Jump to content

ect

Members
  • Posts

    6
  • Joined

  • Last visited

Everything posted by ect

  1. Hello, Things are running fine now--I haven't had any problems while following your instructions, and I haven't seen any more random IE windows popping up. I have pasted the logs you requested below. ESET found two infections. Thanks, Garrett ------------------------------------------------- EsetOnlineScanner ------------------------------------------------- ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=a13116c9d9458b4481b96fd2a453269b # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2010-08-29 05:52:10 # local_time=2010-08-29 10:52:10 (-0800, Pacific Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1797 16775141 100 94 0 55640161 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=120687 # found=2 # cleaned=0 # scan_time=3484 C:\Documents and Settings\Garrett\Application Data\Sun\Java\Deployment\cache\6.0\17\30c29111-6a388143 multiple threats 00000000000000000000000000000000 I C:\WINDOWS\system32\drivers\rdpcdd.sys Win32/Olmarik.ZC trojan 00000000000000000000000000000000 I -------------------------------------------------------- Security Check -------------------------------------------------------- Results of screen317's Security Check version 0.99.5 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! Avira AntiVir Personal - Free Antivirus ESET Online Scanner v3 Antivirus up to date! (On Access scanning disabled!) ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 21 Java 6 Update 3 Java 6 Update 5 Java 6 Update 7 Out of date Java installed! Adobe Flash Player Adobe Reader 8.1.5 Out of date Adobe Reader installed! ```````````````````````````````` Process Check: objlist.exe by Laurent Avira Antivir avgnt.exe Avira Antivir avguard.exe iolo common lib ioloServiceManager.exe ```````````````````````````````` DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) ``````````End of Log````````````
  2. I found a file called ComboFix2.txt in C:\Qoobox that looks like it's from my earlier scan. Posted below. -------------------------------------------------------------- ComboFix2.txt -------------------------------------------------------------- ComboFix 10-08-26.04 - Garrett 08/27/2010 13:34:22.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1327 [GMT -7:00] Running from: c:\documents and settings\Garrett\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: iolo AntiVirus
  3. Sorry about that--the first time I ran it I didn't have internet access. Here is the log from C:, although the date and time seems to be the same as the one I posted previously. Also, when Avira antvirus alerts me that it has found a virus/rootkit, should I choose the default action and deny access, or delete the file? Thanks, Garrett -------------------------------------------- ComboFix.txt -------------------------------------------- ComboFix 10-08-26.04 - Garrett 08/27/2010 21:54:10.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1347 [GMT -7:00] Running from: c:\documents and settings\Garrett\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: iolo AntiVirus
  4. Hello, I haven't seen any more search redirections. The ComboFix log is below. Thanks, Garrett ------------------------------------------ ComboFix log ------------------------------------------ ComboFix 10-08-26.04 - Garrett 08/27/2010 21:54:10.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1347 [GMT -7:00] Running from: c:\documents and settings\Garrett\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: iolo AntiVirus
  5. I ran TDSSKiller and MBRCheck. They both found some issues. I have posted the logs below. Thanks for your prompt response! Garrett ------------------------------------------ TDSSKiller ------------------------------------------ 2010/08/27 08:44:46.0781 TDSS rootkit removing tool 2.4.1.3 Aug 27 2010 08:53:42 2010/08/27 08:44:46.0781 ================================================================================ 2010/08/27 08:44:46.0781 SystemInfo: 2010/08/27 08:44:46.0781 2010/08/27 08:44:46.0781 OS Version: 5.1.2600 ServicePack: 3.0 2010/08/27 08:44:46.0781 Product type: Workstation 2010/08/27 08:44:46.0781 ComputerName: GARRETT-89A06AD 2010/08/27 08:44:46.0781 UserName: Garrett 2010/08/27 08:44:46.0781 Windows directory: C:\WINDOWS 2010/08/27 08:44:46.0781 System windows directory: C:\WINDOWS 2010/08/27 08:44:46.0781 Processor architecture: Intel x86 2010/08/27 08:44:46.0781 Number of processors: 2 2010/08/27 08:44:46.0781 Page size: 0x1000 2010/08/27 08:44:46.0781 Boot type: Normal boot 2010/08/27 08:44:46.0781 ================================================================================ 2010/08/27 08:44:47.0093 Initialize success 2010/08/27 08:45:01.0046 ================================================================================ 