F2748764D10} -> Java Auto Updater
{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1} -> SolutionCenter
{51F96AEC-D902-4434-A0DC-B9692A21AE7C} -> MobileMe Control Panel
{54E3707F-808E-4fd4-95C9-15D1AB077E5D} -> NewCopy
{5B79CFD1-6845-4158-9D7D-6BE89DF2C135} -> HP PSC & OfficeJet 5.3.B
{5D61626A-BD55-4e42-82EE-4AE89D8FD050} -> HP Photosmart Cameras 6.0
{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99} -> muvee autoProducer unPlugged 2.0
{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C} -> RandMap
{66A9D30D-1464-4C7F-B2F3-507DADAF2595} -> Microsoft IntelliPoint 6.3
{68763C27-235D-4165-A961-FDEA228CE504} -> AiOSoftwareNPI
{6956856F-B6B3-4BE0-BA0B-8F495BE32033} -> Apple Software Update
{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} -> Windows Media Player Firefox Plugin
{6A118C80-B382-41c0-8907-CDD0BF5EFE6E} -> CameraDrivers
{7299052b-02a4-4627-81f2-1818da5d550d} -> Microsoft Visual C++ 2005 Redistributable
{729DF902-05F9-4C00-9E6D-411119824E5F} -> hpiCamDrvQFolder
{736C803C-DD3B-4015-BC51-AFB9E67B9076} -> Readme
{755EC5E3-FD51-46bd-A57F-7A2D56FBF061} -> PSTAPlugin
{769A295C-DCF4-41d6-AFBA-7D9394B23AFE} -> PSPrinters08
{7850A6D2-CBEA-4728-9877-F1BEDEA9F619} -> AiOSoftware
{789289CA-F73A-4A16-A331-54D498CE069F} -> Ventrilo Client
{8105684D-8CA6-440D-8F58-7E5FD67A499D} -> Easy Internet Sign-up
{82081779-4175-4666-A457-AB711CD37EF0} -> cp_LightScribeConfig
{829DAAD6-BB11-4BB7-921B-07FFB703F944} -> CP_Package_Variety3
{82E55892-6FFD-403F-AA97-D726846768AA} -> CP_AtenaShokunin1Config
{837b34e3-7c30-493c-8f6a-2b0f04e2912c} -> Microsoft Visual C++ 2005 Redistributable
{83AA9001-96CC-4D5A-A146-1EF64AE62B8A} -> Timeline Maker Student
{85991ED2-010C-4930-96FA-52F43C2CE98A} -> Apple Mobile Device Support
{866A0078-DEA7-4348-9C9A-999AF2991EAA} -> SlideShowMusic
{868EC22E-7E82-4760-9265-3F2E705BF24B} -> League of Legends
{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} -> Microsoft Silverlight
{8A534F71-3202-4464-A422-B767295E67B9} -> CP_Package_Variety2
{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05} -> Unload
{8DC069E7-893C-41E1-9442-DE89FEC33371} -> Xobni Core
{90120000-0010-0409-0000-0000000FF1CE} -> Microsoft Software Update for Web Folders (English) 12
{90120000-0015-0409-0000-0000000FF1CE} -> Microsoft Office Access MUI (English) 2007
{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0016-0409-0000-0000000FF1CE} -> Microsoft Office Excel MUI (English) 2007
{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0018-0409-0000-0000000FF1CE} -> Microsoft Office PowerPoint MUI (English) 2007
{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0019-0409-0000-0000000FF1CE} -> Microsoft Office Publisher MUI (English) 2007
{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-001A-0409-0000-0000000FF1CE} -> Microsoft Office Outlook MUI (English) 2007
{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-001B-0409-0000-0000000FF1CE} -> Microsoft Office Word MUI (English) 2007
{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-001F-0409-0000-0000000FF1CE} -> Microsoft Office Proof (English) 2007
{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045} -> Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
{90120000-001F-040C-0000-0000000FF1CE} -> Microsoft Office Proof (French) 2007
{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787} -> Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
{90120000-001F-0C0A-0000-0000000FF1CE} -> Microsoft Office Proof (Spanish) 2007
{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9} -> Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
{90120000-002C-0409-0000-0000000FF1CE} -> Microsoft Office Proofing (English) 2007
{90120000-0030-0000-0000-0000000FF1CE} -> Microsoft Office Enterprise 2007
{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF} -> Security Update for Microsoft Office system 2007 (972581)
{90120000-0044-0409-0000-0000000FF1CE} -> Microsoft Office InfoPath MUI (English) 2007
{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-006E-0409-0000-0000000FF1CE} -> Microsoft Office Shared MUI (English) 2007
{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-00A1-0409-0000-0000000FF1CE} -> Microsoft Office OneNote MUI (English) 2007
{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-00BA-0409-0000-0000000FF1CE} -> Microsoft Office Groove MUI (English) 2007
{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0114-0409-0000-0000000FF1CE} -> Microsoft Office Groove Setup Metadata MUI (English) 2007
{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0115-0409-0000-0000000FF1CE} -> Microsoft Office Shared Setup Metadata MUI (English) 2007
{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0117-0409-0000-0000000FF1CE} -> Microsoft Office Access Setup Metadata MUI (English) 2007
{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{92606477-9366-4D3B-8AE3-6BE4B29727AB} -> League of Legends
{93E5A317-24EC-4744-812C-16FECFE86E6A} -> CP_Package_Variety1
{95120000-00B9-0409-0000-0000000FF1CE} -> Microsoft Application Error Reporting
{95C5F81D-0779-4932-BE83-32AAF814F4B9} -> League of Legends
{974C4B12-4D02-4879-85E0-61C95CC63E9E} -> Fallout 3
{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E} -> Visual C++ 8.0 ATL (x86) WinSXS MSM
{980A182F-E0A2-4A40-94C1-AE0C1235902E} -> Pando Media Booster
{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E} -> Visual C++ 8.0 CRT (x86) WinSXS MSM
{9A3EABC0-CA06-11D4-BF77-00104B130C19} -> EPSON TWAIN 5
{A29800BA-0BF1-4E63-9F31-DF05A87F4104} -> InstantShareDevices
{A2BCA9F1-566C-4805-97D1-7FDC93386723} -> Adobe AIR
{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} -> Microsoft .NET Framework 3.0 Service Pack 2
{A3455242-DAE0-4523-8242-FD82706ABF4B} -> CameraDrivers
{AB5D51AE-EBC3-438D-872C-705C7C2084B0} -> DeviceManagementQFolder
{AC76BA86-7AD7-1033-7B44-A71000000002} -> Adobe Reader 7.1.0
{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF} -> Magic Online III
{B2157760-AA3C-4E2E-BFE6-D20BC52495D9} -> cp_PosterPrintConfig
{B2D328BE-45AD-4D92-96F9-2151490A203E} -> Apple Application Support
{B6286A44-7505-471A-A72B-04EC2DB2F442} -> CueTour
{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3} -> CP_Panorama1Config
{B7050CBDB2504B34BC2A9CA0A692CC29} -> DivX Web Player
{B9DD2DE0-27BE-4e6b-AAD8-0D960ABF87FD} -> CameraUserGuides
{BA4DF4C3-196E-4128-969A-00996B5A46F8} -> Canon MP500
{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E} -> HP Software Update
{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411} -> DocProc
{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} -> Microsoft .NET Framework 2.0 Service Pack 2
{C1C6767D-B395-43CB-BF99-051B58B86DA6} -> PhotoGallery
{C1E11C46-E6EB-4BD2-9ADF-2A98ACBEB216} -> iTunes
{C3FAA091-B278-44A7-BF48-190811C5F9F7} -> cp_UpdateProjectsConfig
{C6812939-B117-48E6-A3BA-1709C14A3C8C} -> Scan
{C8753E28-2680-49BF-BD48-DD38FD086EFE} -> AiO_Scan_CDA
{C98E8D9D-21DE-4F87-A9B7-142BB89840FC} -> Toolbox
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1
{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC} -> Fax
{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} -> Microsoft .NET Framework 3.5 SP1
{D103C4BA-F905-437A-8049-DB24763BBE36} -> Skype™ 4.1
{DAAD5187-62C5-4AD6-A526-803C18C4944D} -> HP Web Helper
{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38} -> HpSdpAppCoreApp
{DEA314C4-0929-4250-BC92-98E4C105F28D} -> NVIDIA PhysX
{DEBB2986-15B0-4D28-95FA-5C966A396589} -> HPProductAssistant
{E5A1DE9A-A21C-43A1-B06D-5146BAF62033} -> PanoStandAlone
{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D} -> HP PSC & OfficeJet 6.1.A
{EC2715CE-C182-483C-84CC-81D7D914CF14} -> WebReg
{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F} -> CP_CalendarTemplates1
{F112F66E-25CA-42DD-983C-6118EB38F606} -> Microsoft Games for Windows - LIVE
{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} -> Realtek High Definition Audio Driver
{F333A33D-125C-32A2-8DCE-5C5D14231E27} -> Visual C++ 2008 x86 Runtime - (v9.0.30729)
{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01 -> Visual C++ 2008 x86 Runtime - v9.0.30729.01
{F6076EF9-08E1-442F-B6A2-BFB61B295A14} -> Fax_CDA
{F80239D8-7811-4D5E-B033-0D0BBFE32920} -> HP DigitalMedia Archive
{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623} -> ooVoo
{FB15E224-67C3-491F-9F5C-F257BC418412} -> Destinations
{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F} -> NewCopy_CDA
{FEB2D0CA-9912-4AA1-8FBE-CFD852F9F1FC} -> Panda Cloud Antivirus
7-Zip -> 7-Zip 4.65

