Jump to content

Recommended Posts

I am going to try and paste the DSSKILLER report but this computer is only letting me do this in safe mode. On regular boot there is nothing. I ran scan with malwarebytes first and removed over 400 threats but still have no access to profiles on regular boot up. No installed programs are showing up on the hard drive although there should be.

08:50:36.0140 2008 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44

08:50:36.0546 2008 ============================================================

08:50:36.0546 2008 Current date / time: 2011/12/01 08:50:36.0546

08:50:36.0546 2008 SystemInfo:

08:50:36.0546 2008

08:50:36.0546 2008 OS Version: 5.1.2600 ServicePack: 3.0

08:50:36.0546 2008 Product type: Workstation

08:50:36.0546 2008 ComputerName: D2V9R3B1

08:50:36.0546 2008 UserName: Administrator

08:50:36.0546 2008 Windows directory: C:\WINDOWS

08:50:36.0562 2008 System windows directory: C:\WINDOWS

08:50:36.0562 2008 Processor architecture: Intel x86

08:50:36.0562 2008 Number of processors: 1

08:50:36.0562 2008 Page size: 0x1000

08:50:36.0562 2008 Boot type: Safe boot with network

08:50:36.0562 2008 ============================================================

08:50:37.0812 2008 Initialize success

08:50:49.0421 0344 ============================================================

08:50:49.0421 0344 Scan started

08:50:49.0421 0344 Mode: Manual;

08:50:49.0421 0344 ============================================================

08:50:50.0953 0344 3a2218be6069456d918bf19750d81532 - ok

08:50:50.0984 0344 Abiosdsk - ok

08:50:51.0031 0344 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

08:50:51.0031 0344 abp480n5 - ok

08:50:51.0093 0344 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

08:50:51.0093 0344 ACPI - ok

08:50:51.0140 0344 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

08:50:51.0140 0344 ACPIEC - ok

08:50:51.0187 0344 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

08:50:51.0187 0344 adpu160m - ok

08:50:51.0234 0344 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

08:50:51.0234 0344 aec - ok

08:50:51.0328 0344 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

08:50:51.0328 0344 AFD - ok

08:50:51.0390 0344 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

08:50:51.0390 0344 agp440 - ok

08:50:51.0421 0344 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

08:50:51.0421 0344 agpCPQ - ok

08:50:51.0468 0344 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

08:50:51.0468 0344 Aha154x - ok

08:50:51.0515 0344 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

08:50:51.0515 0344 aic78u2 - ok

08:50:51.0593 0344 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

08:50:51.0593 0344 aic78xx - ok

08:50:51.0671 0344 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

08:50:51.0671 0344 AliIde - ok

08:50:51.0734 0344 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

08:50:51.0734 0344 alim1541 - ok

08:50:51.0781 0344 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

08:50:51.0781 0344 amdagp - ok

08:50:51.0812 0344 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

08:50:51.0812 0344 amsint - ok

08:50:51.0859 0344 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

08:50:51.0859 0344 asc - ok

08:50:51.0890 0344 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

08:50:51.0890 0344 asc3350p - ok

08:50:51.0937 0344 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

08:50:51.0937 0344 asc3550 - ok

08:50:52.0000 0344 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys

08:50:52.0000 0344 ASCTRM - ok

08:50:52.0125 0344 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

08:50:52.0125 0344 AsyncMac - ok

08:50:52.0171 0344 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

08:50:52.0171 0344 atapi - ok

08:50:52.0203 0344 Atdisk - ok

08:50:52.0250 0344 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

08:50:52.0250 0344 Atmarpc - ok

08:50:52.0312 0344 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

08:50:52.0312 0344 audstub - ok

08:50:52.0375 0344 Avgfwdx (841b0a982065bffc7d7e84009f2fa76f) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys

08:50:52.0390 0344 Avgfwdx - ok

08:50:52.0406 0344 Avgfwfd (841b0a982065bffc7d7e84009f2fa76f) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys

08:50:52.0406 0344 Avgfwfd - ok

08:50:52.0515 0344 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

08:50:52.0515 0344 AVGIDSDriver - ok

08:50:52.0578 0344 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

08:50:52.0578 0344 AVGIDSEH - ok

08:50:52.0640 0344 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

08:50:52.0640 0344 AVGIDSFilter - ok

08:50:52.0671 0344 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

08:50:52.0671 0344 AVGIDSShim - ok

08:50:52.0734 0344 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

08:50:52.0750 0344 Avgldx86 - ok

08:50:52.0812 0344 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

08:50:52.0812 0344 Avgmfx86 - ok

08:50:52.0890 0344 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

08:50:52.0890 0344 Avgrkx86 - ok

08:50:52.0953 0344 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

08:50:52.0953 0344 Avgtdix - ok

08:50:53.0015 0344 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

08:50:53.0015 0344 Beep - ok

08:50:53.0093 0344 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

08:50:53.0093 0344 cbidf - ok

08:50:53.0125 0344 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

08:50:53.0125 0344 cbidf2k - ok

08:50:53.0156 0344 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

08:50:53.0156 0344 cd20xrnt - ok

08:50:53.0218 0344 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

08:50:53.0218 0344 Cdaudio - ok

08:50:53.0281 0344 CDAVFS (18ddfcc4a134b5b75721558ca57636eb) C:\WINDOWS\system32\DRIVERS\CDAVFS.sys

