TechSpot

Hijacked browser, ie script errors, unwanted audio - help

Solved
By Tony R
Apr 20, 2011
  1. Tony R

    Tony R TS Rookie Topic Starter Posts: 45

    RKUnhooked.txt

    RkU Version: 3.8.388.590, Type LE (SR2)
    ==============================================
    OS Name: Windows XP
    Version 5.1.2600 (Service Pack 3)
    Number of processors #4
    ==============================================
    >Drivers
    ==============================================
    0xB92AE000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 6807552 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 162.18 )
    0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 5693440 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 162.18 )
    0xB5A36000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4227072 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
    0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
    0x804D7000 PnpManager 2150400 bytes
    0x804D7000 RAW 2150400 bytes
    0x804D7000 WMIxWDM 2150400 bytes
    0xBF800000 Win32k 1859584 bytes
    0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
    0xB9E07000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
    0xB91BA000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 544768 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
    0xB5602000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
    0xB5764000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
    0xB56F5000 C:\WINDOWS\system32\DRIVERS\WN111v2.sys 454656 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)
    0xB8FBA000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
    0xB590F000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
    0xB4C91000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
    0xB9147000 C:\WINDOWS\system32\DRIVERS\NVNRM.SYS 307200 bytes (NVIDIA Corporation, NVIDIA Network Resource Manager.)
    0xBF580000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
    0xB3E59000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
    0xB9110000 C:\WINDOWS\system32\DRIVERS\NVSNPU.SYS 225280 bytes (NVIDIA Corporation, NVIDIA Networking Soft-NPU Driver.)
    0xB9018000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
    0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
    0xB4EF1000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
    0xB9DDA000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
    0xB57D4000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
    0xB9192000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
    0xB58C1000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
    0xB599B000 C:\WINDOWS\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
    0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
    0xB58E9000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
    0xB2545000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
    0xB5A12000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
    0xB9262000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
    0xB923F000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
    0xB471E000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))
    0xB589F000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
    0x806E4000 ACPI_HAL 134400 bytes
    0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
    0xB9ED3000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
    0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
    0xB9DC0000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
    0xB9F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
    0xB5254000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 98304 bytes (Sonic Solutions, Drive Letter Access Component)
    0xB55C2000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
    0xB9EF3000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
    0xB9E94000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
    0xB90F9000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
    0xB526C000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
    0xB523E000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
    0xB9EAB000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
    0xB4709000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
    0xB9286000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
    0xB929A000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
    0xB5968000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
    0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
    0xB9EC1000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
    0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
    0xB9048000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
    0xB90C9000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
    0xBA2F8000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
    0xBA318000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
    0xBA0B8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
    0xBA2D8000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
    0xBA258000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
    0xBA1F8000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