crucifix676
Novice
Novice

Status :
Online
Offline

Posts : 49
Joined : 2010-06-22
OS : Windows XP

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on Wed Jul 28, 2010 11:27 am

8461-7759-5462-8226 -> Vuze
Adobe AIR -> Adobe AIR
Adobe Flash Player ActiveX -> Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin -> Adobe Flash Player 10 Plugin
Advanced SystemCare 3_is1 -> Advanced SystemCare 3
Ask Toolbar_is1 -> Vuze Toolbar
Audacity 1.3 Beta (Unicode)_is1 -> Audacity 1.3.9 (Unicode)
AwayMode160 -> Microsoft Away Mode
B3EE3001-DC24-4cd1-8743-5692C716659F -> Otto
Belarc Advisor -> Belarc Advisor 7.2
CCleaner -> CCleaner
CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1 -> Data Fax SoftModem with SmartCP
DFO -> DFOLauncher
DISCover -> DISCover
ENTERPRISE -> Microsoft Office Enterprise 2007
EPSON Printer and Utilities -> EPSON Printer Software
FrostWire -> FrostWire 4.18.4
Game Booster_is1 -> Game Booster
Guild Wars -> Guild Wars
Guitar Pro 5_is1 -> Guitar Pro 5.2
HP Document Viewer -> HP Document Viewer 6.1
HP Game Console -> HP Game Console
HP Imaging Device Functions -> HP Imaging Device Functions 7.0
HP Photo & Imaging -> HP Photosmart Premier Software 6.5
HP Photosmart for Media Center PC -> HP Photosmart for Media Center PC
HP Rhapsody -> HP Rhapsody
HP Solution Center & Imaging Support Tools -> HP Solution Center and Imaging Support Tools 6.1
HPOOVClient-9972322 Uninstaller -> Updates from HP (remove only)
InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79} -> Customer Experience Enhancement
LAME for Audacity_is1 -> LAME v3.98.2 for Audacity
LiveUpdate -> LiveUpdate 3.0 (Symantec Corporation)
Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1 (1033) -> Microsoft .NET Framework 1.1
Microsoft .NET Framework 3.5 SP1 -> Microsoft .NET Framework 3.5 SP1
Money2006b -> Microsoft Money 2006
Mozilla Firefox (3.6.8) -> Mozilla Firefox (3.6.8)
MSCompPackV1 -> Microsoft Compression Client Pack 1.0 for Windows XP
Netscape Browser -> Netscape Browser (remove only)
NVIDIA Drivers -> NVIDIA Drivers
NVIDIA nView Desktop Manager -> NVIDIA nView Desktop Manager
Panda Cloud Antivirus -> Panda Cloud Antivirus
Panda Identity Protect -> Panda Identity Protect 3.0.44
pandasecuritytb -> Panda Security Toolbar
PC-Doctor 5 for Windows -> PC-Doctor 5 for Windows
PopCap Browser Plugin -> PopCap Browser Plugin
Python 2.2.3 -> Python 2.2.3
pywin32-py2.2 -> Python 2.2 pywin32 extensions (build 203)
RealPlayer 6.0 -> RealPlayer
Smart Defrag_is1 -> Smart Defrag
Steam App 440 -> Team Fortress 2
SystemRequirementsLab -> System Requirements Lab
TuneUpMedia -> TuneUp Companion 1.7.1
UnityWebPlayer -> Unity Web Player
Wdf01005 -> Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
WildTangent CDA -> WildTangent Web Driver
Windows Media Format Runtime -> Windows Media Format 11 runtime
Windows Media Player -> Windows Media Player 11
Windows XP Service Pack -> Windows XP Service Pack 3
WinRAR archiver -> WinRAR archiver
WMFDist11 -> Windows Media Format 11 runtime
wmp11 -> Windows Media Player 11
Wudf01000 -> Microsoft User-Mode Driver Framework Feature Pack 1.0
Xfire -> Xfire (remove only)
XobniMain -> Xobni
ZHTIELangPack -> Chinese (Traditional) Language Support
< Uninstall List [HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\] > -> HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
FrozenGlade Installer -> FrozenGlade Installer
Google Chrome -> Google Chrome