2010/08/27 08:45:01.0046 Scan started 2010/08/27 08:45:01.0046 Mode: Manual; 2010/08/27 08:45:01.0046 ================================================================================ 2010/08/27 08:45:02.0203 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2010/08/27 08:45:02.0296 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 2010/08/27 08:45:02.0453 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2010/08/27 08:45:02.0515 AegisP (a1ad1a4a9f18d900ca9c93fa3efdcb56) C:\WINDOWS\system32\DRIVERS\AegisP.sys 2010/08/27 08:45:02.0609 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2010/08/27 08:45:03.0093 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2010/08/27 08:45:03.0421 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2010/08/27 08:45:03.0468 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2010/08/27 08:45:03.0593 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2010/08/27 08:45:03.0671 ATMhelpr (3ef1db7f168851914517d4ed36b57c04) C:\WINDOWS\system32\drivers\ATMhelpr.sys 2010/08/27 08:45:03.0781 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2010/08/27 08:45:03.0890 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2010/08/27 08:45:04.0000 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 2010/08/27 08:45:04.0062 avipbb (452e382340bb0c5e694ed9d3625356d0) C:\WINDOWS\system32\DRIVERS\avipbb.sys 2010/08/27 08:45:04.0125 AX88772 (35c86dee8492d04ad9918329c4ecaf8a) C:\WINDOWS\system32\DRIVERS\ax88772.sys 2010/08/27 08:45:04.0203 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys 2010/08/27 08:45:04.0296 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2010/08/27 08:45:04.0468 btaudio (0f249be872f618aaba8d641e81aa3d21) C:\WINDOWS\system32\drivers\btaudio.sys 2010/08/27 08:45:04.0546 BTDriver (07f0a66cfa550b13ad0674ae09e3cba0) C:\WINDOWS\system32\DRIVERS\btport.sys 2010/08/27 08:45:04.0656 BTKRNL (ade37ab15c958f5db2f85431cca8763a) C:\WINDOWS\system32\DRIVERS\btkrnl.sys 2010/08/27 08:45:04.0796 BTWDNDIS (b1d350f3f13cf340fce93912d2ba1ebf) C:\WINDOWS\system32\DRIVERS\btwdndis.sys 2010/08/27 08:45:04.0906 btwhid (6beb0adaa3d2b80e6515eec5d03b7540) C:\WINDOWS\system32\DRIVERS\btwhid.sys 2010/08/27 08:45:04.0984 BTWUSB (a01fd9851406de0870c23759e2f7b6ea) C:\WINDOWS\system32\Drivers\btwusb.sys 2010/08/27 08:45:05.0062 CamFilter (727d84761f6890a9bdd5832661c0f3c5) C:\WINDOWS\system32\Drivers\CamFilter.sys 2010/08/27 08:45:05.0140 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2010/08/27 08:45:05.0250 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2010/08/27 08:45:05.0406 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2010/08/27 08:45:05.0484 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2010/08/27 08:45:05.0562 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2010/08/27 08:45:05.0718 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2010/08/27 08:45:05.0843 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2010/08/27 08:45:06.0203 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2010/08/27 08:45:06.0281 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2010/08/27 08:45:06.0390 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2010/08/27 08:45:06.0453 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2010/08/27 08:45:06.0531 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2010/08/27 08:45:06.0625 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys 2010/08/27 08:45:06.0734 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys 2010/08/27 08:45:06.0812 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys 2010/08/27 08:45:06.0953 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2010/08/27 08:45:07.0046 EMSC (553cff6cf3622de0d7fefdebe72a6395) C:\WINDOWS\system32\DRIVERS\EMSC.SYS 2010/08/27 08:45:07.0328 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2010/08/27 08:45:07.0562 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2010/08/27 08:45:07.0593 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2010/08/27 08:45:07.0640 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2010/08/27 08:45:07.0687 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2010/08/27 08:45:07.0734 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2010/08/27 08:45:07.0765 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2010/08/27 08:45:07.0828 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 2010/08/27 08:45:07.0859 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2010/08/27 08:45:07.0906 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys 2010/08/27 08:45:07.0968 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2010/08/27 08:45:08.0015 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2010/08/27 08:45:08.0125 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2010/08/27 08:45:08.0203 