    0xBA158000 C:\WINDOWS\system32\DRIVERS\jswscimd.sys 61440 bytes (Atheros Communications, Inc., Wireless Intermediate Miniport Driver)
    0xBA308000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
    0xB47B9000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
    0xBA208000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
    0xBA1B8000 C:\WINDOWS\system32\DRIVERS\wsimd.sys 61440 bytes (Atheros Communications, Inc., Wireless Intermediate Miniport Driver)
    0xBA0C8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
    0xBA118000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
    0xBA2A8000 C:\WINDOWS\system32\DRIVERS\HPZid412.sys 53248 bytes (HP, IEEE-1284.4-1999 Driver (Windows 2000))
    0xBA168000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
    0xBA0E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
    0xBA288000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
    0xBA188000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
    0xBA268000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
    0xBA2E8000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
    0xBA0F8000 jraid.sys 45056 bytes (JMicron Technology Corp., JMicron JMB36X RAID Driver)
    0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
    0xBA178000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
    0xBA2B8000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 40960 bytes (Sonic Solutions, Device Driver Manager)
    0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
    0xBA1C8000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
    0xBA1A8000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
    0xBA108000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
    0xBA278000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
    0xBA2C8000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
    0xBA198000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
    0xBA248000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
    0xB24C5000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
    0xBA128000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
    0xBA238000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
    0xBA3B0000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
    0xBA3B8000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
    0xBA458000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
    0xBA4A8000 C:\WINDOWS\system32\ANIO.SYS 28672 bytes (Alpha Networks Inc., ANIO (NT5) Driver )
    0xBA410000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Sonic Solutions, Drive Letter Access Component)
    0xBA448000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
    0xBA398000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
    0xBA3D8000 C:\WINDOWS\system32\DRIVERS\NuidFltr.sys 28672 bytes (Microsoft Corporation, Filter Driver for Microsoft Hardware HID Non-User Input Data)
    0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
    0xBA3D0000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
    0xBA350000 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS 24576 bytes (Sonic Solutions, Shared Driver Component)
    0xBA3C0000 C:\WINDOWS\system32\DRIVERS\HPZius12.sys 24576 bytes (HP, 1284.4<->Usb Datalink Driver (Windows 2000))
    0xBA478000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
    0xBA480000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
    0xBA400000 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F7F131B0-7188-48DD-85E3-62A0D87731C0}\MpKsleb9766a1.sys 24576 bytes (Microsoft Corporation, KSLDriver)
    0xBA3E0000 C:\WINDOWS\system32\DRIVERS\point32.sys 24576 bytes (Microsoft Corporation, Point32.sys)
    0xBA438000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)
    0xBA3A0000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
    0xBA488000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
    0xBA3C8000 C:\WINDOWS\system32\drivers\HPPLSGEN.SYS 20480 bytes (Hewlett Packard, HPPLSBULK Support Driver)
    0xBA3A8000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
    0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
    0xBA468000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
    0xBA470000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
    0xBA460000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
    0xBA450000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
    0xBA3E8000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
    0xB530A000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 16384 bytes (Sonic Solutions, Drive Letter Access Component)
    0xB3C15000 C:\WINDOWS\system32\DNINDIS5.SYS 16384 bytes (Printing Communications Assoc., Inc. (PCAUSA), PCAUSA NDIS 5.0 Protocol Driver)
    0xB45B3000 C:\PROGRA~1\WIRELE~1\GTNDIS5.SYS 16384 bytes (Printing Communications Assoc., Inc. (PCAUSA), PCAUSA NDIS 5.0 Protocol Driver)
    0xB59DA000 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 16384 bytes (HP, IEEE-1284.4-1999 Print Class Driver)
    0xB59EA000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
    0xBA5A0000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
    0xB529A000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