crucifix676
Novice
Novice

Status :
Online
Offline

Posts : 49
Joined : 2010-06-22
OS : Windows XP

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on Wed Jul 28, 2010 11:29 am

< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 7/26/2010 6:36:23 PM Computer Name = ERIC | Source = Application Error | ID = 1000 -> Description = Faulting application tuneupupdater.exe, version 1.7.0.858, faulting module tuneupupdater.exe, version 1.7.0.858, fault address 0x0030744c.


-----Will need to give you rest of log later-----

crucifix676
Novice
Novice

Status :
Online
Offline

Posts : 49
Joined : 2010-06-22
OS : Windows XP

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on Wed Jul 28, 2010 9:14 pm

ok


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on Tue Aug 03, 2010 5:23 am

forum is giving me trouble, so please follow link here to see full log.

[You must be registered and logged in to see this link.]

crucifix676
Novice
Novice

Status :
Online
Offline

Posts : 49
Joined : 2010-06-22
OS : Windows XP

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on Wed Aug 04, 2010 3:28 am

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill All Processes]
[Unregister Dlls]
[Win32 Services - Safe List]
YY -> (F6E68549) F6E68549 [On_Demand | Stopped] -> C:\WINDOWS\System32\F6E68549.exe
YY -> (9258704E) 9258704E [On_Demand | Stopped] -> C:\WINDOWS\System3258704E.exe
YY -> (441CC720) 441CC720 [On_Demand | Stopped] -> C:\WINDOWS\System321CC720.exe
YY -> (3D1AB9A9) 3D1AB9A9 [On_Demand | Stopped] -> C:\WINDOWS\System32D1AB9A9.exe
[Registry - Safe List]
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> trymedia.com .[http] -> Trusted sites
YN -> trymedia.com .[https] -> Trusted sites
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\] > -> HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4822 domain(s) found.
[Purity]
[Empty Temp Folders]
[EmptyFlash]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on Wed Aug 04, 2010 5:40 am

All Processes Killed
[Win32 Services - Safe List]
Service F6E68549 stopped successfully!
Service F6E68549 deleted successfully!
File C:\WINDOWS\System32\F6E68549.exe not found.
Service 9258704E stopped successfully!
Service 9258704E deleted successfully!
File C:\WINDOWS\System3258704E.exe not found.
Service 441CC720 stopped successfully!
Service 441CC720 deleted successfully!
File C:\WINDOWS\System321CC720.exe not found.
Service 3D1AB9A9 stopped successfully!
Service 3D1AB9A9 deleted successfully!
File C:\WINDOWS\System32D1AB9A9.exe not found.
[Registry - Safe List]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trymedia.com\\http deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trymedia.com\\https deleted successfully.
Registry key HKEY_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ not found.
Unable to create registry key HKEY_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ .
[Purity]
Purity scan complete.
[Empty Temp Folders]


User: Admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: asdf
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Eric
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest.ERIC
->Temp folder emptied: 664872 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 18631141 bytes
->Flash cache emptied: 0 bytes

User: HP_Administrator
->Temp folder emptied: 149319455 bytes
->Temporary Internet Files folder emptied: 2511976 bytes
->Java cache emptied: 215029 bytes
->FireFox cache emptied: 76696060 bytes
->Google Chrome cache emptied: 819568 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 21280 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 19070408 bytes
->Java cache emptied: 3180 bytes
->Flash cache emptied: 9420 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 46404307 bytes
->Java cache emptied: 1154480 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 25745 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1324 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 194819816 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 41212 bytes

Total Files Cleaned = 487.00 mb


[EMPTYFLASH]

User: Admin
->Flash cache emptied: 0 bytes

User: Administrator

User: All Users

User: asdf

User: Default User
->Flash cache emptied: 0 bytes

User: Eric
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Guest.ERIC
->Flash cache emptied: 0 bytes

User: HP_Administrator
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.34.0 fix logfile created on 08032010_223347

Files\Folders moved on Reboot...
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\274549445@Bottom3[1].htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\417205955@Bottom3[1].htm moved successfully.
File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\CAIRSL6R.php not found!
File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\CAURKBB8.htm not found!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\01234567\ai.realmedia[1].htm moved successfully.
File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\01234567\ai.realmedia[2].htm not found!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\01234567\blank[1].htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\01234567\CA4X2BW9.htm moved successfully.
File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\01234567\CAR2RAZG.htm not found!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\01234567\freq[1].htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\01234567\syncuppixels[1].htm moved successfully.
C:\WINDOWS\temp\VGX10B.tmp moved successfully.