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2010/08/27 08:45:08.0234 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2010/08/27 08:45:08.0437 IntcAzAudAddService (a799e941c3d19bcf6f93cbe12b55bc17) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2010/08/27 08:45:08.0609 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2010/08/27 08:45:08.0656 iomdisk (75931ebd581b9f79010640f924085fd4) C:\WINDOWS\system32\DRIVERS\iomdisk.sys 2010/08/27 08:45:08.0765 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2010/08/27 08:45:08.0828 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2010/08/27 08:45:08.0906 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2010/08/27 08:45:08.0984 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2010/08/27 08:45:09.0046 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2010/08/27 08:45:09.0093 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2010/08/27 08:45:09.0203 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2010/08/27 08:45:09.0265 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2010/08/27 08:45:09.0328 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2010/08/27 08:45:09.0375 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2010/08/27 08:45:09.0468 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2010/08/27 08:45:09.0531 Ktp (69e35a38e573e12e2d20634233403d8d) C:\WINDOWS\system32\DRIVERS\Ktp.sys 2010/08/27 08:45:09.0796 MASPINT (a2ae666cee860babe7fa6f1662b71737) C:\WINDOWS\system32\drivers\MASPINT.sys 2010/08/27 08:45:09.0875 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2010/08/27 08:45:09.0968 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2010/08/27 08:45:10.0015 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2010/08/27 08:45:10.0109 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2010/08/27 08:45:10.0156 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2010/08/27 08:45:10.0296 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2010/08/27 08:45:10.0359 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2010/08/27 08:45:10.0453 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2010/08/27 08:45:10.0562 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2010/08/27 08:45:10.0593 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2010/08/27 08:45:10.0671 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2010/08/27 08:45:10.0734 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2010/08/27 08:45:10.0812 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2010/08/27 08:45:10.0875 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2010/08/27 08:45:10.0937 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2010/08/27 08:45:11.0031 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2010/08/27 08:45:11.0078 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2010/08/27 08:45:11.0093 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2010/08/27 08:45:11.0140 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2010/08/27 08:45:11.0187 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2010/08/27 08:45:11.0234 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 2010/08/27 08:45:11.0250 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2010/08/27 08:45:11.0296 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2010/08/27 08:45:11.0484 NETw4x32 (b57c3897952a5e327e62fb0f267e69a8) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys 2010/08/27 08:45:11.0609 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2010/08/27 08:45:11.0656 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2010/08/27 08:45:11.0671 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2010/08/27 08:45:11.0765 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2010/08/27 08:45:11.0984 nv (f9cafb3a6e8fc12303663d1df654a687) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2010/08/27 08:45:12.0531 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2010/08/27 08:45:12.0593 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2010/08/27 08:45:12.0687 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2010/08/27 08:45:12.0812 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 2010/08/27 08:45:12.0875 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2010/08/27 08:45:12.0953 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2010/08/27 08:45:12.0984 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2010/08/27 08:45:13.0062 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2010/08/27 08:45:13.0140 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2010/08/27 08:45:13.0687 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2010/08/27 08:45:13.0734 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2010/08/27 08:45:13.0781 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2010/08/27 08:45:14.0093 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2010/08/27 08:45:14.0171 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2010/08/27 08:45:14.0218 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2010/08/27 08:45:14.0281 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2010/08/27 08:45:14.0343 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2010/08/27 08:45:14.0406 RDPCDD (ecbf6f13ec798af166412b8a485f0539) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/08/27 08:45:14.0421 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\RDPCDD.sys. Real md5: ecbf6f13ec798af166412b8a485f0539, Fake md5: 4912d5b403614ce99c28420f75353332 2010/08/27 08:45:14.0421 RDPCDD - detected Rootkit.Win32.TDSS.tdl3 (0) 2010/08/27 08:45:14.0500 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2010/08/27 08:45:14.0578 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2010/08/27 08:45:14.0671 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2010/08/27 08:45:14.0781 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 2010/08/27 08:45:14.0859 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys 2010/08/27 08:45:14.0968 s24trans (eadfb87f911a7a75d1b80617f92901e8) C:\WINDOWS\system32\DRIVERS\s24trans.sys 2010/08/27 08:45:15.0078 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 2010/08/27 08:45:15.0156 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2010/08/27 08:45:15.0234 Ser2pl (6ce397c482bede91a38e56a8c4a0dc6d) C:\WINDOWS\system32\DRIVERS\ser2pl.sys 2010/08/27 08:45:15.0296 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2010/08/27 08:45:15.0359 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 2010/08/27 08:45:15.0406 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2010/08/27 08:45:15.0546 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2010/08/27 08:45:15.0656 smserial (63b3b77bdb67ee674771c0e6fb96da9e) C:\WINDOWS\system32\DRIVERS\smserial.sys 2010/08/27 08:45:16.0093 SNP2UVC (09795b55ab5c3e5d63a34d5189f65ba3) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys 2010/08/27 08:45:16.0640 sonypvs1 (dfadfc2c86662f40759bf02add27d569) C:\WINDOWS\system32\DRIVERS\sonypvs1.sys 2010/08/27 08:45:16.0812 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2010/08/27 08:45:16.0906 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2010/08/27 08:45:16.0984 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys 2010/08/27 08:45:17.0093 ssmdrv (654dfea96bc82b4acda4f37e5e4a3bbf) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 2010/08/27 08:45:17.0359 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2010/08/27 08:45:17.0578 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2010/08/27 08:45:17.0687 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2010/08/27 08:45:17.0953 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2010/08/27 08:45:18.0109 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2010/08/27 08:45:18.0218 TcUsb (5ca437a08509fb7ecf843480fc1232e2) C:\WINDOWS\system32\Drivers\tcusb.sys 2010/08/27 08:45:18.0296 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2010/08/27 08:45:18.0406 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2010/08/27 08:45:18.0468 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2010/08/27 08:45:18.0703 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2010/08/27 08:45:18.0906 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2010/08/27 08:45:18.0984 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 2010/08/27 08:45:19.0031 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2010/08/27 08:45:19.0093 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2010/08/27 08:45:19.0140 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2010/08/27 08:45:19.0203 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2010/08/27 08:45:19.0250 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2010/08/27 08:45:19.0296 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2010/08/27 08:45:19.0359 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2010/08/27 08:45:19.0421 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys 2010/08/27 08:45:19.0500 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2010/08/27 08:45:19.0609 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2010/08/27 08:45:19.0671 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2010/08/27 08:45:19.0734 wceusbsh (dc7f91b2ed24a738c807ea07f298928c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys 2010/08/27 08:45:19.0843 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 2010/08/27 08:45:19.0984 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2010/08/27 08:45:20.0125 WmBEnum (38932c4649f8baad6ce1000ac6503d5b) C:\WINDOWS\system32\drivers\WmBEnum.sys 2010/08/27 08:45:20.0171 WmFilter (58b3adab903fa1a78c86e6a42b80fe76) C:\WINDOWS\system32\drivers\WmFilter.sys 2010/08/27 