08:50:53.0281 0344 CDAVFS - ok

08:50:53.0359 0344 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

08:50:53.0359 0344 Cdfs - ok

08:50:53.0406 0344 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

08:50:53.0406 0344 Cdrom - ok

08:50:53.0453 0344 Changer - ok

08:50:53.0531 0344 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

08:50:53.0531 0344 CmdIde - ok

08:50:53.0609 0344 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

08:50:53.0609 0344 Cpqarray - ok

08:50:53.0671 0344 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

08:50:53.0671 0344 dac2w2k - ok

08:50:53.0718 0344 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

08:50:53.0718 0344 dac960nt - ok

08:50:53.0828 0344 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

08:50:53.0828 0344 Disk - ok

08:50:53.0890 0344 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

08:50:53.0906 0344 dmboot - ok

08:50:53.0953 0344 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

08:50:53.0953 0344 dmio - ok

08:50:54.0000 0344 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

08:50:54.0000 0344 dmload - ok

08:50:54.0062 0344 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

08:50:54.0078 0344 DMusic - ok

08:50:54.0140 0344 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

08:50:54.0140 0344 dpti2o - ok

08:50:54.0187 0344 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

08:50:54.0187 0344 drmkaud - ok

08:50:54.0265 0344 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys

08:50:54.0265 0344 E100B - ok

08:50:54.0375 0344 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

08:50:54.0375 0344 Fastfat - ok

08:50:54.0437 0344 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

08:50:54.0437 0344 Fdc - ok

08:50:54.0484 0344 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

08:50:54.0484 0344 Fips - ok

08:50:54.0531 0344 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

08:50:54.0531 0344 Flpydisk - ok

08:50:54.0578 0344 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

08:50:54.0578 0344 FltMgr - ok

08:50:54.0625 0344 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

08:50:54.0625 0344 Fs_Rec - ok

08:50:54.0671 0344 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

08:50:54.0671 0344 Ftdisk - ok

08:50:54.0687 0344 GMSIPCI - ok

08:50:54.0750 0344 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

08:50:54.0750 0344 Gpc - ok

08:50:54.0843 0344 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

08:50:54.0859 0344 HDAudBus - ok

08:50:54.0921 0344 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

08:50:54.0921 0344 HidUsb - ok

08:50:54.0984 0344 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

08:50:54.0984 0344 hpn - ok

08:50:55.0031 0344 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

08:50:55.0031 0344 HSFHWBS2 - ok

08:50:55.0109 0344 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

08:50:55.0125 0344 HSF_DP - ok

08:50:55.0203 0344 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

08:50:55.0203 0344 HTTP - ok

08:50:55.0281 0344 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

08:50:55.0281 0344 i2omgmt - ok

08:50:55.0312 0344 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

08:50:55.0312 0344 i2omp - ok

08:50:55.0375 0344 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

08:50:55.0375 0344 i8042prt - ok

08:50:55.0453 0344 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

08:50:55.0468 0344 ialm - ok

08:50:55.0546 0344 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

08:50:55.0546 0344 Imapi - ok

08:50:55.0625 0344 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

08:50:55.0625 0344 ini910u - ok

08:50:55.0687 0344 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

08:50:55.0687 0344 IntelIde - ok

08:50:55.0734 0344 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

08:50:55.0734 0344 intelppm - ok

08:50:55.0796 0344 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

08:50:55.0796 0344 Ip6Fw - ok

08:50:55.0859 0344 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

08:50:55.0859 0344 IpFilterDriver - ok

08:50:55.0906 0344 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

08:50:55.0906 0344 IpInIp - ok

08:50:55.0953 0344 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

08:50:55.0968 0344 IpNat - ok

08:50:56.0015 0344 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

08:50:56.0015 0344 IPSec - ok

08:50:56.0062 0344 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

08:50:56.0062 0344 IRENUM - ok

08:50:56.0125 0344 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

08:50:56.0125 0344 isapnp - ok

08:50:56.0171 0344 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

08:50:56.0187 0344 Kbdclass - ok

08:50:56.0218 0344 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

08:50:56.0218 0344 kbdhid - ok

08:50:56.0250 0344 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

08:50:56.0250 0344 kmixer - ok

08:50:56.0328 0344 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

08:50:56.0328 0344 KSecDD - ok

08:50:56.0406 0344 lbrtfdc - ok

08:50:56.0500 0344 MBAMSwissArmy (0905dc0814d738cff53577a59ccd81e0) C:\WINDOWS\system32\drivers\mbamswissarmy.sys

08:50:56.0500 0344 MBAMSwissArmy - ok

08:50:56.0578 0344 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

08:50:56.0578 0344 mdmxsdk - ok

08:50:56.0625 0344 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

08:50:56.0625 0344 mnmdd - ok

08:50:56.0703 0344 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

08:50:56.0703 0344 Modem - ok

08:50:56.0796 0344 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

08:50:56.0796 0344 MODEMCSA - ok

08:50:56.0828 0344 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

08:50:56.0828 0344 Mouclass - ok

08:50:56.0890 0344 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

08:50:56.0890 0344 mouhid - ok

08:50:56.0953 0344 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

08:50:56.0953 0344 MountMgr - ok

08:50:57.0015 0344 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

08:50:57.0015 0344 mraid35x - ok

08:50:57.0046 0344 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

08:50:57.0046 0344 MRxDAV - ok

08:50:57.0109 0344 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

08:50:57.0125 0344 MRxSmb - ok

08:50:57.0171 0344 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

08:50:57.0171 0344 Msfs - ok

08:50:57.0218 0344 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

08:50:57.0218 0344 MSKSSRV - ok

08:50:57.0296 0344 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

08:50:57.0296 0344 MSPCLOCK - ok

08:50:57.0359 0344 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

08:50:57.0359 0344 MSPQM - ok

08:50:57.0406 0344 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

08:50:57.0406 0344 mssmbios - ok

08:50:57.0468 0344 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

08:50:57.0468 0344 Mup - ok

08:50:57.0546 0344 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

08:50:57.0546 0344 NDIS - ok

08:50:57.0609 0344 NDISRD (1a18f436e4855572260580f4d42c69e8) C:\WINDOWS\system32\drivers\NDISRD.sys

08:50:57.0609 0344 NDISRD - ok

08:50:57.0671 0344 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

08:50:57.0671 0344 NdisTapi - ok

08:50:57.0750 0344 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

08:50:57.0750 0344 Ndisuio - ok

08:50:57.0796 0344 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

08:50:57.0796 0344 NdisWan - ok

08:50:57.0859 0344 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

08:50:57.0859 0344 NDProxy - ok

08:50:57.0906 0344 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

08:50:57.0906 0344 NetBIOS - ok

08:50:57.0953 0344 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

08:50:57.0953 0344 NetBT - ok

08:50:58.0062 0344 NetWorkX (9446d03271baf3496bbd2957d2732fd2) C:\WINDOWS\System32\ckldrv.sys