Registry entries deleted on Reboot...

crucifix676
Novice
Novice

Status :
Online
Offline

Posts : 49
Joined : 2010-06-22
OS : Windows XP

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on Wed Aug 04, 2010 5:45 pm

Note: the following tool is to only be used under the guidance of a malware helper. In the event you already have the tool, please delete the old copy and download a new copy.

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.] (Click the green button on the page to download it).

Rename ComboFix.exe to combo-fix.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\combo-fix.exe" /killall
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

    *NOTE*: If you already have the Recovery Console installed, ComboFix will skip this part and will continue scanning for malware.

    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on Fri Aug 06, 2010 12:30 am

ComboFix 10-08-05.02 - HP_Administrator 08/05/2010 17:21:12.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2507 [GMT -7:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\combo-fix.exe
AV: Panda Cloud Antivirus *On-access scanning disabled* (Updated) {5AD27692-540A-464E-B625-78275FA38393}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Guest.ERIC\Local Settings\Application Data\{C94FCD73-2E12-4932-97BF-3BE7F2183017}
c:\documents and settings\Guest.ERIC\Local Settings\Application Data\{C94FCD73-2E12-4932-97BF-3BE7F2183017}\chrome.manifest
c:\documents and settings\Guest.ERIC\Local Settings\Application Data\{C94FCD73-2E12-4932-97BF-3BE7F2183017}\chrome\content\_cfg.js
c:\documents and settings\Guest.ERIC\Local Settings\Application Data\{C94FCD73-2E12-4932-97BF-3BE7F2183017}\chrome\content\overlay.xul
c:\documents and settings\Guest.ERIC\Local Settings\Application Data\{C94FCD73-2E12-4932-97BF-3BE7F2183017}\install.rdf
c:\documents and settings\HP_Administrator\Recent\Thumbs.db
c:\hp\bin\cloaker.exe
c:\windows\system32\_000018_.tmp.dll
c:\windows\system32\18467.exe
c:\windows\system32\6334.exe
D:\Autorun.inf

c:\windows\system32\drivers\cdrom.sys was missing
Restored copy from - c:\windows\ServicePackFiles\i386\cdrom.sys

.
((((((((((((((((((((((((( Files Created from 2010-07-06 to 2010-08-06 )))))))))))))))))))))))))))))))
.