08:45:20.0312 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 2010/08/27 08:45:20.0390 WmVirHid (e45f01f4014d7ab13b8a0c41ebf48a3d) C:\WINDOWS\system32\drivers\WmVirHid.sys 2010/08/27 08:45:20.0484 WmXlCore (0398265dd65aae2ece180fa9d1e7b5bb) C:\WINDOWS\system32\drivers\WmXlCore.sys 2010/08/27 08:45:20.0531 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 2010/08/27 08:45:20.0609 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2010/08/27 08:45:20.0734 ================================================================================ 2010/08/27 08:45:20.0734 Scan finished 2010/08/27 08:45:20.0734 ================================================================================ 2010/08/27 08:45:20.0765 Detected object count: 1 2010/08/27 08:47:22.0625 RDPCDD (ecbf6f13ec798af166412b8a485f0539) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/08/27 08:47:22.0625 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\RDPCDD.sys. Real md5: ecbf6f13ec798af166412b8a485f0539, Fake md5: 4912d5b403614ce99c28420f75353332 2010/08/27 08:47:24.0062 Backup copy found, using it.. 2010/08/27 08:47:24.0062 C:\WINDOWS\system32\DRIVERS\RDPCDD.sys - will be cured after reboot 2010/08/27 08:47:24.0062 Rootkit.Win32.TDSS.tdl3(RDPCDD) - User select action: Cure 2010/08/27 08:48:04.0265 Deinitialize success ----------------------------------------------- MBRCheck ----------------------------------------------- MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows XP Professional Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x0000001c Kernel Drivers (total 141): 0x804D7000 \WINDOWS\system32\ntoskrnl.exe 0x806FF000 \WINDOWS\system32\hal.dll 0xF7987000 \WINDOWS\system32\KDCOM.DLL 0xF7897000 \WINDOWS\system32\BOOTVID.dll 0xF75F7000 klmdb.sys 0xF7508000 ACPI.sys 0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xF74F7000 pci.sys 0xF7607000 isapnp.sys 0xF7617000 ohci1394.sys 0xF7627000 \WINDOWS\system32\DRIVERS\1394BUS.SYS 0xF789B000 compbatt.sys 0xF789F000 \WINDOWS\system32\DRIVERS\BATTC.SYS 0xF7A4F000 pciide.sys 0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xF7637000 MountMgr.sys 0xF74D8000 ftdisk.sys 0xF798B000 dmload.sys 0xF74B2000 dmio.sys 0xF78A3000 ACPIEC.sys 0xF7A50000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 0xF770F000 PartMgr.sys 0xF7647000 VolSnap.sys 0xF749A000 atapi.sys 0xF7657000 disk.sys 0xF7667000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xF7867000 fltmgr.sys 0xF7855000 sr.sys 0xF783E000 KSecDD.sys 0xF7B52000 Ntfs.sys 0xF795A000 NDIS.sys 0xF7A35000 Mup.sys 0xF7677000 iomdisk.sys 0xBA929000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xBAFC4000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0xB9E8C000 \SystemRoot\system32\DRIVERS\nv4_mini.sys 0xB9E78000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xF77D7000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xB9E54000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xF77DF000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xB9E2C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xB9E01000 \SystemRoot\system32\DRIVERS\b57xp32.sys 0xB9BE6000 \SystemRoot\system32\DRIVERS\NETw4x32.sys 0xBA919000 \SystemRoot\system32\DRIVERS\nic1394.sys 0xB9BD2000 \SystemRoot\system32\DRIVERS\sdbus.sys 0xBA909000 \SystemRoot\system32\DRIVERS\rimmptsk.sys 0xB9BBE000 \SystemRoot\system32\DRIVERS\rimsptsk.sys 0xBAFB8000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0xF76B7000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xF77EF000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xF77F7000 \SystemRoot\system32\DRIVERS\Ktp.sys 0xF77FF000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xF76C7000 \SystemRoot\system32\DRIVERS\imapi.sys 0xF76D7000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xF76E7000 \SystemRoot\system32\DRIVERS\redbook.sys 0xB9B9B000 \SystemRoot\system32\DRIVERS\ks.sys 0xF7807000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys 0xBAFB0000 \SystemRoot\system32\DRIVERS\EMSC.SYS 0xF76F7000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS 0xB9B20000 \SystemRoot\system32\DRIVERS\Wdf01000.sys 0xB9A18000 \SystemRoot\system32\DRIVERS\btkrnl.sys 0xBAA1F000 \SystemRoot\system32\DRIVERS\audstub.sys 0xF75C6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xBAF91000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xB9A01000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xF75B6000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xF75A6000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xF780F000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xB99F0000 \SystemRoot\system32\DRIVERS\psched.sys 0xF7596000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xF7817000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xF781F000 \SystemRoot\system32\DRIVERS\raspti.sys 0xB99C0000 \SystemRoot\system32\DRIVERS\rdpdr.sys 0xF7586000 \SystemRoot\system32\DRIVERS\termdd.sys 0xF79AF000 \SystemRoot\system32\DRIVERS\swenum.sys 0xB9962000 \SystemRoot\system32\DRIVERS\update.sys 0xBAF79000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xBAF75000 \SystemRoot\system32\drivers\WmBEnum.sys 0xF7576000 \SystemRoot\system32\drivers\WmXlCore.sys 0xB9913000 \SystemRoot\system32\drivers\btaudio.sys 0xB98EF000 \SystemRoot\system32\drivers\portcls.sys 0xF7566000 \SystemRoot\system32\drivers\drmk.sys 0xF7556000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xF7546000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xF79B1000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xB7798000 \SystemRoot\system32\drivers\RtkHDAud.sys 0xB76A7000 \SystemRoot\system32\DRIVERS\smserial.sys 0xBA5ED000 \SystemRoot\System32\Drivers\Modem.SYS 0xF79B9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xB98C5000 \SystemRoot\System32\Drivers\Null.SYS 0xF79BB000 \SystemRoot\System32\Drivers\Beep.SYS 0xBA5CD000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xBA5C5000 \SystemRoot\System32\drivers\vga.sys 0xF79BD000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF79C1000 \SystemRoot\system32\drivers\tsk8.tmp 0xF744A000 \SystemRoot\System32\Drivers\tcusb.sys 0xBA5BD000 \SystemRoot\System32\Drivers\Msfs.SYS 0xBA5B5000 \SystemRoot\System32\Drivers\Npfs.SYS 0xBAFD4000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xB757A000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xB7521000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xB74F9000 \SystemRoot\system32\DRIVERS\netbt.sys 0xB74D7000 \SystemRoot\System32\drivers\afd.sys 0xF743A000 \SystemRoot\system32\DRIVERS\netbios.sys 0xBA5AD000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0xB74AC000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xB743C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xF742A000 \SystemRoot\System32\Drivers\Fips.SYS 0xB7416000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xBA5A5000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0xF741A000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xF740A000 \SystemRoot\system32\DRIVERS\arp1394.sys 0xB73D2000 \SystemRoot\system32\DRIVERS\avipbb.sys 0xF79C5000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys 0xB6AAA000 \SystemRoot\system32\DRIVERS\snp2uvc.sys 0xF7687000 \SystemRoot\system32\DRIVERS\STREAM.SYS 0xF774F000 \SystemRoot\system32\DRIVERS\sncduvc.SYS 0xF7757000 \SystemRoot\System32\Drivers\CamFilter.sys 0xF76A7000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xB6A42000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xF79C9000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xB7693000 \SystemRoot\System32\drivers\Dxapi.sys 0xF776F000 \SystemRoot\System32\watchdog.sys 0xBF9C4000 \SystemRoot\System32\drivers\dxg.sys 0xB98C2000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF9D6000 \SystemRoot\System32\nv4_disp.dll 0xBFFA0000 \SystemRoot\System32\ATMFD.DLL 0xB433A000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0xF778F000 \SystemRoot\system32\DRIVERS\AegisP.sys 0xB4356000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xB4336000 \SystemRoot\system32\DRIVERS\s24trans.sys 0xB3F4D000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xB767C000 \??\C:\WINDOWS\system32\Drivers\mchInjDrv.sys 0xB4914000 \SystemRoot\System32\Drivers\MASPINT.SYS 0xB3BFE000 \SystemRoot\system32\DRIVERS\srv.sys 0x9E4B1000 \SystemRoot\system32\drivers\wdmaud.sys 0xB4062000 \SystemRoot\system32\drivers\sysaudio.sys 0x9E351000 \SystemRoot\system32\drivers\kmixer.sys 0x9DD72000 \SystemRoot\System32\Drivers\HTTP.sys 0x7C900000 \WINDOWS\system32\ntdll.dll Processes (total 74): 0 System Idle Process 4 System 836 C:\WINDOWS\system32\smss.exe 912 C:\WINDOWS\system32\csrss.exe 944 C:\WINDOWS\system32\winlogon.exe 988 C:\WINDOWS\system32\services.exe 1000 C:\WINDOWS\system32\lsass.exe 1188 C:\WINDOWS\system32\svchost.exe 1256 C:\WINDOWS\system32\svchost.exe 1296 C:\WINDOWS\system32\svchost.exe 1320 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe 1420 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe 1468 C:\WINDOWS\system32\svchost.exe 1520 C:\WINDOWS\system32\svchost.exe 1728 C:\WINDOWS\system32\spoolsv.exe 1892 C:\Program Files\Avira\AntiVir Desktop\sched.exe 1944 C:\WINDOWS\system32\svchost.exe 2024 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 2036 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 176 C:\Program Files\Bonjour\mDNSResponder.exe 236 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe 480 C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe 608 C:\PROGRA~1\Iomega\System32\AppServices.exe 620 C:\Program Files\Java\jre6\bin\jqs.exe 764 C:\WINDOWS\system32\nvsvc32.exe 812 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe 868 C:\Program Files\CyberLink\Shared Files\RichVideo.exe 892 C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe 1216 C:\WINDOWS\system32\svchost.exe 1336 C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe 1400 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe 1432 C:\WINDOWS\system32\wdfmgr.exe 1488 C:\Program Files\Viewpoint\Common\ViewpointService.exe 1576 C:\Program Files\Iomega\AutoDisk\ADService.exe 1696 C:\WINDOWS\system32\wuauclt.exe 2592 C:\WINDOWS\system32\alg.exe 2980 C:\WINDOWS\system32\wbem\wmiprvse.exe 3360 C:\WINDOWS\explorer.exe 3676 C:\Program Files\Compal\Wireless Select Switch\WLSS.exe 3784 C:\WINDOWS\vsnp2uvc.exe 3796 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe 3812 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe 3820 C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe 3840 C:\Program Files\Compal\Smart Battery\SMBTray.exe 3952 C:\Program Files\Protector Suite QL\psqltray.exe 3964 C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe 4052 C:\WINDOWS\RTHDCPL.exe 4088 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe 232 C:\Program Files\Iomega\AutoDisk\ADUserMon.exe 476 C:\Program Files\Iomega\DriveIcons\Imgicon.exe 2180 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe 2260 C:\Program Files\Logitech\Gaming Software\LWEMon.exe 2188 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 2376 C:\Program Files\iTunes\iTunesHelper.exe 992 C:\Program Files\Common Files\Java\Java Update\jusched.exe 2668 C:\Program Files\Messenger\msmsgs.exe 568 C:\WINDOWS\system32\ctfmon.exe 2624 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe 3120 C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe 3336 C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe 3392 C:\Program Files\TiVo\Desktop\TiVoNotify.exe 3516 C:\Program Files\TiVo\Desktop\TiVoServer.exe 3532 C:\Program Files\Skype\Phone\Skype.exe 3352 C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe 3708 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe 3988 C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe 3088 C:\Program Files\iPod\bin\iPodService.exe 3060 C:\Program Files\Internet Explorer\iexplore.exe 1964 C:\Program Files\Internet Explorer\iexplore.exe 3376 C:\Program Files\Skype\Plugin Manager\skypePM.exe 3596 C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe 3540 C:\WINDOWS\system32\wbem\wmiadap.exe 2388 C:\Program Files\Internet Explorer\iexplore.exe 2292 C:\Documents and Settings\Garrett\Local Settings\Temporary Internet Files\Content.IE5\EL2WLPCR\MBRCheck[1].exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\E: --> \\.\PhysicalDrive0 at offset 0x00000010`002a4400 (NTFS) PhysicalDrive0 Model Number: ST9160823AS, Rev: 3.AAB Size Device Name MBR Status -------------------------------------------- 149 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: 6C7C25672E81AF972795B06F11E2842DECE070E7 Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Options: [1] Dump the MBR of a physical disk to file. [2] Restore the MBR of a physical disk with a standard boot code. [3] Exit. Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes: [ 0] Default (Windows XP) [ 1] Windows XP [ 2] Windows Server 2003 [ 3] Windows Vista [ 4] Windows 2008 [ 5] Windows 7 [-1] Cancel Please select the MBR code to write to this drive: 1 Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES Successfully wrote new MBR code! Please reboot your computer to complete the fix. Done!
  6. Hello, I recently noticed that when I run Internet Explorer, an additional window will pop up with a link to a seemingly random URL. Sometimes the URL will contain search terms from previous Google searches I have done. Sometimes the window pops up right away when I first start IE, other times it won't pop up until I have been browsing for a while. Additionally, the first time I start IE after turning on my computer, it will pop up a message saying the previous session closed unexpectedly, though it seemed to close fine. My logs are attached. Thanks in advance for your help! Garrett ------------------------------------------------- Malwarebytes Log ------------------------------------------------- Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4450 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 8/20/2010 10:13:13 AM mbam-log-2010-08-20 (10-13-13).txt Scan type: Quick scan Objects scanned: 133843 Time elapsed: 7 minute(s), 34 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ----------------------------------------------- DDS.txt ----------------------------------------------- DDS (Ver_10-03-17.01) - NTFSx86 Run by Garrett at 22:45:26.12 on Mon 08/23/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1084 [GMT -7:00] AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: iolo AntiVirus Attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.