    0xBA580000 C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 16384 bytes (NVIDIA Corporation, NVIDIA Networking Bus Driver.)
    0xBA578000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
    0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
    0xB59DE000 C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys 12288 bytes (Microsoft Corporation, One Cool Transport)
    0xBA568000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
    0xB5A0A000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
    0xB5A06000 C:\WINDOWS\system32\drivers\hpplsbulk.sys 12288 bytes (Hewlett Packard, hpplsbulk.sys)
    0xB59E6000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
    0xBA588000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
    0xB8FA6000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
    0xB8F92000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
    0xBA5D2000 C:\WINDOWS\system32\DRIVERS\ASACPI.sys 8192 bytes (-, ATK0110 ACPI Utility)
    0xBA60C000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
    0xBA5D0000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Sonic Solutions, Shared Driver Component)
    0xBA63A000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Sonic Solutions, Drive Letter Access Component)
    0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
    0xBA618000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
    0xBA60A000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
    0xBA5AE000 JGOGO.sys 8192 bytes (JMicron , SCSI Port upper filter driver)
    0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
    0xBA60E000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
    0xBA5C6000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
    0xBA610000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
    0xBA5D4000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
    0xBA5D8000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
    0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
    0xBA71B000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
    0xBA7CA000 C:\WINDOWS\System32\Drivers\BANTExt.sys 4096 bytes
    0xBA75F000 C:\WINDOWS\System32\DLA\DLADResN.SYS 4096 bytes (Sonic Solutions, Drive Letter Access Component)
    0xBA789000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
    0xBA7BC000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
    0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
    ==============================================
    >Stealth
    ==============================================
    0x03E70000 Hidden Image-->Tanagra.DataClad.dll [ EPROCESS 0x89588590 ] PID: 3000, 1077248 bytes
    0x053F0000 Hidden Image-->System.ServiceProcess.dll [ EPROCESS 0x89AC8730 ] PID: 508, 126976 bytes
    0x05790000 Hidden Image-->Tanagra.BMU.dll [ EPROCESS 0x89588590 ] PID: 3000, 1413120 bytes
    0x03950000 Hidden Image-->System.XML.dll [ EPROCESS 0x89AC8730 ] PID: 508, 2060288 bytes
    0x044D0000 Hidden Image-->System.EnterpriseServices.dll [ EPROCESS 0x89AC8730 ] PID: 508, 266240 bytes
    0x04260000 Hidden Image-->System.Transactions.dll [ EPROCESS 0x89AC8730 ] PID: 508, 270336 bytes
    0x00F80000 Hidden Image-->log4net.dll [ EPROCESS 0x89AC8730 ] PID: 508, 282624 bytes
    0x05BD0000 Hidden Image-->Tanagra.Third-party.Security.dll [ EPROCESS 0x89588590 ] PID: 3000, 28672 bytes
    0x03F30000 Hidden Image-->System.Data.dll [ EPROCESS 0x89AC8730 ] PID: 508, 2961408 bytes
    0x05050000 Hidden Image-->System.Data.dll [ EPROCESS 0x89588590 ] PID: 3000, 2961408 bytes
    0x04B70000 Hidden Image-->Tanagra.DataClad.DataAccess.dll [ EPROCESS 0x89588590 ] PID: 3000, 299008 bytes
    0x04A20000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x89AC8730 ] PID: 508, 307200 bytes
    0x03330000 Hidden Image-->System.dll [ EPROCESS 0x89AC8730 ] PID: 508, 3190784 bytes
    0x009F0000 Hidden Image-->MemeoRemoteCore.dll [ EPROCESS 0x89A3AB98 ] PID: 2108, 36864 bytes
    0x04A10000 Hidden Image-->XMLSettings.dll [ EPROCESS 0x89588590 ] PID: 3000, 36864 bytes
    0x05300000 Hidden Image-->Intuit.Spc.Map.WindowsFirewallUtilities.dll [ EPROCESS 0x89AC8730 ] PID: 508, 421888 bytes
    0x03170000 Hidden Image-->System.configuration.dll [ EPROCESS 0x89AC8730 ] PID: 508, 438272 bytes
    0x042D0000 Hidden Image-->Intuit.Spc.Map.Reporter.dll [ EPROCESS 0x89AC8730 ] PID: 508, 479232 bytes
    0x04C80000 Hidden Image-->System.Windows.Forms.dll [ EPROCESS 0x89AC8730 ] PID: 508, 5033984 bytes
    0x01690000 Hidden Image-->Tanagra.Interop.dll [ EPROCESS 0x89588590 ] PID: 3000, 61440 bytes
    0x051F0000 Hidden Image-->System.Drawing.dll [ EPROCESS 0x89AC8730 ] PID: 508, 634880 bytes
    0x049C0000 Hidden Image-->Memeo.API.dll [ EPROCESS 0x89588590 ] PID: 3000, 69632 bytes
    0x05B50000 Hidden Image-->Tanagra.BMU.Providers.HardDiskBackupProvider.dll [ EPROCESS 0x89588590 ] PID: 3000, 69632 bytes
    0x04E30000 Hidden Image-->SQLite.NET.dll [ EPROCESS 0x89588590 ] PID: 3000, 77824 bytes
    0x05B90000 Hidden Image-->Tanagra.BMU.Providers.FileCopyBackupProvider.dll [ EPROCESS 0x89588590 ] PID: 3000, 77824 bytes
    0x03E50000 Hidden Image-->System.Data.SQLite.DLL [ EPROCESS 0x89AC8730 ] PID: 508, 872448 bytes
    0x043C0000 Hidden Image-->Tanagra.Utility.dll [ EPROCESS 0x89588590 ] PID: 3000, 913408 bytes
     