2010-08-06 00:26 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-08-06 00:26 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\dllcache\cdrom.sys
2010-08-06 00:16 . 2010-08-06 00:17 -------- d-----w- C:\32788R22FWJFW
2010-08-05 08:58 . 2010-08-05 23:58 -------- d-----w- C:\combo-fix
2010-08-04 05:32 . 2010-08-04 05:32 -------- d-----w- C:\_OTS
2010-08-03 03:08 . 2010-08-03 03:08 -------- d-----w- c:\program files\AML Products
2010-08-02 07:01 . 2010-08-02 07:01 503808 ----a-w- c:\documents and settings\Guest.ERIC\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-356705c1-n\msvcp71.dll
2010-08-02 07:01 . 2010-08-02 07:01 499712 ----a-w- c:\documents and settings\Guest.ERIC\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-356705c1-n\jmc.dll
2010-08-02 07:01 . 2010-08-02 07:01 348160 ----a-w- c:\documents and settings\Guest.ERIC\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-356705c1-n\msvcr71.dll
2010-08-02 07:01 . 2010-08-02 07:01 12800 ----a-w- c:\documents and settings\Guest.ERIC\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-68bf097c-n\decora-d3d.dll
2010-08-02 07:01 . 2010-08-02 07:01 61440 ----a-w- c:\documents and settings\Guest.ERIC\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-68bf097c-n\decora-sse.dll
2010-08-02 01:53 . 2010-08-02 01:53 -------- d-----w- c:\documents and settings\Guest.ERIC\Application Data\pandasecuritytb
2010-07-31 05:23 . 2010-07-31 05:23 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Canon
2010-07-30 17:47 . 2010-07-30 17:47 -------- d-----w- C:\found.000
2010-07-29 13:39 . 2010-07-29 13:39 323824 ----a-w- c:\documents and settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\Download\0x04015000\GlobalExe.exe
2010-07-27 09:20 . 2010-08-04 20:00 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\SurfSecret Privacy Suite
2010-07-27 09:19 . 2010-08-04 20:00 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\pandasecuritytb
2010-07-27 09:19 . 2010-07-27 09:19 264 ----a-w- c:\windows\system32\PSUNCpl.dat
2010-07-27 09:18 . 2010-07-27 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2010-07-27 05:56 . 2010-06-03 18:41 387904 ----a-w- c:\documents and settings\HP_Administrator\StubInstaller.exe
2010-07-21 09:44 . 2010-07-21 09:44 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe
2010-07-16 11:17 . 2010-07-16 11:17 -------- d-s---w- c:\documents and settings\LocalService\UserData
2010-07-09 08:56 . 2010-07-21 09:43 -------- d-----w- c:\program files\TuneUpMedia
2010-07-09 08:56 . 2010-08-04 08:15 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\TuneUpMedia
2010-07-09 08:55 . 2010-07-09 08:56 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUpMedia
2010-07-08 09:10 . 2010-07-08 09:10 278984 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-07-08 09:10 . 2010-07-08 09:10 25416 ----a-w- c:\windows\system32\drivers\lirsgt.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-04 20:00 . 2008-08-27 05:54 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-02 18:17 . 2006-06-18 04:13 -------- d-----w- c:\program files\Common Files\Java
2010-08-02 18:10 . 2006-06-18 04:13 -------- d-----w- c:\program files\Java
2010-07-30 22:44 . 2010-06-12 18:50 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\NeopleLauncherDFO
2010-07-30 22:41 . 2010-06-12 18:26 765952 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
2010-07-28 07:23 . 2008-07-27 23:44 -------- d-----w- c:\program files\Steam
2010-07-28 01:44 . 2006-06-18 04:44 97432 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-27 09:20 . 2009-12-06 22:55 -------- d-----w- c:\program files\Panda Security
2010-07-21 09:51 . 2007-08-13 01:11 -------- d-----w- c:\program files\iTunes
2010-07-21 09:50 . 2007-08-13 01:11 -------- d-----w- c:\program files\iPod
2010-07-21 09:50 . 2007-08-13 01:10 -------- d-----w- c:\program files\Common Files\Apple
2010-07-17 12:00 . 2010-04-24 09:58 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-12 04:42 . 2009-10-04 05:26 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Azureus
2010-07-12 04:42 . 2009-10-04 05:25 -------- d-----w- c:\program files\Vuze
2010-07-09 08:30 . 2009-12-06 23:19 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\FrostWire
2010-07-04 21:55 . 2006-06-18 04:44 -------- d-----w- c:\program files\music_now
2010-07-04 21:55 . 2007-10-20 20:03 -------- d-----w- c:\program files\mIRC
2010-07-04 13:32 . 2007-12-09 01:33 -------- d-----w- c:\program files\Cheat Engine
2010-07-04 03:25 . 2010-07-04 03:25 -------- d-----w- c:\program files\Bonjour
2010-06-29 22:20 . 2010-06-22 21:23 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-06-29 21:52 . 2010-06-23 04:43 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-06-28 07:57 . 2010-06-28 07:57 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-06-23 23:11 . 2010-06-23 20:20 -------- d-----w- c:\program files\7-Zip
2010-06-23 05:07 . 2010-06-23 04:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-06-23 04:43 . 2010-06-23 04:43 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-06-23 00:58 . 2008-06-18 03:26 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-22 20:47 . 2010-07-10 07:02 267920 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2010-06-22 18:27 . 2010-06-21 11:32 -------- d-----w- c:\program files\UnHackMe
2010-06-22 10:00 . 2010-06-22 10:00 -------- d-----w- c:\program files\Loaris
2010-06-22 08:44 . 2010-02-11 03:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-21 11:32 . 2010-06-21 11:32 2 --shatr- c:\windows\winstart.bat
2010-06-13 20:23 . 2010-06-12 18:26 401408 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll
2010-06-13 20:23 . 2010-06-12 18:26 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll
2010-06-13 20:23 . 2010-06-12 18:26 126976 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll
2010-06-13 20:23 . 2010-06-12 18:26 172032 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe
2010-06-13 20:23 . 2009-10-09 23:46 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-06-13 20:16 . 2010-06-12 18:26 98304 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
2010-06-12 19:33 . 2007-06-22 03:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-12 18:26 . 2010-06-12 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\NexonUS
2010-05-28 01:39 . 2010-05-28 01:39 141384 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
2010-05-25 05:50 . 2010-05-25 05:50 503808 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1a1c01ba-n\msvcp71.dll
2010-05-25 05:50 . 2010-05-25 05:50 499712 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1a1c01ba-n\jmc.dll
2010-05-25 05:50 . 2010-05-25 05:50 348160 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1a1c01ba-n\msvcr71.dll
2010-05-25 05:49 . 2010-05-25 05:49 61440 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6668f10a-n\decora-sse.dll
2010-05-25 05:49 . 2010-05-25 05:49 12800 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6668f10a-n\decora-d3d.dll
2010-05-19 19:43 . 2010-05-19 19:43 73216 ----a-w- c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\l0147c9a.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency3.6.dll
2010-05-19 19:43 . 2010-05-19 19:43 73216 ----a-w- c:\documents and settings\Guest.ERIC\Application Data\Mozilla\Firefox\Profiles\6mxhf3j3.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency3.6.dll
2010-05-19 19:43 . 2010-05-19 19:43 73216 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\8ht0b132.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency3.6.dll
2010-05-19 19:43 . 2010-05-19 19:43 73216 ----a-w- c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\l0147c9a.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency3.5.dll
2010-05-19 19:43 . 2010-05-19 19:43 73216 ----a-w- c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\l0147c9a.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency.dll
2010-05-19 19:43 . 2010-05-19 19:43 73216 ----a-w- c:\documents and settings\Guest.ERIC\Application Data\Mozilla\Firefox\Profiles\6mxhf3j3.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency3.5.dll
2010-05-19 19:43 . 2010-05-19 19:43 73216 ----a-w- c:\documents and settings\Guest.ERIC\Application Data\Mozilla\Firefox\Profiles\6mxhf3j3.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency.dll
2010-05-19 19:43 . 2010-05-19 19:43 73216 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\8ht0b132.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency3.5.dll
2010-05-19 19:43 . 2010-05-19 19:43 73216 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\8ht0b132.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency.dll
2010-05-18 23:35 . 2010-05-18 23:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 23:35 . 2010-05-18 23:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-12 17:58 . 2010-05-12 17:58 110920 ----a-w- c:\windows\system32\drivers\PSINProt.sys
2008-01-29 07:31 . 2008-01-29 07:31 122368 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2010-06-15 13:46 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2010-06-15 86696]

