Jump to content

Ohwhatnow

Members
 View Profile  See their activity

  • Posts

    7

  • Joined

  • Last visited

 Content Type 

Everything posted by Ohwhatnow

  1. Ohwhatnow
    THank you much!!! it seems like things are moving fast again and I don't see anything else popping up
  2. Ohwhatnow
    File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis: MD5: 8737f6f4c8ec1e2a9ea5516f1b3ae1ad Date first seen: 2009-01-30 21:58:47 (UTC) Date last seen: 2011-01-29 12:32:03 (UTC) Detection ratio: 0/43 What do you wish to do? 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware. File name: MOVEitEZ.exe Submission date: 2011-02-04 23:06:48 (UTC) Current status: queued queued analysing finished Result: 0/ 43 (0.0%) VT Community not reviewed Safety score: - Compact Print results Antivirus Version Last Update Result AhnLab-V3 2011.01.27.01 2011.01.27 - AntiVir 7.11.2.80 2011.02.04 - Antiy-AVL 2.0.3.7 2011.01.28 - Avast 4.8.1351.0 2011.02.04 - Avast5 5.0.677.0 2011.02.04 - AVG 10.0.0.1190 2011.02.04 - BitDefender 7.2 2011.02.04 - CAT-QuickHeal 11.00 2011.02.04 - ClamAV 0.96.4.0 2011.02.04 - Commtouch 5.2.11.5 2011.02.04 - Comodo 7594 2011.02.04 - DrWeb 5.0.2.03300 2011.02.04 - Emsisoft 5.1.0.2 2011.02.04 - eSafe 7.0.17.0 2011.02.03 - eTrust-Vet 36.1.8141 2011.02.04 - F-Prot 4.6.2.117 2011.02.04 - F-Secure 9.0.16160.0 2011.02.04 - Fortinet 4.2.254.0 2011.02.04 - GData 21 2011.02.04 - Ikarus T3.1.1.97.0 2011.02.04 - Jiangmin 13.0.900 2011.02.04 - K7AntiVirus 9.81.3750 2011.02.04 - Kaspersky 7.0.0.125 2011.02.04 - McAfee 5.400.0.1158 2011.02.04 - McAfee-GW-Edition 2010.1C 2011.02.04 - Microsoft 1.6502 2011.02.04 - NOD32 5847 2011.02.04 - Norman 6.07.03 2011.02.04 - nProtect 2011-01-27.01 2011.02.02 - Panda 10.0.3.5 2011.02.04 - PCTools 7.0.3.5 2011.02.04 - Prevx 3.0 2011.02.05 - Rising 23.43.04.07 2011.02.04 - Sophos 4.61.0 2011.02.04 - SUPERAntiSpyware 4.40.0.1006 2011.02.04 - Symantec 20101.3.0.103 2011.02.04 - TheHacker 6.7.0.1.124 2011.02.04 - TrendMicro 9.200.0.1012 2011.02.04 - TrendMicro-HouseCall 9.200.0.1012 2011.02.04 - VBA32 3.12.14.3 2011.02.04 - VIPRE 8309 2011.02.04 - ViRobot 2011.2.4.4292 2011.02.04 - VirusBuster 13.6.182.0 2011.02.04 - Additional informationShow all MD5 : 94f712ff9cfba58084a4713fe1e37df1 SHA1 : 6af47aead4389ce73a113c0913c176c1b909c3b0 SHA256: 7f1dc46fa7d1acf1b6d7691ad4c3811dc1bd00595da273befb4ab323400dd242 ssdeep: 24576:QH6/2ES9jFvPJd5oWSOQ8uBx37jZtTg1D1Vu:8zvPJd5orTHfTgU File size : 996760 bytes First seen: 2010-03-04 20:26:25 Last seen : 2011-02-04 23:06:48 TrID: Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%) sigcheck: publisher....: Ipswitch, Inc. copyright....: Copyright © 2003-2009, Ipswitch, Inc. product......: MOVEit EZ description..: MOVEitEZ original name: MOVEitEZ.exe internal name: MOVEit EZ file version.: 6, 5, 0, 0 comments.....: MOVEit Desktop Automation signers......: Ipswitch, Inc. VeriSign Class 3 Code Signing 2004 CA Class 3 Public Primary Certification Authority signing date.: 9:44 PM 7/24/2009 verified.....: - PEiD: Armadillo v1.71 PEInfo: PE structure information [[ basic data ]] entrypointaddress: 0x6BC9E timedatestamp....: 0x4A6A1D0E (Fri Jul 24 20:43:58 2009) machinetype......: 0x14c (I386) [[ 5 section(s) ]] name, viradd, virsiz, rawdsiz, ntropy, md5 .text, 0x1000, 0x7B83E, 0x7C000, 6.62, 260015f8bb8dfec02f4e601832888076 .rdata, 0x7D000, 0xC31C, 0xD000, 5.79, 4b9253cd4b5d32ad1b9ffa08b71634c7 .data, 0x8A000, 0x59391, 0x13000, 5.37, bdb11961e88ba911f1c2607398959ff0 .tls, 0xE4000, 0x134, 0x1000, 0.00, 620f0b67a91f7f74151bc5be745b7110 .rsrc, 0xE5000, 0x53598, 0x54000, 3.26, ea60d09b7ed9e50ce021946a29a51d10 [[ 18 import(s) ]] SHFOLDER.dll: SHGetFolderPathA NETAPI32.dll: NetGroupGetUsers, NetQueryDisplayInformation, NetUserEnum, NetLocalGroupAddMembers, NetUserAdd, NetUserDel, NetApiBufferFree, NetUserGetInfo, NetGroupAddUser, NetLocalGroupDelMembers, NetGroupDelUser, NetLocalGroupDel, NetGroupDel, NetGroupGetInfo, NetLocalGroupGetMembers, NetWkstaGetInfo, NetUserSetInfo, NetGetDCName KERNEL32.dll: GetCurrentThread, ReadProcessMemory, GetCurrentProcess, CompareFileTime, GetSystemTimeAsFileTime, SystemTimeToFileTime, QueryPerformanceCounter, QueryPerformanceFrequency, GetTimeZoneInformation, FreeLibrary, FormatMessageA, LoadLibraryExA, FileTimeToLocalFileTime, SetFilePointer, CopyFileExA, GetProcessHeap, LocalFree, LocalAlloc, GetComputerNameA, TerminateThread, lstrcatA, GetTempFileNameA, GetTempPathA, MapViewOfFile, CreateFileMappingA, SetEndOfFile, UnmapViewOfFile, FlushViewOfFile, GetVersionExA, CreateMutexA, Sleep, lstrlenW, InterlockedExchange, SetEnvironmentVariableA, CompareStringW, CompareStringA, GetLocaleInfoW, SetConsoleCtrlHandler, GetOEMCP, GetACP, FlushFileBuffers, SetStdHandle, IsBadCodePtr, IsBadReadPtr, GetFileAttributesExA, GetStringTypeA, GetFileType, LeaveCriticalSection, LoadLibraryA, GetEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsW, FreeEnvironmentStringsA, SetUnhandledExceptionFilter, GetUserDefaultLCID, EnumSystemLocalesA, GetLocaleInfoA, IsValidCodePage, IsValidLocale, GetCPInfo, IsBadWritePtr, VirtualAlloc, VirtualFree, HeapCreate, HeapDestroy, GetEnvironmentVariableA, HeapSize, LCMapStringW, LCMapStringA, FatalAppExitA, UnhandledExceptionFilter, TerminateProcess, SetLastError, TlsFree, TlsAlloc, ExitProcess, GetVersion, GetStartupInfoA, GetModuleHandleA, RaiseException, HeapReAlloc, GetSystemTime, HeapAlloc, HeapFree, RtlUnwind, ExitThread, TlsGetValue, TlsSetValue, CreateThread, EnterCriticalSection, ReadFile, WriteFile, GetFileSize, SetFileAttributesA, InterlockedIncrement, MultiByteToWideChar, DeleteCriticalSection, CreateFileA, GetFileAttributesA, FileTimeToSystemTime, GetCommandLineA, GetStringTypeW, GetModuleFileNameA, GetLocalTime, GetCurrentThreadId, GetProcAddress, CloseHandle, ResumeThread, SuspendThread, SetEvent, GetLastError, CreateEventA, WaitForSingleObject, lstrlenA, lstrcpyA, OutputDebugStringA, lstrcpynA, InitializeCriticalSection, WideCharToMultiByte, CreateDirectoryA, InterlockedDecrement, FindFirstFileA, FindNextFileA, FindClose, GetTickCount, DeleteFileA, MoveFileA, WritePrivateProfileStringA, GetStdHandle, GetPrivateProfileStringA, SetHandleCount USER32.dll: InvalidateRect, DispatchMessageA, TranslateMessage, TranslateAcceleratorA, GetMessageA, LoadAcceleratorsA, LoadIconA, LoadMenuA, LoadStringA, RegisterClassExA, LoadCursorA, UpdateWindow, ShowWindow, GetWindow, GetClientRect, GetParent, IsWindow, SetForegroundWindow, EnumChildWindows, ModifyMenuA, LoadImageA, GetSubMenu, PostQuitMessage, DestroyMenu, DefFrameProcA, KillTimer, SetTimer, TrackPopupMenu, SetMenuDefaultItem, CreateWindowExA, InsertMenuA, MessageBoxA, wsprintfA, SendMessageA, GetWindowRect, EndDialog, SetWindowTextA, GetDlgItem, GetWindowTextA, IsDlgButtonChecked, DeleteMenu, ReleaseDC, GetDC, CreateMDIWindowA, SetScrollInfo, CheckDlgButton, SetFocus, DialogBoxParamA, SetWindowLongA, EnableWindow, SetWindowPos, FillRect, EndPaint, IsIconic, BeginPaint, DefMDIChildProcA, IsZoomed, GetWindowPlacement, GetCursorPos, PostMessageA, SetWindowPlacement GDI32.dll: Polygon, CreateFontA, GetStockObject, SelectObject, GetTextMetricsA, SetTextColor, TextOutA, GetTextExtentPoint32A, SetBkColor, CreateSolidBrush, DeleteObject, GetDeviceCaps comdlg32.dll: GetOpenFileNameA ADVAPI32.dll: RegQueryValueExA, RegisterServiceCtrlHandlerA, LsaNtStatusToWinError, LookupAccountNameW, LsaAddAccountRights, LsaClose, LookupAccountSidW, LsaOpenPolicy, LsaQueryInformationPolicy, RegEnumKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCreateKeyExA, RegOpenKeyExA, RegCloseKey, GetTokenInformation, LookupAccountSidA, LogonUserA, RegCreateKeyA, RegSetValueExA, StartServiceA, OpenServiceA, ControlService, DeleteService, OpenSCManagerA, CreateServiceA, CloseServiceHandle, SetServiceStatus, StartServiceCtrlDispatcherA SHELL32.dll: SHBrowseForFolderA, Shell_NotifyIconA, SHGetPathFromIDListA, ShellExecuteA, SHGetSpecialFolderLocation, SHGetMalloc ole32.dll: CoInitialize, CoUninitialize, CoCreateInstance, OleRun, CoTaskMemFree OLEAUT32.dll: -, -, -, -, -, -, -, -, -, - WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, - VERSION.dll: GetFileVersionInfoA, GetFileVersionInfoSizeA, VerQueryValueA COMCTL32.dll: PropertySheetA WININET.dll: InternetSetOptionA, InternetQueryOptionA, HttpSendRequestExA, InternetReadFile, HttpSendRequestA, HttpAddRequestHeadersA, HttpOpenRequestA, InternetConnectA, InternetOpenA, InternetWriteFile, InternetCloseHandle, HttpQueryInfoA, HttpEndRequestA, InternetCrackUrlA MPR.dll: WNetAddConnection2A, WNetCancelConnection2A SHLWAPI.dll: PathMatchSpecA imagehlp.dll: SymGetModuleBase, SymCleanup, UnDecorateSymbolName, SymGetSymFromAddr, SymGetModuleInfo, StackWalk, SymInitialize, SymSetOptions, SymFunctionTableAccess CRYPT32.dll: CertFreeCertificateChain, CryptFindOIDInfo, CertGetIntendedKeyUsage, CertGetPublicKeyLength, CertNameToStrA, CertGetNameStringA, CertVerifyTimeValidity, CertEnumCertificatesInStore, CertDeleteCertificateFromStore, CertOpenStore, CertEnumSystemStore, CertFreeCertificateContext, CertCloseStore, CertOpenSystemStoreA, CertVerifyCertificateChainPolicy, CertGetCertificateChain, CertFindChainInStore, CertFindCertificateInStore, CertDuplicateCertificateContext, CryptHashCertificate