  2. Broni

    Broni Malware Annihilator Posts: 48,020   +271

    Looks good :)

    How is computer doing?
     
  3. Tony R

    Tony R TS Rookie Topic Starter Posts: 45

    Computer status

    My hijacked browser looks like it's working properly. Haven't heard any sound recently. I still am not able to get to my favorites on the tool bar. I believe that is a seperate issue. I've asked for instructions from Microsoft tech department how to uninstall ar re-install the toolbars. Any suggestions? Thanks. Tony
     
  4. Broni

    Broni Malware Annihilator Posts: 48,020   +271

    Good news :)

    As for the other issues, I suggest, you start new topic in Windows forum.

    Now....last steps...

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    =====================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
  5. Tony R

    Tony R TS Rookie Topic Starter Posts: 45

    OTL txt

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: atr
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 15524 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: New Tony R
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Tony R
    ->Temp folder emptied: 896741 bytes
    ->Temporary Internet Files folder emptied: 26708110 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 42643 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 18797 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 1168 bytes

    Total Files Cleaned = 26.00 mb


    [EMPTYFLASH]

    User: All Users

    User: atr
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService

    User: New Tony R
    ->Flash cache emptied: 0 bytes

    User: Tony R
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.22.3 log created on 04232011_174811

    Files\Folders moved on Reboot...
    C:\Documents and Settings\Tony R\Local Settings\Temp\Google Toolbar\GoogleToolbarWelcome.log moved successfully.
    C:\Documents and Settings\Tony R\Local Settings\Temporary Internet Files\Content.IE5\TV1CJ9IN\partner[1].htm moved successfully.
    C:\Documents and Settings\Tony R\Local Settings\Temporary Internet Files\Content.IE5\MYTPIAZQ\topic164118-3[4].html moved successfully.
    C:\Documents and Settings\Tony R\Local Settings\Temporary Internet Files\Content.IE5\5LHF6IQS\sh39[2].html moved successfully.

    Registry entries deleted on Reboot...
     
  6. Tony R

    Tony R TS Rookie Topic Starter Posts: 45

    Help

    Followed all of your steps, everything is cleaned off the desktop. Installed new Adobe Reader 10.1, WOT, and secunia psi. Ran the secunia program and it listed the security situation on all of my programs. When install their solution for update, I clicked on it and it scanned, downloaded and install WIndows Secuity Updates. After successful installation it said I needed to reboot. Which I did. On start up it went to black screen "Start Windows Normally. Pressed enter, and it tried to boot but came back to that same screen.
    This happens time after time like a loop. Went to the Recovery Console and am awaiting instructions to boot this thing up. I will wait for you on this forum as I'm on a different computer.

    PS I tried booting from the reboot disk we downloaded earlier. Same result.
     
  7. Broni

    Broni Malware Annihilator Posts: 48,020   +271

    OTL created restore point.
    Restart computer and keep tapping F8 key until menu appears.
    Select "Last known good configuration".
     
  8. Tony R

    Tony R TS Rookie Topic Starter Posts: 45

    Tried that with same result
     
  9. Broni

    Broni Malware Annihilator Posts: 48,020   +271

    I didn't see this:
    Give me more details, please.
     
  10. Tony R

    Tony R TS Rookie Topic Starter Posts: 45

    I looped three times to Start Windows Normally, Then used last know configuration with the same result. Rebooted again in Safe Mode and ran BootKit from the CD. It started but ended up in the same loop as the others
     
  11. Broni

    Broni Malware Annihilator Posts: 48,020   +271

    Wait. Are you saying, you can boot to Safe Mode, no problem?
     
     
  12. Tony R

    Tony R TS Rookie Topic Starter Posts: 45

    Sorry for the delay forum switched pages. I never did try to actually boot in safe mode. just in last good configuration. Shall I try to boot in safe mode.
     
  13. Broni

    Broni Malware Annihilator Posts: 48,020   +271

    Give it a shot.
     
  14. Tony R

    Tony R TS Rookie Topic Starter Posts: 45

    Tried to boot in safe mode, and that just went into the Start Windows Normally loop. Every thirty seconds it loops back to Start Win.....
     
  15. Broni

    Broni Malware Annihilator Posts: 48,020   +271

    OK, at this point, your computer is clean, so it looks like some Windows update created your issue.

    Let's see, if we can use system restore from recovery console.
    You should have two restore points there.
    One created by OTL and another one created by Windows updates.

    1. Restart computer.

    2. When you reboot you will see an option to boot into the Recovery Console or the normal Windows installation.
    You have to use the up/down arrows to choose the Recovery Console. Then press Enter.

    3. You'll find yourself at this screen:

    [​IMG]

    4. Once you are at the Recovery Console you will be given at least one choice of Windows installations. Normally the choice you want is the number 1 choice. Click the number 1 key at the "top" of the keyboard and click enter.

    NOTE: at this point your numbers to the right of your keyboard are turned off. If you insist on using these keys for your numbers remember to hit the Numbers Lock key before clicking a number over there or your computer will automatically reboot and you will have to wait through the previous steps to get back to the console.

    5. You will be given a message asking for the administrator password. Unless someone or something has messed with your computer there is no password so you just click the Enter key.

    6. This will bring you to a prompt that says:

    C:\WINDOWS>

    7. Type:

    cd \

    Press Enter

    Note: between "cd" and "\" there should be a "blank space" otherwise the command won't work

    8. The prompt should now say:

    C:\>

    9. Type:

    cd system~1\_resto~1

    Press Enter.

    ===============================================================================

    Note: If it gives an error "Access Denied" while accessing the folder, follow the method below

    Type: cd \

    Press Enter

    Type: cd windows\system32\config

    Press Enter

    Type: ren system system.bak

    Press Enter

    (note the spaces between ren and system, and then between system and system.bak)

    Type: exit

    Press Enter

    now the computer should restart, then follow steps 1-9


    ===============================================================================

    10. Type:

    dir

    Press Enter

    NOTE: When you hit enter it will list all the restore points folders like "rp1", "rp2" we have to see the last restore point to copy the file from a recent backup. If the restore points have more than one page then you have keep on hitting the key to view the last restore point folder.

    NOTE: It is a good rule of thumb to choose the files from the restore point folder which the second to the last one.

    11. Type:

    cd rp{with the second to the last restore point number }

    Press Enter

    Example: cd rp9. if rp10 is the last restore point

    12. Type:

    cd snapshot

    Press Enter.

    NOTICE: Now the command prompt will look like this:

    c:\system~1\resto~1\rp9\snapshot

    Note : restore point 9 assumed for clarity of the content.


    13. Type:

    copy _registry_machine_system c:\windows\system32\config\system

    Press Enter

    14. Type:

    Exit

    Press Enter.

    Final note : If the above procedure won't solve the problem, repeat all steps, but in step 13 type:

    copy _registry_machine_software c:\windows\system32\config\software

    Alternatively, select different restore point.
     
  16. Tony R

    Tony R TS Rookie Topic Starter Posts: 45

    When I renamed system system.bak it said that the system.bak file already exists, and exit puts me back into the boot up loop.

    Would a hard boot make any difference
     
  17. Broni

    Broni Malware Annihilator Posts: 48,020   +271

    Rename it to system.old
    Any three letter extension will do.
     
  18. Tony R

    Tony R TS Rookie Topic Starter Posts: 45

    There are no restore points on the directory. Left the computer on windows\system32\config

    c:>dir no rp's there either
     
  19. Broni

    Broni Malware Annihilator Posts: 48,020   +271

    Do you have Windows XP CD?
     
  20. Tony R

    Tony R TS Rookie Topic Starter Posts: 45

    Yes I have an original w/ SP2
     
  21. Broni

    Broni Malware Annihilator Posts: 48,020   +271

  22. Tony R

    Tony R TS Rookie Topic Starter Posts: 45

    Windows XP repair

    Went through the steps on website: after I agree went to this;

    * To set up Windows XP on selected partition press Enter
    *To create parttion in unpartioned space press C
    *To delete selected partition Press D

    Highlights > C: Patritition1 many,many MB

    Pressed Enter

    Warning: Choosing to install Windows XP that contains O/S may cause other O/S to function improperly. This is not reccommended.

    Nowhere does it ask me if I want to repair like it says on the website.

    It says if no installations are found the repair option will not be given

    Edit: It says that this may happen if the partition is corrupted. If you install a new copy all data on partition will be lost
     
  23. Broni

    Broni Malware Annihilator Posts: 48,020   +271

    Please download OTLPE (filesize 120,9 MB)

    • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
    • Reboot your system using the boot CD you just created.
      • Note : If you do not know how to set your computer to boot from CD follow the steps HERE
    • Your system should now display a REATOGO-X-PE desktop.

    Using File Manger there, you'll be able to backup your data.

    Then, you can proceed with what you're doing before.
     
  24. Tony R

    Tony R TS Rookie Topic Starter Posts: 45

    Boot CD?

    What do I have to backup my data for?. And where do I back it up to? What type of data is it?
    I seem to be confused as to what we are trying accomplish. I know just about enough about computers to be dangerous.
    so bare with me.
     
  25. Broni

    Broni Malware Annihilator Posts: 48,020   +271

    I assume, you have some important files on your computer, you don't want to lose, in case Windows repair goes wrong?
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.