[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-05-14 22:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-05-14 22:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2010-01-22 200280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-09 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-09 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-09 59392]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-09 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-09 44032]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-06-18 180269]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13670504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-04 110696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-05-14 406848]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"XobniService"=2 (0x2)
"LiveUpdate"=3 (0x3)
"avg9wd"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Steam\\steamapps\\crucifix676\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Darkeden\\darkeden.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\ooVoo\\ooVoo.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58170:TCP"= 58170:TCP:Pando Media Booster
"58170:UDP"= 58170:UDP:Pando Media Booster
"57906:TCP"= 57906:TCP:Pando Media Booster
"57906:UDP"= 57906:UDP:Pando Media Booster
"8370:TCP"= 8370:TCP:League of Legends Launcher
"8370:UDP"= 8370:UDP:League of Legends Launcher
"8372:TCP"= 8372:TCP:League of Legends Launcher
"8372:UDP"= 8372:UDP:League of Legends Launcher
"8373:TCP"= 8373:TCP:League of Legends Launcher
"8373:UDP"= 8373:UDP:League of Legends Launcher
"8374:TCP"= 8374:TCP:League of Legends Launcher
"8374:UDP"= 8374:UDP:League of Legends Launcher
"8375:TCP"= 8375:TCP:League of Legends Launcher
"8375:UDP"= 8375:UDP:League of Legends Launcher
"8376:TCP"= 8376:TCP:League of Legends Launcher
"8376:UDP"= 8376:UDP:League of Legends Launcher
"6968:TCP"= 6968:TCP:League of Legends Launcher
"6968:UDP"= 6968:UDP:League of Legends Launcher
"8377:TCP"= 8377:TCP:League of Legends Launcher
"8377:UDP"= 8377:UDP:League of Legends Launcher
"6902:TCP"= 6902:TCP:League of Legends Launcher
"6902:UDP"= 6902:UDP:League of Legends Launcher
"6937:TCP"= 6937:TCP:League of Legends Launcher
"6937:UDP"= 6937:UDP:League of Legends Launcher
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"58193:TCP"= 58193:TCP:Pando Media Booster
"58193:UDP"= 58193:UDP:Pando Media Booster
"8371:TCP"= 8371:TCP:League of Legends Launcher
"8371:UDP"= 8371:UDP:League of Legends Launcher
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
"6988:TCP"= 6988:TCP:League of Legends Launcher
"6988:UDP"= 6988:UDP:League of Legends Launcher
"6972:TCP"= 6972:TCP:League of Legends Launcher
"6972:UDP"= 6972:UDP:League of Legends Launcher
"8379:TCP"= 8379:TCP:League of Legends Launcher
"8379:UDP"= 8379:UDP:League of Legends Launcher
"6915:TCP"= 6915:TCP:League of Legends Launcher
"6915:UDP"= 6915:UDP:League of Legends Launcher
"6948:TCP"= 6948:TCP:League of Legends Launcher
"6948:UDP"= 6948:UDP:League of Legends Launcher
"6944:TCP"= 6944:TCP:League of Legends Launcher
"6944:UDP"= 6944:UDP:League of Legends Launcher
"6976:TCP"= 6976:TCP:League of Legends Launcher
"6976:UDP"= 6976:UDP:League of Legends Launcher
"6954:TCP"= 6954:TCP:League of Legends Launcher
"6954:UDP"= 6954:UDP:League of Legends Launcher

R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [5/4/2010 8:36 AM 129928]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [10/3/2009 10:25 PM 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [10/3/2009 10:25 PM 234888]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [4/30/2010 1:47 PM 136448]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [5/27/2010 6:39 PM 141384]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [4/30/2010 1:46 PM 97032]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [4/30/2010 1:46 PM 111624]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [5/12/2010 10:58 AM 110920]
S3 Normandy;Normandy SR2; [x]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/18/2009 12:05 AM 717296]
S4 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [5/6/2009 6:21 PM 46824]
.
Contents of the 'Scheduled Tasks' folder

2010-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2239381086-1206112939-3159093799-1008Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-07 02:05]

2010-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2239381086-1206112939-3159093799-1008UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-07 02:05]

2010-07-12 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-05-16 23:48]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = ;*.local
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7x8fv31u.default\
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npitunes.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-SetDefaultPrinter - c:\hp\bin\cloaker.exe
HKLM-Run-RBreset - c:\hp\bin\cloaker.exe
HKLM-Run-PMLreset - c:\hp\bin\cloaker.exe
HKLM-Run-HPSUreset - c:\hp\bin\cloaker.exe
HKLM-Run-Mqoganapiqifep - c:\windows\iwufazeqeq.dll
MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-08-05 17:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-08-05 17:28:58
ComboFix-quarantined-files.txt 2010-08-06 00:28

Pre-Run: 43,506,180,096 bytes free
Post-Run: 45,069,549,568 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=,1,2,3,4
- - End Of File - - FB9F6B1F640FEB4C46E7E4E47B7ECE63

crucifix676
Novice
Novice

Status :
Online
Offline

Posts : 49
Joined : 2010-06-22
OS : Windows XP

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on Sat Aug 07, 2010 12:27 am

Please download [You must be registered and logged in to see this link.] and install it. If you already have it, no need to reinstall.

Then, download [You must be registered and logged in to see this link.] and save the setup to your Desktop.

  • Right-click on the RootkitUnhooker setup and mouse-over 7-Zip then click Extract to "RKU***"
  • Once that is done, enter the folder, and double-click on the setup file. Navigate through setup and finish.
  • Once that is done, you will see another folder that was created inside the RKU folder. Enter that folder, and double-click on the randomly named file. (It will be alpha-numeric and have an EXE extension on it.)
  • It will initialize itself and load the scanner. It will also install its driver. Please wait for the interface to begin.
  • Once inside the interface, do not fix anything. Click on the Report tab.
  • Next, click on the Scan button and a popup will show. Make sure all are checked, then click on OK. It will begin scanning. When it gets to the Files tab, it will ask you what drives to scan. Just select C:\ and hit OK.
  • It will finish in about 5 minutes or a little longer depending on how badly infected the system is, or if your security software is enabled.
  • When finished, it will show the report in the Report tab. Please copy all of it, and post it in your next reply. Depending on how large the log is, you may have to use two or three posts to get all the information in.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on Sun Aug 08, 2010 9:52 am