ExifTool: file metadata CharacterSet: Unicode CodeSize: 507904 Comments: MOVEit Desktop Automation CompanyName: Ipswitch, Inc. EntryPoint: 0x6bc9e FileDescription: MOVEitEZ FileFlagsMask: 0x003f FileOS: Windows NT 32-bit FileSize: 973 kB FileSubtype: 0 FileType: Win32 EXE FileVersion: 6, 5, 0, 0 FileVersionNumber: 6.5.0.0 ImageVersion: 0.0 InitializedDataSize: 770048 InternalName: MOVEit EZ LanguageCode: English (U.S.) LegalCopyright: Copyright 2003-2009, Ipswitch, Inc. LegalTrademarks: MOVEit is a registered trademark of Ipswitch, Inc. LinkerVersion: 6.0 MIMEType: application/octet-stream MachineType: Intel 386 or later, and compatibles OSVersion: 4.0 ObjectFileType: Executable application OriginalFilename: MOVEitEZ.exe PEType: PE32 PrivateBuild: ProductName: MOVEit EZ ProductVersion: 6, 5, 0, 0 ProductVersionNumber: 6.5.0.0 SpecialBuild: Subsystem: Windows GUI SubsystemVersion: 4.0 TimeStamp: 2009:07:24 22:43:58+02:00 UninitializedDataSize: 0 VT Community 0 This file has never been reviewed by any VT Community member. Be the first one to comment on it! VirusTotal Team
  3. Ohwhatnow
    ComboFix 11-01-31.02 - rpeterson 02/04/2011 16:45:55.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2022.1397 [GMT -6:00] Running from: E:\Combo-Fix.exe AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Install.exe c:\windows\system32\drivers\etc\lmhosts c:\windows\system32\Thumbs.db . ((((((((((((((((((((((((( Files Created from 2011-01-04 to 2011-02-04 ))))))))))))))))))))))))))))))) . 2011-02-04 22:28 . 2011-02-04 22:28 -------- d-----w- c:\documents and settings\rpeterson\Application Data\Avira 2011-02-04 21:39 . 2011-02-04 21:39 -------- d-----w- c:\windows\system32\CatRoot_bak 2011-02-04 19:24 . 2011-01-10 20:23 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-02-04 19:24 . 2011-01-10 20:23 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-02-04 19:24 . 2010-06-17 20:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2011-02-04 19:24 . 2010-06-17 20:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2011-02-04 19:24 . 2011-02-04 19:24 -------- d-----w- c:\program files\Avira 2011-02-04 19:24 . 2011-02-04 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2011-02-04 15:08 . 2011-02-04 15:08 -------- d-----w- c:\program files\McAfee 2011-02-03 17:59 . 2011-02-03 17:59 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2011-02-03 15:41 . 2011-02-03 16:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2011-02-03 15:41 . 2011-02-03 16:27 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-02-02 21:40 . 2011-02-02 21:40 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE 2011-02-02 21:36 . 2011-02-02 21:36 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee 2011-02-02 20:59 . 2011-02-02 20:59 -------- d-----w- c:\program files\Common Files\Adobe AIR 2011-02-02 20:57 . 2011-02-02 20:57 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2011-02-02 16:59 . 2008-04-14 11:42 221184 ----a-w- c:\windows\system32\wmpns.dll 2011-02-02 16:18 . 2008-04-14 11:42 73796 ------w- c:\windows\system32\slserv.exe 2011-02-02 16:16 . 2011-02-02 16:19 -------- d-----w- c:\windows\ServicePackFiles 2011-02-02 16:16 . 2008-04-14 11:42 294912 ------w- c:\program files\Windows Media Player\dlimport.exe 2011-02-02 16:16 . 2008-04-14 11:42 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe 2011-02-02 16:12 . 2006-12-29 06:31 19569 ----a-w- c:\windows\003242_.tmp 2011-02-02 15:06 . 2011-02-02 15:06 -------- d-sh--w- c:\documents and settings\rpeterson\IECompatCache 2011-02-01 20:25 . 2011-02-01 20:25 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2011-02-01 20:17 . 2011-02-01 20:17 -------- d-sh--w- c:\documents and settings\rpeterson\PrivacIE 2011-02-01 20:16 . 2011-02-01 20:16 -------- d-sh--w- c:\documents and settings\rpeterson\IETldCache 2011-02-01 20:12 . 2011-02-01 20:13 -------- dc-h--w- c:\windows\ie8 2011-02-01 18:53 . 2011-02-01 18:53 -------- d-----w- c:\documents and settings\rpeterson\Application Data\Malwarebytes 2011-02-01 18:53 . 2011-02-01 18:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-02-01 18:53 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-02-01 18:53 . 2011-02-04 16:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-02-01 18:53 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-02-01 18:31 . 2011-02-01 18:31 -------- d-----w- c:\program files\Common Files\Java 2011-02-01 18:30 . 2011-02-01 18:30 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-02-01 18:30 . 2011-02-01 18:30 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-01 18:30 . 2011-02-01 18:30 -------- d-----w- c:\program files\Java 2011-01-31 14:32 . 2011-01-31 14:32 -------- d-----w- c:\documents and settings\rpeterson\Local Settings\Application Data\Starfield 2011-01-31 14:32 . 2011-02-02 14:21 -------- d-----w- c:\program files\Starfield . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-16 147456] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-11 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-02-26 131072] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-26 155648] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-02-26 131072] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360] "Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] c:\documents and settings\All Users\Start Menu\Programs\Startup\ MAP DRIVE TO DIRECTOR.lnk - c:\iti\DIRECTOR\DIRWIN-Generic.bat [2007-9-25 102] Run MOVEit EZ Service in Foreground.lnk - c:\program files\MOVEit\MOVEitEZ.exe [2009-6-30 996760] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3816717236-463642699-2401961290-1142\Scripts\Logon\0\0] "Script"=all.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3816717236-463642699-2401961290-1143\Scripts\Logon\0\0] "Script"=all.bat [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-11-10 18:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-11-10 18:49 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-01-06 19:06 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 23:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-01-05 22:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2004-11-03 04:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-04-11 19:03 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\MOVEit\\MOVEitEZ.exe"= R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2/4/2011 1:24 PM 135336] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/1/2011 12:53 PM 363344] R2 MSSQL$HPWJA;SQL Server (HPWJA);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2/10/2007 7:29 AM 29178224] R2 MSSQL$WHATSUP;SQL Server (WHATSUP);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/24/2008 9:31 PM 29263712] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/1/2011 12:53 PM 20952] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/13/2009 8:26 AM 135664] S3 Mach3;Mach3 Pulseing Service;c:\windows\system32\Drivers\Mach3.sys --> c:\windows\system32\Drivers\Mach3.sys [?] S4 MOVEitEZ;MOVEit EZ;c:\program files\MOVEit\MOVEitEZ.exe [6/30/2009 12:37 PM 996760] --- Other Services/Drivers In Memory --- *NewlyCreated* - SSMDRV . Contents of the 'Scheduled Tasks' folder 2011-02-04 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34] 2011-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-13 14:26] 2011-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-13 14:26] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.weather.com/weather/local/55792?lswe=55792&lwsa=WeatherLocalUndeclared&from=whatwhere uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://www.compudyne.net/ uInternet Settings,ProxyOverride = 10.73.1.212;10.73.1.34 uInternet Settings,ProxyServer = 10.72.216.51:8080 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html Trusted Zone: fmwrdc.com Trusted Zone: fmwrdc.com\mwrawdir TCP: {A34F4152-B85E-4433-B70A-F68962FF91F2} = 10.72.216.130,137.192.2.4,10.73.18.253,10.72.88.254 DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB DPF: {03DED275-9DA6-450E-8A34-26684B2DDC78} - hxxps://evaultdsm01.com/COM/MOVEitUploadWizard4.5.0.ocx DPF: {A00C0AFC-E004-4024-9D25-52952AC99A6A} - hxxp://10.73.1.212/NAV_nav1151/NAV1251.CAB . - - - - ORPHANS REMOVED - - - - HKLM-RunOnce-<NO NAME> - (no file) Notify-NavLogon - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-04 16:50 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-3816717236-463642699-2401961290-1142\
  4. Ohwhatnow
  5. Ohwhatnow
    DDS (Ver_10-12-12.02) - NTFSx86 Run by rpeterson at 15:42:04.79 on Fri 02/04/2011 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2022.1229 [GMT -6:00] AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\Explorer.EXE c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\MOVEit\MOVEitEZ.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE E:\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.weather.com/weather/local/55792?lswe=55792&lwsa=WeatherLocalUndeclared&from=whatwhere uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://www.compudyne.net/ uInternet Settings,ProxyOverride = 10.73.1.212;10.73.1.34 uInternet Settings,ProxyServer = 10.72.216.51:8080 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mapdri~1.lnk - c:\iti\director\DIRWIN-Generic.bat StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\runmov~1.lnk - c:\program files\moveit\MOVEitEZ.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL Trusted Zone: fmwrdc.com Trusted Zone: fmwrdc.com\mwrawdir DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB DPF: {03DED275-9DA6-450E-8A34-26684B2DDC78} - hxxps://evaultdsm01.com/COM/MOVEitUploadWizard4.5.0.ocx DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813 DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173892033390 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1296591954265 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {A00C0AFC-E004-4024-9D25-52952AC99A6A} - hxxp://10.73.1.212/NAV_nav1151/NAV1251.CAB DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} - hxxp://edge.compudyne.net/inc/kaxRemote.dll DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: {A34F4152-B85E-4433-B70A-F68962FF91F2} = 10.72.216.130,137.192.2.4,10.73.18.253,10.72.88.254 Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll Hosts: 127.0.0.1 www.spywareinfo.com Hosts: 65.207.128.140 premier.client.fiservdmdr.net Hosts: 10.73.1.236 DSMDIR04 Hosts: 10.73.1.236 DIRECTOR Hosts: 10.73.23.37 DSMDIRECTORA Note: multiple HOSTS entries found. Please refer to Attach.txt ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-2-4 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-2-4 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-2-4 267944] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-4 61960] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-2-1 363344] R2 MSSQL$HPWJA;SQL Server (HPWJA);c:\program files\microsoft sql server\mssql.2\mssql\binn\sqlservr.exe [2007-2-10 29178224] R2 MSSQL$WHATSUP;SQL Server (WHATSUP);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-2-1 20952] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-13 135664] S3 Mach3;Mach3 Pulseing Service;c:\windows\system32\drivers\mach3.sys --> c:\windows\system32\drivers\Mach3.sys [?] S4 MOVEitEZ;MOVEit EZ;c:\program files\moveit\MOVEitEZ.exe [2009-6-30 996760] =============== Created Last 30 ================ 2011-02-04 21:39:42 -------- d-----w- c:\windows\system32\CatRoot_bak 2011-02-04 19:24:26 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-02-04 19:24:22 -------- d-----w- c:\program files\Avira 2011-02-04 19:24:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira 2011-02-04 15:08:03 -------- d-----w- c:\program files\McAfee 2011-02-03 16:38:18 -------- d-----w- c:\windows\pss 2011-02-03 15:41:35 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-02-03 15:41:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2011-02-02 16:59:05 221184 ----a-w- c:\windows\system32\wmpns.dll 2011-02-02 16:18:59 76800 ------w- c:\windows\system32\qutil.dll 2011-02-02 16:16:46 -------- d-----w- c:\windows\ServicePackFiles 2011-02-02 16:16:29 294912 ------w- c:\program files\windows media player\dlimport.exe 2011-02-02 16:16:25 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe 2011-02-02 16:12:58 19569 ----a-w- c:\windows\003242_.tmp 2011-02-02 15:06:51 -------- d-sh--w- c:\documents and settings\rpeterson\IECompatCache 2011-02-01 20:17:43 -------- d-sh--w- c:\documents and settings\rpeterson\PrivacIE 2011-02-01 20:16:11 -------- d-sh--w- c:\documents and settings\rpeterson\IETldCache 2011-02-01 20:12:06 -------- dc-h--w- c:\windows\ie8 2011-02-01 18:53:36 -------- d-----w- c:\docume~1\rpeter~1\applic~1\Malwarebytes 2011-02-01 18:53:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-02-01 18:53:33 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2011-02-01 18:53:30 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-02-01 18:53:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-02-01 18:30:53 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-02-01 18:30:53 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-01-31 14:32:21 -------- d-----w- c:\docume~1\rpeter~1\locals~1\applic~1\Starfield 2011-01-31 14:32:12 -------- d-----w- c:\program files\Starfield ==================== Find3M ==================== ============= FINISH: 15:43:22.25 =============== 011/02/04 15:23:58.0062 2564 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03 2011/02/04 15:23:58.0406 2564 ================================================================================ 2011/02/04 15:23:58.0406 2564 SystemInfo: 2011/02/04 15:23:58.0406 2564 2011/02/04 15:23:58.0406 2564 OS Version: 5.1.2600 ServicePack: 3.0 2011/02/04 15:23:58.0406 2564 Product type: Workstation 2011/02/04 15:23:58.0406 2564 ComputerName: WINXP-10388 2011/02/04 15:23:58.0406 2564 UserName: rpeterson 2011/02/04 15:23:58.0406 2564 Windows directory: C:\WINDOWS 2011/02/04 15:23:58.0406 2564 System windows directory: C:\WINDOWS 2011/02/04 15:23:58.0406 2564 Processor architecture: Intel x86 2011/02/04 15:23:58.0406 2564 Number of processors: 2 2011/02/04 15:23:58.0406 2564 Page size: 0x1000 2011/02/04 15:23:58.0406 2564 Boot type: Normal boot 2011/02/04 15:23:58.0406 2564 ================================================================================ 2011/02/04 15:23:58.0578 2564 Initialize success 2011/02/04 15:24:04.0593 4068 ================================================================================ 2011/02/04 15:24:04.0593 4068 Scan started 2011/02/04 15:24:04.0593 4068 Mode: Manual; 2011/02/04 15:24:04.0593 4068 ================================================================================ 2011/02/04 15:24:06.0328 4068 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/02/04 15:24:06.0406 4068 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/02/04 15:24:06.0515 4068 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/02/04 15:24:06.0578 4068 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2011/02/04 15:24:06.0750 4068 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/02/04 15:24:06.0890 4068 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/02/04 15:24:06.0921 4068 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/02/04 15:24:07.0046 4068 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/02/04 15:24:07.0140 4068 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/02/04 15:24:07.0359 4068 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2011/02/04 15:24:07.0421 4068 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 2011/02/04 15:24:07.0484 4068 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\WINDOWS\system32\DRIVERS\avipbb.sys 2011/02/04 15:24:07.0531 4068 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/02/04 15:24:07.0578 4068 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/02/04 15:24:07.0625 4068 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/02/04 15:24:07.0671 4068 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/02/04 15:24:07.0734 4068 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/02/04 15:24:07.0937 4068 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/02/04 15:24:08.0031 4068 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/02/04 15:24:08.0078 4068 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/02/04 15:24:08.0140 4068 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/02/04 15:24:08.0187 4068 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/02/04 15:24:08.0234 4068 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/02/04 15:24:08.0312 4068 e1express (c477f783ed345ec9d739d58eff63a224) C:\WINDOWS\system32\DRIVERS\e1e5132.sys 2011/02/04 15:24:08.0406 4068 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/02/04 15:24:08.0468 4068 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/02/04 15:24:08.0500 4068 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/02/04 15:24:08.0562 4068 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/02/04 15:24:08.0593 4068 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/02/04 15:24:08.0703 4068 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/02/04 15:24:08.0765 4068 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/02/04 15:24:08.0828 4068 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2011/02/04 15:24:08.0890 4068 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/02/04 15:24:08.0953 4068 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/02/04 15:24:09.0031 4068 HECI (d0fc694df051bc65946db616f20d1168) C:\WINDOWS\system32\DRIVERS\HECI.sys 2011/02/04 15:24:09.0109 4068 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/02/04 15:24:09.0250 4068 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/02/04 15:24:09.0359 4068 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/02/04 15:24:09.0562 4068 ialm (c1c2d6940d6ec2f247b0f3c11e0a18e0) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 2011/02/04 15:24:09.0781 4068 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/02/04 15:24:09.0953 4068 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/02/04 15:24:09.0968 4068 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/02/04 15:24:10.0046 4068 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/02/04 15:24:10.0093 4068 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/02/04 15:24:10.0125 4068 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/02/04 15:24:10.0171 4068 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/02/04 15:24:10.0218 4068 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/02/04 15:24:10.0250 4068 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/02/04 15:24:10.0296 4068 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/02/04 15:24:10.0328 4068 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/02/04 15:24:10.0359 4068 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/02/04 15:24:10.0375 4068 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/02/04 15:24:10.0484 4068 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\WINDOWS\system32\drivers\mbam.sys 2011/02/04 15:24:10.0531 4068 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/02/04 15:24:10.0593 4068 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/02/04 15:24:10.0671 4068 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys 2011/02/04 15:24:10.0718 4068 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/02/04 15:24:10.0781 4068 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/02/04 15:24:10.0796 4068 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/02/04 15:24:10.0859 4068 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/02/04 15:24:10.0937 4068 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/02/04 15:24:11.0015 4068 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/02/04 15:24:11.0203 4068 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/02/04 15:24:11.0343 4068 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/02/04 15:24:11.0390 4068 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/02/04 15:24:11.0453 4068 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/02/04 15:24:11.0515 4068 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/02/04 15:24:11.0593 4068 NAL (16ea7d22102b952621ef4d4f87e3463b) C:\WINDOWS\system32\Drivers\iqvw32.sys 2011/02/04 15:24:11.0640 4068 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/02/04 15:24:11.0671 4068 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/02/04 15:24:11.0687 4068 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/02/04 15:24:11.0703 4068 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/02/04 15:24:11.0734 4068 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/02/04 15:24:11.0750 4068 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/02/04 15:24:11.0781 4068 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/02/04 15:24:11.0828 4068 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/02/04 15:24:11.0859 4068 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/02/04 15:24:11.0875 4068 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/02/04 15:24:11.0984 4068 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/02/04 15:24:12.0046 4068 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/02/04 15:24:12.0078 4068 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/02/04 15:24:12.0140 4068 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/02/04 15:24:12.0171 4068 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/02/04 15:24:12.0234 4068 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/02/04 15:24:12.0281 4068 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/02/04 15:24:12.0312 4068 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/02/04 15:24:12.0421 4068 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/02/04 15:24:12.0500 4068 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/02/04 15:24:12.0828 4068 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/02/04 15:24:12.0875 4068 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/02/04 15:24:12.0906 4068 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/02/04 15:24:13.0078 4068 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/02/04 15:24:13.0109 4068 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/02/04 15:24:13.0125 4068 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/02/04 15:24:13.0156 4068 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/02/04 15:24:13.0187 4068 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/02/04 15:24:13.0281 4068 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/02/04 15:24:13.0312 4068 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/02/04 15:24:13.0359 4068 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/02/04 15:24:13.0437 4068 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/02/04 15:24:13.0500 4068 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/02/04 15:24:13.0562 4068 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/02/04 15:24:13.0593 4068 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/02/04 15:24:13.0656 4068 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/02/04 15:24:13.0703 4068 sfng32 (5fe18fff6fbcf218290042009eab023d) C:\WINDOWS\system32\drivers\sfng32.sys 2011/02/04 15:24:13.0750 4068 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/02/04 15:24:13.0781 4068 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/02/04 15:24:13.0859 4068 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/02/04 15:24:13.0906 4068 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 2011/02/04 15:24:14.0015 4068 STHDA (237ccbfc82b4c98435461972597f29d5) C:\WINDOWS\system32\drivers\sthda.sys 2011/02/04 15:24:14.0078 4068 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/02/04 15:24:14.0109 4068 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/02/04 15:24:14.0375 4068 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/02/04 15:24:14.0453 4068 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/02/04 15:24:14.0484 4068 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/02/04 15:24:14.0531 4068 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/02/04 15:24:14.0578 4068 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/02/04 15:24:14.0703 4068 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/02/04 15:24:14.0781 4068 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/02/04 15:24:14.0875 4068 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/02/04 15:24:14.0921 4068 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/02/04 15:24:14.0953 4068 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/02/04 15:24:15.0031 4068 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/02/04 15:24:15.0078 4068 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/02/04 15:24:15.0125 4068 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/02/04 15:24:15.0187 4068 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/02/04 15:24:15.0250 4068 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/02/04 15:24:15.0328 4068 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/02/04 15:24:15.0421 4068 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/02/04 15:24:15.0484 4068 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys 2011/02/04 15:24:15.0546 4068 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 2011/02/04 15:24:15.0609 4068 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/02/04 15:24:15.0703 4068 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/02/04 15:24:15.0765 4068 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/02/04 15:24:15.0812 4068 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/02/04 15:24:15.0812 4068 ================================================================================ 2011/02/04 15:24:15.0812 4068 Scan finished 2011/02/04 15:24:15.0812 4068 ================================================================================ 2011/02/04 15:24:15.0828 0728 Detected object count: 1 2011/02/04 15:24:41.0625 0728 \HardDisk0 - will be cured after reboot 2011/02/04 15:24:41.0625 0728 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 2011/02/04 15:25:51.0703 0776 Deinitialize success
  6. Ohwhatnow
    TDSSKiller.2.4.16.0_04.02.2011_15.23.58_log.txt DDS2.txt
  7. Ohwhatnow
    For the past two days I've been having problems with obvious spam and computer slowdown and locking. MBAM nor any of my other programs have found any viruses or other issues, however the baloon keeps popping up stating that it is blocking access to a malicious site. There are multiple sites that continually get blocked but how do I clean the PC so the stuff stops running? I followed the instructions on topic #9573 ? and the log files are attached. What do I do next? I really could use some help ark.zip Attach.zip DDS.zip mbam_log_2011_02_04__11_23_28_.txt protection_log_2011_02_04.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.