08:50:58.0062 0344 NetWorkX - ok

08:50:58.0156 0344 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

08:50:58.0156 0344 Npfs - ok

08:50:58.0171 0344 NTACCESS - ok

08:50:58.0218 0344 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

08:50:58.0234 0344 Ntfs - ok

08:50:58.0296 0344 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

08:50:58.0296 0344 Null - ok

08:50:58.0390 0344 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

08:50:58.0437 0344 nv - ok

08:50:58.0468 0344 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

08:50:58.0468 0344 NwlnkFlt - ok

08:50:58.0515 0344 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

08:50:58.0515 0344 NwlnkFwd - ok

08:50:58.0578 0344 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys

08:50:58.0578 0344 NwlnkIpx - ok

08:50:58.0640 0344 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys

08:50:58.0656 0344 NwlnkNb - ok

08:50:58.0687 0344 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys

08:50:58.0687 0344 NwlnkSpx - ok

08:50:58.0734 0344 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

08:50:58.0750 0344 Parport - ok

08:50:58.0796 0344 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

08:50:58.0796 0344 PartMgr - ok

08:50:58.0843 0344 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

08:50:58.0843 0344 ParVdm - ok

08:50:58.0906 0344 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

08:50:58.0906 0344 PCI - ok

08:50:58.0937 0344 PCIDump - ok

08:50:58.0968 0344 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

08:50:58.0968 0344 PCIIde - ok

08:50:59.0000 0344 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

08:50:59.0000 0344 Pcmcia - ok

08:50:59.0031 0344 PDCOMP - ok

08:50:59.0062 0344 PDFRAME - ok

08:50:59.0093 0344 PDRELI - ok

08:50:59.0140 0344 PDRFRAME - ok

08:50:59.0171 0344 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

08:50:59.0171 0344 perc2 - ok

08:50:59.0203 0344 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

08:50:59.0203 0344 perc2hib - ok

08:50:59.0312 0344 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

08:50:59.0312 0344 PptpMiniport - ok

08:50:59.0390 0344 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

08:50:59.0390 0344 PSched - ok

08:50:59.0421 0344 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

08:50:59.0421 0344 Ptilink - ok

08:50:59.0468 0344 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys

08:50:59.0484 0344 PxHelp20 - ok

08:50:59.0531 0344 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

08:50:59.0531 0344 ql1080 - ok

08:50:59.0562 0344 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

08:50:59.0562 0344 Ql10wnt - ok

08:50:59.0593 0344 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

08:50:59.0593 0344 ql12160 - ok

08:50:59.0625 0344 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

08:50:59.0625 0344 ql1240 - ok

08:50:59.0671 0344 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

08:50:59.0671 0344 ql1280 - ok

08:50:59.0718 0344 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

08:50:59.0734 0344 RasAcd - ok

08:50:59.0796 0344 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

08:50:59.0796 0344 Rasl2tp - ok

08:50:59.0875 0344 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

08:50:59.0875 0344 RasPppoe - ok

08:50:59.0937 0344 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

08:50:59.0937 0344 Raspti - ok

08:50:59.0984 0344 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

08:50:59.0984 0344 Rdbss - ok

08:51:00.0031 0344 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

08:51:00.0031 0344 RDPCDD - ok

08:51:00.0093 0344 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

08:51:00.0093 0344 rdpdr - ok

08:51:00.0171 0344 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

08:51:00.0171 0344 RDPWD - ok

08:51:00.0250 0344 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

08:51:00.0265 0344 redbook - ok

08:51:00.0406 0344 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

08:51:00.0406 0344 Secdrv - ok

08:51:00.0500 0344 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

08:51:00.0500 0344 serenum - ok

08:51:00.0546 0344 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

08:51:00.0546 0344 Serial - ok

08:51:00.0562 0344 SetupNTGLM7X - ok

08:51:00.0640 0344 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

08:51:00.0640 0344 Sfloppy - ok

08:51:00.0703 0344 Simbad - ok

08:51:00.0750 0344 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

08:51:00.0750 0344 sisagp - ok

08:51:00.0828 0344 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

08:51:00.0828 0344 Sparrow - ok

08:51:00.0890 0344 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

08:51:00.0890 0344 splitter - ok

08:51:00.0953 0344 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

08:51:00.0953 0344 sr - ok

08:51:01.0046 0344 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

08:51:01.0046 0344 Srv - ok

08:51:01.0125 0344 SSKBFD (9e712f2c395db5316dafef73d2dd9a10) C:\WINDOWS\system32\Drivers\sskbfd.sys

08:51:01.0125 0344 SSKBFD - ok

08:51:01.0203 0344 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys

08:51:01.0218 0344 STHDA - ok

08:51:01.0281 0344 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

08:51:01.0281 0344 StillCam - ok

08:51:01.0343 0344 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

08:51:01.0343 0344 swenum - ok

08:51:01.0390 0344 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

08:51:01.0390 0344 swmidi - ok

08:51:01.0468 0344 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

08:51:01.0484 0344 symc810 - ok

08:51:01.0515 0344 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

08:51:01.0515 0344 symc8xx - ok

08:51:01.0546 0344 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

08:51:01.0546 0344 sym_hi - ok

08:51:01.0578 0344 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

08:51:01.0578 0344 sym_u3 - ok

08:51:01.0625 0344 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

08:51:01.0625 0344 sysaudio - ok

08:51:01.0703 0344 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

08:51:01.0734 0344 Tcpip - ok

08:51:01.0812 0344 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

08:51:01.0812 0344 TDPIPE - ok

08:51:01.0890 0344 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

08:51:01.0890 0344 TDTCP - ok

08:51:01.0937 0344 TermDD (dd02d84bfcecc43f98187b18484b7379) C:\WINDOWS\system32\DRIVERS\termdd.sys

08:51:01.0937 0344 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\termdd.sys. Real md5: dd02d84bfcecc43f98187b18484b7379, Fake md5: 6568d7bf6fdb5b64d89ed7d1aca2bae9

08:51:01.0937 0344 TermDD ( ForgedFile.Multi.Generic ) - warning

08:51:01.0937 0344 TermDD - detected ForgedFile.Multi.Generic (1)

08:51:02.0015 0344 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

08:51:02.0015 0344 TosIde - ok

08:51:02.0078 0344 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

08:51:02.0078 0344 Udfs - ok

08:51:02.0125 0344 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

08:51:02.0125 0344 ultra - ok

08:51:02.0171 0344 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

08:51:02.0171 0344 Update - ok

08:51:02.0296 0344 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

08:51:02.0296 0344 usbccgp - ok

08:51:02.0359 0344 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

08:51:02.0359 0344 usbehci - ok

08:51:02.0390 0344 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

08:51:02.0406 0344 usbhub - ok

08:51:02.0437 0344 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

08:51:02.0437 0344 usbprint - ok

08:51:02.0468 0344 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

08:51:02.0468 0344 usbscan - ok

08:51:02.0515 0344 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

08:51:02.0531 0344 USBSTOR - ok

08:51:02.0562 0344 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

08:51:02.0562 0344 usbuhci - ok

08:51:02.0609 0344 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

08:51:02.0609 0344 VgaSave - ok

08:51:02.0671 0344 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

08:51:02.0671 0344 viaagp - ok

08:51:02.0718 0344 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

08:51:02.0718 0344 ViaIde - ok

08:51:02.0781 0344 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

08:51:02.0796 0344 VolSnap - ok

08:51:02.0875 0344 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

08:51:02.0875 0344 Wanarp - ok

08:51:02.0906 0344 wanatw - ok

08:51:02.0937 0344 WDICA - ok

08:51:02.0984 0344 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

08:51:02.0984 0344 wdmaud - ok

08:51:03.0046 0344 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

08:51:03.0062 0344 winachsf - ok

08:51:03.0218 0344 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys

08:51:03.0218 0344 WpdUsb - ok

08:51:03.0296 0344 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

08:51:03.0296 0344 WS2IFSL - ok

08:51:03.0390 0344 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

08:51:03.0390 0344 WudfPf - ok

08:51:03.0437 0344 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

08:51:03.0437 0344 WudfRd - ok

08:51:03.0531 0344 MBR (0x1B8) (f51c82bcb7c56a0ed52f3e32d2d53ec2) \Device\Harddisk0\DR0

08:51:03.0531 0344 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected

08:51:03.0531 0344 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)

08:51:03.0546 0344 Boot (0x1200) (39e835b50007b188daac43d3cb69aa77) \Device\Harddisk0\DR0\Partition0

08:51:03.0546 0344 \Device\Harddisk0\DR0\Partition0 - ok

08:51:03.0593 0344 Boot (0x1200) (076d96827a3f5fe3f94bce8384f0fb9b) \Device\Harddisk0\DR0\Partition1

08:51:03.0593 0344 \Device\Harddisk0\DR0\Partition1 - ok

08:51:03.0609 0344 ============================================================

08:51:03.0609 0344 Scan finished

08:51:03.0609 0344 ============================================================

08:51:03.0640 1648 Detected object count: 2

08:51:03.0640 1648 Actual detected object count: 2

08:51:28.0187 1648 C:\WINDOWS\system32\DRIVERS\termdd.sys - copied to quarantine

08:51:28.0187 1648 TermDD ( ForgedFile.Multi.Generic ) - User select action: Quarantine

08:51:28.0234 1648 \Device\Harddisk0\DR0 - processing error

08:51:47.0937 1648 \Device\Harddisk0\DR0 - will be restored on reboot

08:51:47.0937 1648 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure Restore

08:51:58.0250 1188 Deinitialize success

any help would be appreciated.

Link to post
Share on other sites

Ok I am going to show you the hijack this log and maybe this info will help.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 5:38:01 PM, on 12/1/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Safe mode with network support

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=17

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: CyberDefender-TB Toolbar - {ffb11c0c-da90-4969-a995-8dca2e0fc10a} - C:\Program Files\CyberDefender-TB\prxtbCybe.dll

O1 - Hosts: 94.247.2.216 www.google.com

O1 - Hosts: 94.247.2.216 search.yahoo.com

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: StartNow Toolbar Helper - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll

O2 - BHO: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\david brasket\Local Settings\Application Data\CyberDefender\cdmyidd.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: CyberDefender-TB - {ffb11c0c-da90-4969-a995-8dca2e0fc10a} - C:\Program Files\CyberDefender-TB\prxtbCybe.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\david brasket\Local Settings\Application Data\CyberDefender\cdmyidd.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)

O3 - Toolbar: StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll

O3 - Toolbar: CyberDefender-TB Toolbar - {ffb11c0c-da90-4969-a995-8dca2e0fc10a} - C:\Program Files\CyberDefender-TB\prxtbCybe.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Rgemes] rundll32.exe "C:\WINDOWS\awomipusovomado.dll",Startup

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"

O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"

O4 - HKLM\..\Run: [LexPPS.exe] C:\WINDOWS\system32\lexpps.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [RDReminder] C:\Program Files\RegClean Pro\RegCleanPro.exe -rem

O4 - HKCU\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\_cdas14.exe" /minimize

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10o_ActiveX.exe -update activex

O4 - HKLM\..\Policies\Explorer\Run: []

O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://myvpn.utmb.edu/dana-cached/sc/JuniperSetupClient.cab

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: CyberDefender Launcher (CDLauncher) - CyberDefender Corp. - C:\Program Files\CyberDefender\AntiSpyware\CDLauncherWS.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: CrypKey License - CrypKey (Canada) Ltd. - C:\WINDOWS\system32\crypserv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: Updater Service for StartNow Toolbar - Unknown owner - C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe

O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe

This is a friends computer that I am trying to repair but I have never seen one that I could only access the desk top in safe mode and logged on as administrator. If I log on with the other user accounts there is nothing showing in either the C or D drive. D drive is apparently their back up drive. There is also a warning message stating that the D drive is low on space and needs to be cleaned out. But when I try to access it there is nothing coming up. Any ideas would be great.

Link to post
Share on other sites

and here is the latest scan results from Malwarebytes

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8288

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

12/1/2011 6:28:58 PM

mbam-log-2011-12-01 (18-28-58).txt

Scan type: Quick scan

Objects scanned: 210775

Time elapsed: 2 minute(s), 28 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebyes.

Bumping your topic makes it seem like you are already being helped, and as you've noticed, you were overlooked because of it.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8302

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

12/3/2011 8:07:28 PM

mbam-log-2011-12-03 (20-07-28).txt

Scan type: Quick scan

Objects scanned: 210747

Time elapsed: 2 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK

Internet Explorer: 8.0.6001.18702

Run by Administrator at 20:09:22 on 2011-12-03

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.282 [GMT -6:00]

.

AV: CyberDefender Internet Security *Enabled/Updated* {7EBA18CB-8286-47B2-AB0D-A53FCE2405A4}

FW: AVG Firewall *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/?ilc=17

uSearch Page = hxxp://www.google.com/hws/sb/dell-inc-rel/en/side.html?channel=us

uSearch Bar = hxxp://www.google.com/hws/sb/dell-inc-rel/en/side.html?channel=us

uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc-rel&channel=us

uURLSearchHooks: CyberDefender-TB Toolbar: {ffb11c0c-da90-4969-a995-8dca2e0fc10a} - c:\program files\cyberdefender-tb\prxtbCybe.dll

mURLSearchHooks: H - No File

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll

BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll

BHO: MyIdentityDefender: {a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} - c:\documents and settings\david brasket\local settings\application data\cyberdefender\cdmyidd.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: CyberDefender-TB Toolbar: {ffb11c0c-da90-4969-a995-8dca2e0fc10a} - c:\program files\cyberdefender-tb\prxtbCybe.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

TB: MyIdentityDefender: {a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} - c:\documents and settings\david brasket\local settings\application data\cyberdefender\cdmyidd.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: {95B7759C-8C7F-4BF1-B163-73684A933233} - No File

TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll

TB: CyberDefender-TB Toolbar: {ffb11c0c-da90-4969-a995-8dca2e0fc10a} - c:\program files\cyberdefender-tb\prxtbCybe.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar6.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [RDReminder] c:\program files\regclean pro\RegCleanPro.exe -rem

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

mRun: [LexPPS.exe] c:\windows\system32\lexpps.exe

dRunOnce: [<NO NAME>]

mExplorerRun: [<NO NAME>] 1 (0x1)

IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html

IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html

IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll

IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://myvpn.utmb.edu/dana-cached/sc/JuniperSetupClient.cab

TCP: DhcpNameServer = 209.55.5.10 209.55.5.11

TCP: Interfaces\{590F773E-FD52-4D9A-A562-10170849CB17} : DhcpNameServer = 209.55.5.10 209.55.5.11

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\8.0.1\ViProtocol.dll

Notify: igfxcui - igfxdev.dll

Notify: WRNotifier - WRLogonNTF.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, IcyuqzivVomd.dll

Hosts: 94.247.2.216 www.google.com

Hosts: 94.247.2.216 search.yahoo.com

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 295248]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2011-5-23 30944]

S0 3a2218be6069456d918bf19750d81532;3a2218be6069456d918bf19750d81532;c:\windows\system32\3a2218be6069456d918bf19750d81532.sys --> c:\windows\system32\3a2218be6069456d918bf19750d81532.sys [?]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 230608]

S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016]

S2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2011-10-24 2398512]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]

S2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]

S2 CDLauncher;CyberDefender Launcher;c:\program files\cyberdefender\antispyware\CDLauncherWS.exe [2011-11-23 181760]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2011-4-17 94880]

S2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2011-7-27 267488]

S2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\8.0.1\ToolbarUpdater.exe [2011-10-9 246600]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2011-5-23 30944]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720]

S3 CDAVFS;CDAVFS;c:\windows\system32\drivers\CDAVFS.sys [2011-11-23 96200]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]

.

=============== Created Last 30 ================

.

2011-12-02 01:25:18 -------- d-----w- c:\program files\CCleaner

2011-12-01 14:51:28 -------- d-----w- C:\TDSSKiller_Quarantine

2011-11-30 01:53:22 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes

2011-11-30 01:53:18 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-11-30 01:53:15 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-30 01:53:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-11-30 01:43:03 21504 ----a-w- c:\windows\system32\hidserv.dll

2011-11-23 14:54:54 -------- d--h--w- c:\documents and settings\administrator\application data\Sammsoft

2011-11-23 14:54:45 -------- d-----w- c:\program files\ARO 2011

2011-11-23 13:43:28 -------- d--h--w- c:\program files\Conduit

2011-11-23 13:43:27 -------- d--h--w- c:\documents and settings\administrator\local settings\application data\CyberDefender-TB

2011-11-23 13:43:26 -------- d--h--w- c:\documents and settings\administrator\local settings\application data\Temp

2011-11-23 13:43:26 -------- d--h--w- c:\documents and settings\administrator\local settings\application data\Conduit

2011-11-23 13:43:24 -------- d--h--w- c:\program files\CyberDefender-TB

2011-11-23 13:40:11 96200 ---ha-w- c:\windows\system32\drivers\CDAVFS.sys

2011-11-23 13:40:07 -------- d--h--w- c:\program files\CyberDefender

2011-11-23 13:30:57 -------- d--h--w- c:\program files\StartNow Toolbar

2011-11-23 13:30:45 -------- d--h--w- c:\program files\YTDSETUP

2011-11-23 13:30:41 -------- d--h--w- c:\documents and settings\administrator\application data\Systweak

2011-11-23 13:30:36 17280 ---ha-w- c:\windows\system32\roboot.exe

2011-11-23 13:30:34 -------- d--h--w- c:\program files\RegClean Pro

2011-11-22 01:43:12 -------- d-sh--w- c:\documents and settings\administrator\IECompatCache

2011-11-21 23:26:00 -------- d-sh--w- c:\documents and settings\administrator\PrivacIE

2011-11-19 13:44:48 13824 ---ha-w- c:\windows\system32\IcyuqzivVomd.dll

2011-11-10 01:22:54 -------- d--h--w- c:\windows\system32\cache

.

==================== Find3M ====================

.

2011-11-06 15:33:20 56 -csh--r- c:\windows\system32\7E64D9B22B.sys

2011-11-06 15:33:20 4184 -csha-w- c:\windows\system32\KGyGaAvL.sys

2011-10-10 14:22:41 692736 ---ha-w- c:\windows\system32\inetcomm.dll

2011-10-07 11:23:48 230608 ---ha-w- c:\windows\system32\drivers\avgldx86.sys

2011-10-04 11:21:42 16720 ---ha-w- c:\windows\system32\drivers\AVGIDSShim.sys

2011-09-28 07:06:50 599040 ---ha-w- c:\windows\system32\crypt32.dll

2011-09-26 16:41:20 611328 ---h--w- c:\windows\system32\uiautomationcore.dll

2011-09-26 16:41:20 220160 ---ha-w- c:\windows\system32\oleacc.dll

2011-09-26 16:41:14 20480 ---ha-w- c:\windows\system32\oleaccrc.dll

2011-09-13 11:30:10 32592 ---ha-w- c:\windows\system32\drivers\avgrkx86.sys

2011-09-06 13:20:51 1858944 ---ha-w- c:\windows\system32\win32k.sys

.

============= FINISH: 20:09:57.25 ===============

Link to post
Share on other sites

Well some good news already. At least I am able to log onto my friends profile on a regular startup not safe mode. Here is the ComboFix log.

ComboFix 11-12-09.04 - Administrator 12/09/2011 22:28:51.1.1 - x86 NETWORK

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.347 [GMT -6:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\david brasket\Local Settings\Application Data\{F59CBED4-DD02-41D7-A77C-A8C7368E10A1}

c:\documents and settings\david brasket\Local Settings\Application Data\{F59CBED4-DD02-41D7-A77C-A8C7368E10A1}\chrome.manifest

c:\documents and settings\david brasket\Local Settings\Application Data\{F59CBED4-DD02-41D7-A77C-A8C7368E10A1}\chrome\content\_cfg.js

c:\documents and settings\david brasket\Local Settings\Application Data\{F59CBED4-DD02-41D7-A77C-A8C7368E10A1}\chrome\content\overlay.xul

c:\documents and settings\david brasket\Local Settings\Application Data\{F59CBED4-DD02-41D7-A77C-A8C7368E10A1}\install.rdf

c:\documents and settings\david brasket\Start Menu\Programs\System Fix

c:\documents and settings\david brasket\Start Menu\Programs\System Fix\System Fix.lnk

c:\documents and settings\david brasket\Start Menu\Programs\System Fix\Uninstall System Fix.lnk

c:\documents and settings\jodie Casteel.D2V9R3B1\Start Menu\Programs\System Fix

c:\documents and settings\jodie Casteel.D2V9R3B1\Start Menu\Programs\System Fix\System Fix.lnk

c:\documents and settings\jodie Casteel.D2V9R3B1\Start Menu\Programs\System Fix\Uninstall System Fix.lnk

c:\documents and settings\jodie casteel\WINDOWS

c:\program files\Common Files\Uninstall

c:\program files\StartNow Toolbar

c:\program files\StartNow Toolbar\Resources\images\engine_images.png

c:\program files\StartNow Toolbar\Resources\images\engine_maps.png

c:\program files\StartNow Toolbar\Resources\images\engine_news.png

c:\program files\StartNow Toolbar\Resources\images\engine_videos.png

c:\program files\StartNow Toolbar\Resources\images\engine_web.png

c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png

c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png

c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png

c:\program files\StartNow Toolbar\Resources\images\icon_games.png

c:\program files\StartNow Toolbar\Resources\images\icon_msn.png

c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png

c:\program files\StartNow Toolbar\Resources\images\icon_travel.png

c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png

c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png

c:\program files\StartNow Toolbar\Resources\installer.xml

c:\program files\StartNow Toolbar\Resources\protect\index.html

c:\program files\StartNow Toolbar\Resources\protect\NotIE6.css

c:\program files\StartNow Toolbar\Resources\protect\OnlyIE6.css

c:\program files\StartNow Toolbar\Resources\protect\SearchProtectIcon.png

c:\program files\StartNow Toolbar\Resources\protect\window.css

c:\program files\StartNow Toolbar\Resources\protect\window.js

c:\program files\StartNow Toolbar\Resources\reactivate\index.html

c:\program files\StartNow Toolbar\Resources\reactivate\LeftImage.png

c:\program files\StartNow Toolbar\Resources\reactivate\NotIE6.css

c:\program files\StartNow Toolbar\Resources\reactivate\OnlyIE6.css

c:\program files\StartNow Toolbar\Resources\reactivate\window.css

c:\program files\StartNow Toolbar\Resources\reactivate\window.js

c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png

c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png

c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png

c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png

c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png

c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png

c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png

c:\program files\StartNow Toolbar\Resources\skin\separator.png

c:\program files\StartNow Toolbar\Resources\skin\splitter.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png

c:\program files\StartNow Toolbar\Resources\toolbar.xml

c:\program files\StartNow Toolbar\Resources\update.xml

c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe

c:\program files\StartNow Toolbar\Toolbar32.dll

c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe

c:\program files\StartNow Toolbar\uninstall.dat

c:\windows\Downloaded Program Files\f3initialsetup1.2.5.7.inf

c:\windows\system32\Cache

c:\windows\system32\Cache\272512937d9e61a4.fb

c:\windows\system32\Cache\287204568329e189.fb

c:\windows\system32\Cache\28bc8f716fd76a47.fb

c:\windows\system32\Cache\2c53092c95605355.fb

c:\windows\system32\Cache\3917078cb68ec657.fb

c:\windows\system32\Cache\590ba23ce359fd0c.fb

c:\windows\system32\Cache\610289e025a3ee9a.fb

c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb

c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb

c:\windows\system32\Cache\ad10a52aff5e038d.fb

c:\windows\system32\Cache\d201ef9910cd39de.fb

c:\windows\system32\Cache\d2e94710a5708128.fb

c:\windows\system32\Cache\d79b9dfe81484ec4.fb

c:\windows\system32\Cache\f6918700d985da27.fb

c:\windows\system32\ndisapi.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_MYWEBSEARCHSERVICE

-------\Legacy_Updater_Service_for_StartNow_Toolbar

-------\Legacy_Updater_Service_for_StartNow_Toolbar

-------\Service_Updater Service for StartNow Toolbar

-------\Service_Updater Service for StartNow Toolbar

.

.

((((((((((((((((((((((((( Files Created from 2011-11-10 to 2011-12-10 )))))))))))))))))))))))))))))))

.

.

2011-12-02 01:25 . 2011-12-02 01:25 -------- d-----w- c:\program files\CCleaner

2011-12-01 14:51 . 2011-12-01 14:51 -------- d-----w- C:\TDSSKiller_Quarantine

2011-11-30 01:53 . 2011-11-30 01:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-11-30 01:53 . 2011-11-30 01:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-11-30 01:53 . 2011-08-31 23:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-30 01:43 . 2008-04-14 01:11 21504 ----a-w- c:\windows\system32\hidserv.dll

2011-11-23 15:32 . 2011-12-04 02:40 -------- d-----w- c:\documents and settings\jodie Casteel.D2V9R3B1

2011-11-23 14:54 . 2011-11-23 15:55 -------- d-----w- c:\program files\ARO 2011

2011-11-23 13:43 . 2011-11-23 13:43 -------- d--h--w- c:\program files\Conduit

2011-11-23 13:43 . 2011-11-23 14:24 -------- d--h--w- c:\program files\CyberDefender-TB

2011-11-23 13:40 . 2011-11-23 13:39 96200 ---ha-w- c:\windows\system32\drivers\CDAVFS.sys

2011-11-23 13:40 . 2011-12-10 04:21 -------- d--h--w- c:\program files\CyberDefender

2011-11-23 13:30 . 2011-11-30 02:39 -------- d--h--w- c:\program files\YTDSETUP

2011-11-23 13:30 . 2011-09-30 21:37 17280 ---ha-w- c:\windows\system32\roboot.exe

2011-11-23 13:30 . 2011-11-23 13:30 -------- d--h--w- c:\program files\RegClean Pro

2011-11-21 23:25 . 2011-12-05 10:44 -------- d--h--w- c:\documents and settings\Administrator

2011-11-19 13:44 . 2011-11-19 13:44 13824 ---ha-w- c:\windows\system32\IcyuqzivVomd.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-10 14:22 . 2004-08-10 18:02 692736 ---ha-w- c:\windows\system32\inetcomm.dll

2011-10-07 11:23 . 2010-09-07 09:48 230608 ---ha-w- c:\windows\system32\drivers\avgldx86.sys

2011-10-04 11:21 . 2010-08-20 02:42 16720 ---ha-w- c:\windows\system32\drivers\AVGIDSShim.sys

2011-09-28 07:06 . 2004-08-10 17:50 599040 ---ha-w- c:\windows\system32\crypt32.dll

2011-09-26 16:41 . 2011-09-26 16:41 611328 ---h--w- c:\windows\system32\uiautomationcore.dll

2011-09-26 16:41 . 2004-08-10 17:51 220160 ---ha-w- c:\windows\system32\oleacc.dll

2011-09-26 16:41 . 2004-08-10 17:51 20480 ---ha-w- c:\windows\system32\oleaccrc.dll

2011-09-13 11:30 . 2010-09-07 09:48 32592 ---ha-w- c:\windows\system32\drivers\avgrkx86.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}]

2010-07-25 17:48 3958088 ---ha-w- c:\documents and settings\david brasket\Local Settings\Application Data\CyberDefender\cdmyidd.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2011-08-24 02:20 1515688 ---ha-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffb11c0c-da90-4969-a995-8dca2e0fc10a}]

2011-05-09 08:49 176936 ---ha-w- c:\program files\CyberDefender-TB\prxtbCybe.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}"= "c:\documents and settings\david brasket\Local Settings\Application Data\CyberDefender\cdmyidd.dll" [2010-07-25 3958088]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]

"{ffb11c0c-da90-4969-a995-8dca2e0fc10a}"= "c:\program files\CyberDefender-TB\prxtbCybe.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6}]

[HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{CD24EB02-9831-4838-99D0-726D411B1328}]

[HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CLASSES_ROOT\clsid\{ffb11c0c-da90-4969-a995-8dca2e0fc10a}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]

"{FFB11C0C-DA90-4969-A995-8DCA2E0FC10A}"= "c:\program files\CyberDefender-TB\prxtbCybe.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CLASSES_ROOT\clsid\{ffb11c0c-da90-4969-a995-8dca2e0fc10a}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-10-09 218440]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]

"<NO NAME>"="1 (0x1)" [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.sys

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, IcyuqzivVomd.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-02-27 22:10 35696 ---ha-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]

2011-08-24 02:20 887976 ---ha-w- c:\program files\Ask.com\Updater\Updater.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]

2011-04-10 23:03 235168 ---ha-w- c:\windows\system32\Macromed\Flash\FlashUtil10o_ActiveX.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2005-06-10 15:44 249856 -c-ha-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2005-06-10 15:44 81920 ---ha-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LexPPS.exe]

2003-02-17 22:00 174592 ---ha-w- c:\windows\system32\LEXPPS.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

2005-09-09 00:20 110592 -c-ha-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2006-09-01 20:57 282624 ---ha-w- c:\program files\QuickTime\qttask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\WINDOWS\\system32\\LEXPPS.EXE"=

"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 3:27 PM 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 3:48 AM 230608]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/9/2010 10:20 PM 295248]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 5:09 AM 192776]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [4/17/2011 7:29 PM 94880]

R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [10/9/2011 8:14 AM 246600]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [5/23/2011 12:03 AM 30944]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 8:42 PM 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 8:42 PM 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 8:42 PM 16720]

S0 3a2218be6069456d918bf19750d81532;3a2218be6069456d918bf19750d81532;c:\windows\system32\3a2218be6069456d918bf19750d81532.sys --> c:\windows\system32\3a2218be6069456d918bf19750d81532.sys [?]

S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [10/24/2011 7:29 PM 2398512]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 5:25 AM 4433248]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [5/23/2011 12:03 AM 30944]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 6:49 AM 227232]

S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - NDISRD

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-23 c:\windows\Tasks\ARO 2011.job

- c:\program files\ARO 2011\ARO.exe [2011-11-23 16:40]

.

2011-08-30 c:\windows\Tasks\Disk Cleanup.job

- c:\windows\system32\cleanmgr.exe [2004-08-10 00:12]

.

2011-12-02 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\program files\Ask.com\UpdateTask.exe [2011-08-24 02:20]

.

2011-12-10 c:\windows\Tasks\User_Feed_Synchronization-{4B6226F8-AEBA-4D31-B85A-4ADF254F6942}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]

.

2011-11-20 c:\windows\Tasks\Windows Update.job

- c:\windows\system32\wupdmgr.exe [2004-08-10 10:00]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc-rel&channel=us

IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html

IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html

IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html

IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html

IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html

IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html

TCP: DhcpNameServer = 209.55.5.10 209.55.5.11

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)

SafeBoot-90362683.sys

MSConfigStartUp-CyberDefender Early Detection Center - c:\program files\CyberDefender\AntiSpyware\_cdas14.exe

AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-09 22:41

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(972)

c:\program files\Bonjour\mdnsNSP.dll

.

- - - - - - - > 'explorer.exe'(3084)

c:\windows\system32\WININET.dll

c:\progra~1\mcafee\SITEAD~1\saHook.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\LEXBCES.EXE

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\crypserv.exe

c:\windows\system32\fxssvc.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2011-12-09 22:48:10 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-10 04:48

.

Pre-Run: 46,790,045,696 bytes free

Post-Run: 46,166,040,576 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - CFF145FE8B43A2B5C23F694A15D47D03

Link to post
Share on other sites

And the new dds scan

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by jodie Casteel at 13:50:04 on 2011-12-10

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.54 [GMT -6:00]

.

AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Firewall *Enabled*

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\AVG\AVG2012\avgfws.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\crypserv.exe

c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\AVG\AVG2012\avgemcx.exe

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\AVG\AVG2012\avgscanx.exe

C:\Program Files\AVG\AVG2012\avgmfapx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc-rel&channel=us

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

mURLSearchHooks: H - No File

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll

BHO: MyIdentityDefender: {a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} - c:\documents and settings\david brasket\local settings\application data\cyberdefender\cdmyidd.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: CyberDefender-TB Toolbar: {ffb11c0c-da90-4969-a995-8dca2e0fc10a} - c:\program files\cyberdefender-tb\prxtbCyb0.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

TB: MyIdentityDefender: {a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} - c:\documents and settings\david brasket\local settings\application data\cyberdefender\cdmyidd.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: CyberDefender-TB Toolbar: {ffb11c0c-da90-4969-a995-8dca2e0fc10a} - c:\program files\cyberdefender-tb\prxtbCyb0.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar6.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

mExplorerRun: [<NO NAME>] 1 (0x1)

IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html

IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html

IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll

IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://myvpn.utmb.edu/dana-cached/sc/JuniperSetupClient.cab

TCP: DhcpNameServer = 209.55.5.10 209.55.5.11

TCP: Interfaces\{590F773E-FD52-4D9A-A562-10170849CB17} : DhcpNameServer = 209.55.5.10 209.55.5.11

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\8.0.1\ViProtocol.dll

Notify: igfxcui - igfxdev.dll

Notify: WRNotifier - WRLogonNTF.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, IcyuqzivVomd.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 230608]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 295248]

R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2011-10-24 2398512]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2011-4-17 94880]

R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\8.0.1\ToolbarUpdater.exe [2011-10-9 246600]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2011-5-23 30944]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720]

S0 3a2218be6069456d918bf19750d81532;3a2218be6069456d918bf19750d81532;c:\windows\system32\3a2218be6069456d918bf19750d81532.sys --> c:\windows\system32\3a2218be6069456d918bf19750d81532.sys [?]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2011-5-23 30944]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]

.

=============== Created Last 30 ================

.

2011-12-10 04:26:29 -------- d-sha-r- C:\cmdcons

2011-12-10 04:23:15 98816 ----a-w- c:\windows\sed.exe

2011-12-10 04:23:15 518144 ----a-w- c:\windows\SWREG.exe

2011-12-10 04:23:15 256000 ----a-w- c:\windows\PEV.exe

2011-12-10 04:23:15 208896 ----a-w- c:\windows\MBR.exe

2011-12-10 04:11:16 -------- d-----w- c:\windows\pss

2011-12-02 01:25:18 -------- d-----w- c:\program files\CCleaner

2011-12-01 14:51:28 -------- d-----w- C:\TDSSKiller_Quarantine

2011-11-30 02:09:34 -------- d-----w- c:\documents and settings\jodie casteel.d2v9r3b1\application data\Malwarebytes

2011-11-30 01:53:18 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-11-30 01:53:15 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-30 01:53:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-11-30 01:43:03 21504 ----a-w- c:\windows\system32\hidserv.dll

2011-11-23 15:37:16 -------- d-----w- c:\documents and settings\jodie casteel.d2v9r3b1\local settings\application data\Conduit

2011-11-23 15:37:09 -------- d-sh--w- c:\documents and settings\jodie casteel.d2v9r3b1\PrivacIE

2011-11-23 15:37:09 -------- d-----w- c:\documents and settings\jodie casteel.d2v9r3b1\local settings\application data\AskToolbar

2011-11-23 15:37:05 -------- d-----w- c:\documents and settings\jodie casteel.d2v9r3b1\local settings\application data\CyberDefender-TB

2011-11-23 15:36:58 -------- d-----w- c:\documents and settings\jodie casteel.d2v9r3b1\application data\Sammsoft

2011-11-23 15:36:46 -------- d-----w- c:\documents and settings\jodie casteel.d2v9r3b1\application data\AVG2012

2011-11-23 15:34:27 -------- d-sh--w- c:\documents and settings\jodie casteel.d2v9r3b1\IETldCache

2011-11-23 14:54:45 -------- d-----w- c:\program files\ARO 2011

2011-11-23 13:43:28 -------- d-----w- c:\program files\Conduit

2011-11-23 13:43:24 -------- d-----w- c:\program files\CyberDefender-TB

2011-11-23 13:40:11 96200 ----a-w- c:\windows\system32\drivers\CDAVFS.sys

2011-11-23 13:40:07 -------- d-----w- c:\program files\CyberDefender

2011-11-23 13:30:45 -------- d-----w- c:\program files\YTDSETUP

2011-11-23 13:30:36 17280 ----a-w- c:\windows\system32\roboot.exe

2011-11-23 13:30:34 -------- d-----w- c:\program files\RegClean Pro

.

==================== Find3M ====================

.

2011-12-10 06:22:33 56 -csh--r- c:\windows\system32\7E64D9B22B.sys

2011-12-10 06:22:33 4184 -csha-w- c:\windows\system32\KGyGaAvL.sys

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-07 11:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2011-10-04 11:21:42 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 16:41:20 611328 ------w- c:\windows\system32\uiautomationcore.dll

2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-13 11:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

.

============= FINISH: 13:53:46.15 ===============

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.