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>SSDT State
==============================================
ntkrnlpa.exe-->NtCreateKey, Type: Address change 0x806237C8-->F72870E0 [sple.sys]
ntkrnlpa.exe-->NtEnumerateKey, Type: Address change 0x80624014-->F72A5CA2 [sple.sys]
ntkrnlpa.exe-->NtEnumerateValueKey, Type: Address change 0x8062427E-->F72A6030 [sple.sys]
ntkrnlpa.exe-->NtOpenKey, Type: Address change 0x80624BA6-->F72870C0 [sple.sys]
ntkrnlpa.exe-->NtQueryKey, Type: Address change 0x80624EE8-->F72A6108 [sple.sys]
ntkrnlpa.exe-->NtQueryValueKey, Type: Address change 0x806219EC-->F72A5F88 [sple.sys]
ntkrnlpa.exe-->NtSetValueKey, Type: Address change 0x80621D3A-->F72A619A [sple.sys]
ntkrnlpa.exe-->NtTerminateProcess, Type: Address change 0x805D2982-->A84A6416 [C:\WINDOWS\system32\DRIVERS\PSINProc.sys]
==============================================
>Shadow
==============================================
==============================================
>Processes
==============================================
0x8B4B3660 [4] System
0x8AE3B858 [204] C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation, Media Center Scheduler Service)
0x8AE5CDA0 [304] C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc., Java(TM) Quick Starter Service)
0x8A16CDA0 [352] C:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
0x8A344470 [628] C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company, -)
0x89E10DA0 [720] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation, GrooveMonitor Utility)
0x8A5146E8 [780] C:\WINDOWS\system32\smss.exe (Microsoft Corporation, Windows NT Session Manager)
0x89FF4020 [840] C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation, Machine Debug Manager)
0x8AD3C640 [844] C:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x8AD382C8 [868] C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x8A5626E8 [916] C:\WINDOWS\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x8A5246E8 [928] C:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x89E03DA0 [1036] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc., iTunesHelper)
0x8A8AF788 [1140] C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation, NVIDIA Driver Helper Service, Version 197.45)
0x8A86B788 [1172] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x89FF1020 [1180] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L., Application Host Service)
0x8A8DC788 [1224] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A7DE788 [1320] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x89FF0820 [1340] C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc., PsiService PsiService)
0x89FE9DA0 [1420] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A798788 [1444] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A7DC788 [1600] C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x8A82D788 [1756] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8AED1D38 [1784] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc., Apple Mobile Device Service)
0x8AF0A8A8 [1796] C:\WINDOWS\arservice.exe (Microsoft, ARSVC Application)
0x8AD1F880 [1872] C:\Program Files\AskBarDis\bar\bin\AskService.exe
0x8AD276B0 [1888] C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
0x8AD37620 [1904] C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation, Automatic LiveUpdate Scheduler Service)
0x8AC61670 [1976] C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc., Bonjour Service)
0x8AC6B758 [2020] C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation, Media Center Receiver Service)
0x89EA8AB8 [2500] C:\WINDOWS\system32\dllhost.exe (Microsoft Corporation, COM Surrogate)
0x89E51BA8 [2636] C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation, Plugin Container for Firefox)
0x89FD14B0 [2756] C:\WINDOWS\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
0x8B0982A8 [2856] C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation, Firefox)
0x89DE6B28 [3004] C:\Program Files\iPod\bin\iPodService.exe (Apple Inc., iPodService Module (32-bit))
0x8A166DA0 [3028] C:\Documents and Settings\HP_Administrator\Desktop\RkU3.8.388.590\MustBeRandomlyNamed\mnhJHfGkEA7.exe (UG North, RKULE, SR2 Normandy)
0x8A0D9DA0 [3124] C:\hp\KBD\kbd.exe (Hewlett-Packard Company, KBD EXE)
0x89E08B98 [3180] C:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company, hpsysdrv)
0x89CD26D0 [3200] C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation, Windows Security Center Notification App)
0x8B09E5C8 [3264] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation, Media Center Tray Applet)
0x89E4D4D0 [3292] C:\WINDOWS\arpwrmsg.exe (Microsoft, ARPowerMessage Application)
0x89E09688 [3308] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation, IPoint.exe)
0x8B07D4D0 [3416] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp., Realtek HD Audio Control Panel)
0x89E48508 [3588] C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation, Run a DLL as an App)
0x89D57340 [3636] C:\WINDOWS\ehome\ehmsas.exe (Microsoft Corporation, Media Center Media Status Aggregator Service)
0x8A44D768 [3672] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L., Panda Cloud Antivirus)
0x89E477A0 [3696] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc., Java(TM) Update Scheduler)
0x89E39598 [3752] C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe (IObit, Smart RAM)
0x89DED728 [3868] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation, CTF Loader)
0x89DECB28 [4032] C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P., HP Digital Imaging Monitor)
==============================================
>Drivers
==============================================
0xF58D1000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 10235904 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 197.45 )
0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 6434816 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 197.45 )
0xB743D000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 5206016 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF7286000 PCI_PNP2752 1048576 bytes
0xF7286000 sple.sys 1048576 bytes
0xF7286000 sptd 1048576 bytes
0xF5710000 C:\WINDOWS\system32\DRIVERS\HSX_DP.sys 1011712 bytes (Conexant Systems, Inc., HSF_DP driver)
0xF7115000 iaStor.sys 872448 bytes (Intel Corporation, Intel Matrix Storage Manager driver)
0xF565A000 C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys 745472 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF6FBF000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA87B6000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xA8730000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 393216 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xF54C4000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA88BA000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA81CD000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xF55E7000 C:\WINDOWS\system32\DRIVERS\NVNRM.SYS 307200 bytes (NVIDIA Corporation, NVIDIA Network Resource Manager.)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xF5807000 C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys 282624 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0xA82B5000 C:\WINDOWS\system32\DRIVERS\atksgt.sys 274432 bytes
0xF70BA000 ftsata2.sys 274432 bytes (Promise Technology, Inc., Promise Driver for Windows Server 2003)
0xA824C000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF55B0000 C:\WINDOWS\system32\DRIVERS\NVSNPU.SYS 225280 bytes (NVIDIA Corporation, NVIDIA Networking Soft-NPU Driver.)
0xF557A000 C:\WINDOWS\System32\Drivers\ar6nzcky.SYS 221184 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF5522000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF7240000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA8383000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF6F92000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA2671000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA8845000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF584C000 C:\WINDOWS\system32\DRIVERS\hcwPP2.sys 172032 bytes (Hauppauge Computer Works, Inc., WinTV PVR PCI II (v2) WDM Video Capture)
0xF5632000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA8892000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF71EA000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xA8790000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF7095000 nvgts.sys 151552 bytes (NVIDIA Corporation, NVIDIA® nForce(TM) Sata Performance Driver)
0xA870C000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xA8946000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF5899000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF5876000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA8870000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xA84EB000 C:\WINDOWS\system32\DRIVERS\PSINAflt.sys 135168 bytes (Panda Security, S.L., PSINAflt Filter Driver for XP32)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7075000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7210000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xA8826000 C:\WINDOWS\system32\DRIVERS\psinknc.sys 126976 bytes (Panda Security, S.L., PSINKNC Kernel Controller for XP32)
0xF6F78000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xA84A0000 C:\WINDOWS\system32\DRIVERS\PSINProc.sys 106496 bytes (Panda Security, S.L., PSINProc Filter Driver for XP32)
0xA84D1000 C:\WINDOWS\system32\DRIVERS\PSINProt.sys 106496 bytes (Panda Security, S.L., PSINProt for XP32)
0xF70FD000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF726E000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF704C000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF5563000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA84BA000 C:\WINDOWS\system32\DRIVERS\PSINFile.sys 94208 bytes (Panda Security, S.L., PSINFile Filter Driver for XP32)
0xA836E000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF58BD000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA8913000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7063000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF722F000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF5552000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xA994F000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF76B7000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7537000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF7487000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xA998F000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xA9E34000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF76C7000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB71B1000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF7657000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7497000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF7697000 C:\WINDOWS\system32\DRIVERS\AmdK8.sys 57344 bytes (Advanced Micro Devices, AMD Processor Driver)
0xF74E7000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF76D7000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF76E7000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF74C7000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF7507000 PxHelp20.sys 49152 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF7547000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xA99AF000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF76A7000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF74B7000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF76F7000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF74A7000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF62D4000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7567000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF74F7000 bb-run.sys 36864 bytes (Promise Technology, Inc., Promise Disk Accelerator)
0xF74D7000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xA995F000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF7557000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xA99CF000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA270C000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xEFB4B000 C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 36864 bytes (NVIDIA Corporation, NVIDIA Networking Function Driver.)
0xA999F000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF77EF000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF77A7000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xEF47C000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF77DF000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7877000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7707000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xAC0F9000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xF7797000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF77E7000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF7857000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF788F000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF771F000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF77BF000 C:\WINDOWS\system32\DRIVERS\arhidfltr.sys 20480 bytes (Microsoft Corporation, Microsoft AR HID Filter Driver (Beta 2 Release 2))
0xA91AD000 C:\WINDOWS\system32\DRIVERS\lirsgt.sys 20480 bytes
0xF77B7000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF784F000 C:\WINDOWS\system32\DRIVERS\PS2.sys 20480 bytes (Hewlett-Packard Company, PS2 SYS)
0xF7867000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7887000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF785F000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF77D7000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xF77F7000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xA823C000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface DRIVER)
0xF792F000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xABA3A000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF797F000 C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 16384 bytes (NVIDIA Corporation, NVIDIA Networking Bus Driver.)
0xA7C01000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xF6F48000 C:\WINDOWS\system32\DRIVERS\arpolicy.sys 12288 bytes (Microsoft Corporation, Microsoft AR Policy Driver (Beta 2 Release 2))
0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xAC394000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xAC390000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB3B02000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF6F44000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7943000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7963000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF79DD000 C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys 8192 bytes (Microsoft Corporation, Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2))
0xAA7BA000 C:\WINDOWS\system32\DRIVERS\armoucfltr.sys 8192 bytes (Microsoft Corporation, Microsoft AR PS/2 Mouse Filter Driver (Beta 2 Release 2))
0xAA7C0000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF798F000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xAA7C2000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF798D000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xAA7BE000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF79F3000 C:\WINDOWS\system32\drivers\MSPQM.sys 8192 bytes (Microsoft Corporation, MS Proxy Quality Manager)
0xAA7BC000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF79DF000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF79F5000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF798B000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7989000 C:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7BB8000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xA89B1000 C:\WINDOWS\System32\Drivers\BANTExt.sys 4096 bytes
0xA89B4000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xA8F54000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8B4C51F8 unknown_irp_handler 3592 bytes
0x8AFD51F8 unknown_irp_handler 3592 bytes
0x8AFA81F8 unknown_irp_handler 3592 bytes
0x8B4C81F8 unknown_irp_handler 3592 bytes
0x8B03B1F8 unknown_irp_handler 3592 bytes
0x8B4591F8 unknown_irp_handler 3592 bytes
0x8B4C61F8 unknown_irp_handler 3592 bytes
0x8AF031F8 unknown_irp_handler 3592 bytes
0x8AFE11F8 unknown_irp_handler 3592 bytes
0x8ADFE378 unknown_irp_handler 3208 bytes
0x8A40E500 unknown_irp_handler 2816 bytes
0x8AF3F500 unknown_irp_handler 2816 bytes
0x8A3FE500 unknown_irp_handler 2816 bytes
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0002D848, Type: Inline - RelativeCall 0x80504848-->F4F72A61 [unknown_code_page]
ntkrnlpa.exe+0x0006ECAE, Type: Inline - RelativeJump 0x80545CAE-->80545CB5 [ntkrnlpa.exe]
[2636]plugin-container.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x7E46531E-->00000000 [xul.dll]
[2856]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [firefox.exe]
[352]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[352]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[352]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[352]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[352]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[352]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x771B1248-->00000000 [shimeng.dll]
[352]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

crucifix676
Novice
Novice

Status :
Online
Offline

Posts : 49
Joined : 2010-06-22
OS : Windows XP

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on Sun Aug 08, 2010 7:25 pm

Still redirects?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on Tue Aug 10, 2010 6:48 am

Actually, I think the redirects are no finally gone! Thanks a lot!

Though my browsers are taking a long time load and javascripts are not responding...don't know if you know anything about it, but either way, I really appreciate the help! Thank you very much!

crucifix676
Novice
Novice

Status :
Online
Offline

Posts : 49
Joined : 2010-06-22
OS : Windows XP

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on Tue Aug 10, 2010 7:08 pm

Which browser(s)?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on Tue Aug 10, 2010 9:34 pm

Most of my browsers: Firefox, IE, Google Chrome

crucifix676
Novice
Novice

Status :
Online
Offline

Posts : 49
Joined : 2010-06-22
OS : Windows XP

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on Wed Aug 11, 2010 5:41 am

Please do this and see if it helps:

Download [You must be registered and logged in to see this link.] to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on Wed Aug 18, 2010 6:09 am

Still with us? Please let me know how things are going!


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13712
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Page 2 of 2 Previous  1, 2

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum