Jump to content

Recommended Posts

Hello David and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

In your next post, please include:

  • TDSSKiller log
  • ComboFix log

Link to post
Share on other sites

17:04:02.0343 3140 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57

17:04:02.0359 3140 ============================================================

17:04:02.0359 3140 Current date / time: 2012/02/12 17:04:02.0359

17:04:02.0359 3140 SystemInfo:

17:04:02.0359 3140

17:04:02.0359 3140 OS Version: 5.1.2600 ServicePack: 3.0

17:04:02.0359 3140 Product type: Workstation

17:04:02.0359 3140 ComputerName: PAGGY-DESKTOP

17:04:02.0359 3140 UserName: David

17:04:02.0359 3140 Windows directory: C:\WINDOWS

17:04:02.0359 3140 System windows directory: C:\WINDOWS

17:04:02.0359 3140 Processor architecture: Intel x86

17:04:02.0359 3140 Number of processors: 2

17:04:02.0359 3140 Page size: 0x1000

17:04:02.0359 3140 Boot type: Normal boot

17:04:02.0359 3140 ============================================================

17:04:08.0078 3140 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

17:04:08.0093 3140 \Device\Harddisk0\DR0:

17:04:08.0093 3140 MBR used

17:04:08.0093 3140 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x937661A

17:04:08.0109 3140 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9376698, BlocksNum 0xF32BDC1

17:04:08.0609 3140 Initialize success

17:04:08.0609 3140 ============================================================

17:04:14.0593 2636 ============================================================

17:04:14.0593 2636 Scan started

17:04:14.0593 2636 Mode: Manual; SigCheck; TDLFS;

17:04:14.0593 2636 ============================================================

17:04:17.0703 2636 .ipsec - ok

17:04:17.0718 2636 .netbt - ok

17:04:20.0734 2636 Abiosdsk - ok

17:04:21.0390 2636 abp480n5 - ok

17:04:22.0609 2636 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

17:04:29.0000 2636 ACPI - ok

17:04:29.0359 2636 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

17:04:29.0531 2636 ACPIEC - ok

17:04:30.0437 2636 adpu160m - ok

17:04:31.0046 2636 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

17:04:31.0390 2636 aec - ok

17:04:31.0953 2636 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

17:04:32.0093 2636 AFD - ok

17:04:32.0265 2636 Aha154x - ok

17:04:32.0468 2636 aic78u2 - ok

17:04:32.0687 2636 aic78xx - ok

17:04:32.0828 2636 AliIde - ok

17:04:32.0968 2636 amsint - ok

17:04:33.0203 2636 ANIO (920298c7aef97d8168d219d35975d295) C:\WINDOWS\system32\ANIO.SYS

17:04:33.0265 2636 ANIO ( UnsignedFile.Multi.Generic ) - warning

17:04:33.0265 2636 ANIO - detected UnsignedFile.Multi.Generic (1)

17:04:33.0515 2636 asc - ok

17:04:33.0593 2636 asc3350p - ok

17:04:33.0703 2636 asc3550 - ok

17:04:34.0781 2636 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

17:04:34.0953 2636 AsyncMac - ok

17:04:38.0500 2636 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

17:04:38.0718 2636 atapi - ok

17:04:39.0515 2636 Atdisk - ok

17:04:39.0671 2636 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

17:04:39.0859 2636 Atmarpc - ok

17:04:40.0015 2636 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

17:04:40.0156 2636 audstub - ok

17:04:40.0406 2636 b57w2k (d0692f7b8217e3b82d2bfac535816117) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

17:04:40.0531 2636 b57w2k - ok

17:04:40.0843 2636 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

17:04:41.0031 2636 Beep - ok

17:04:41.0218 2636 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

17:04:41.0359 2636 cbidf2k - ok

17:04:41.0468 2636 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

17:04:41.0609 2636 CCDECODE - ok

17:04:41.0703 2636 cd20xrnt - ok

17:04:41.0750 2636 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

17:04:41.0921 2636 Cdaudio - ok

17:04:41.0953 2636 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

17:04:42.0109 2636 Cdfs - ok

17:04:42.0140 2636 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

17:04:42.0312 2636 Cdrom - ok

17:04:42.0328 2636 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys

17:04:42.0390 2636 cercsr6 ( UnsignedFile.Multi.Generic ) - warning

17:04:42.0390 2636 cercsr6 - detected UnsignedFile.Multi.Generic (1)

17:04:42.0390 2636 Changer - ok

17:04:42.0406 2636 CmdIde - ok

17:04:42.0421 2636 Cpqarray - ok

17:04:42.0437 2636 dac2w2k - ok

17:04:42.0437 2636 dac960nt - ok

17:04:42.0500 2636 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

17:04:42.0640 2636 Disk - ok

17:04:42.0687 2636 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

17:04:42.0859 2636 dmboot - ok

17:04:42.0906 2636 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

17:04:43.0062 2636 dmio - ok

17:04:43.0187 2636 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

17:04:43.0359 2636 dmload - ok

17:04:43.0500 2636 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

17:04:43.0718 2636 DMusic - ok

17:04:43.0765 2636 dpti2o - ok

17:04:43.0875 2636 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

17:04:44.0031 2636 drmkaud - ok

17:04:44.0140 2636 epmntdrv (f07ba56b0235f15eff8f10dc6389c42e) C:\WINDOWS\system32\epmntdrv.sys

17:04:44.0343 2636 epmntdrv ( UnsignedFile.Multi.Generic ) - warning

17:04:44.0343 2636 epmntdrv - detected UnsignedFile.Multi.Generic (1)

17:04:44.0453 2636 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\WINDOWS\system32\EuGdiDrv.sys

17:04:44.0531 2636 EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning

17:04:44.0531 2636 EuGdiDrv - detected UnsignedFile.Multi.Generic (1)

17:04:44.0656 2636 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

17:04:44.0812 2636 Fastfat - ok

17:04:44.0906 2636 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

17:04:45.0062 2636 Fdc - ok

17:04:45.0171 2636 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

17:04:45.0343 2636 Fips - ok

17:04:45.0421 2636 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

17:04:45.0609 2636 Flpydisk - ok

17:04:45.0843 2636 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

17:04:46.0000 2636 FltMgr - ok

17:04:46.0078 2636 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

17:04:46.0265 2636 Fs_Rec - ok

17:04:46.0406 2636 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

17:04:46.0593 2636 Ftdisk - ok

17:04:46.0671 2636 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

17:04:46.0718 2636 GEARAspiWDM - ok

17:04:46.0750 2636 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

17:04:46.0921 2636 Gpc - ok

17:04:47.0093 2636 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

17:04:47.0250 2636 HDAudBus - ok

17:04:47.0406 2636 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

17:04:47.0562 2636 hidusb - ok

17:04:47.0640 2636 hpn - ok

17:04:47.0687 2636 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

17:04:47.0750 2636 HTTP - ok

17:04:47.0765 2636 i2omgmt - ok

17:04:47.0765 2636 i2omp - ok

17:04:47.0812 2636 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys

17:04:47.0968 2636 i8042prt - ok

17:04:48.0218 2636 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

17:04:48.0390 2636 Imapi - ok

17:04:48.0593 2636 ini910u - ok

17:04:48.0656 2636 IntelIde - ok

17:04:48.0703 2636 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

17:04:48.0843 2636 intelppm - ok

17:04:49.0078 2636 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

17:04:49.0234 2636 Ip6Fw - ok

17:04:49.0562 2636 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

17:04:49.0734 2636 IpFilterDriver - ok

17:04:49.0828 2636 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

17:04:49.0984 2636 IpInIp - ok

17:04:50.0187 2636 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

17:04:50.0343 2636 IpNat - ok

17:04:50.0500 2636 IPSec (19dd19fb992d6bf67811913b6feae577) C:\WINDOWS\system32\DRIVERS\ipsec.sys

17:04:50.0546 2636 Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\ipsec.sys. md5: 19dd19fb992d6bf67811913b6feae577

17:04:50.0546 2636 IPSec ( Virus.Win32.ZAccess.c ) - infected

17:04:50.0546 2636 IPSec - detected Virus.Win32.ZAccess.c (0)

17:04:50.0734 2636 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

17:04:50.0906 2636 IRENUM - ok

17:04:51.0109 2636 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

17:04:51.0265 2636 isapnp - ok

17:04:51.0328 2636 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

17:04:51.0500 2636 Kbdclass - ok

17:04:51.0531 2636 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

17:04:51.0671 2636 kbdhid - ok

17:04:51.0859 2636 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

17:04:52.0031 2636 kmixer - ok

17:04:52.0218 2636 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

17:04:52.0421 2636 KSecDD - ok

17:04:52.0531 2636 lbrtfdc - ok

17:04:52.0687 2636 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys

17:04:52.0718 2636 LMIInfo - ok

17:04:52.0890 2636 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys

17:04:52.0921 2636 lmimirr - ok

17:04:53.0000 2636 LMIRfsClientNP - ok

17:04:53.0062 2636 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys

17:04:53.0093 2636 LMIRfsDriver - ok

17:04:53.0140 2636 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys

17:04:53.0171 2636 MBAMProtector - ok

17:04:53.0218 2636 MHIKEY10 (4f169f43f932739f093ae4e659fff26a) C:\WINDOWS\system32\Drivers\MHIKEY10.sys

17:04:53.0343 2636 MHIKEY10 - ok

17:04:53.0500 2636 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

17:04:53.0656 2636 mnmdd - ok

17:04:53.0984 2636 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

17:04:54.0156 2636 Modem - ok

17:04:54.0484 2636 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

17:04:54.0687 2636 Mouclass - ok

17:04:54.0968 2636 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

17:04:55.0140 2636 mouhid - ok

17:04:55.0484 2636 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

17:04:55.0671 2636 MountMgr - ok

17:04:55.0984 2636 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

17:04:56.0078 2636 MpFilter - ok

17:04:56.0390 2636 MpKslf3ead76f (a69630d039c38018689190234f866d77) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BC7D6002-2D31-424C-844F-790D02058C86}\MpKslf3ead76f.sys

17:04:56.0421 2636 MpKslf3ead76f - ok

17:04:56.0718 2636 mraid35x - ok

17:04:57.0078 2636 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

17:04:57.0234 2636 MRxDAV - ok

17:04:57.0546 2636 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

17:04:57.0687 2636 MRxSmb - ok

17:04:57.0906 2636 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

17:04:58.0062 2636 Msfs - ok

17:04:58.0250 2636 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

17:04:58.0437 2636 MSKSSRV - ok

17:04:58.0531 2636 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

17:04:58.0703 2636 MSPCLOCK - ok

17:04:58.0828 2636 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

17:04:58.0968 2636 MSPQM - ok

17:04:59.0062 2636 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

17:04:59.0187 2636 mssmbios - ok

17:04:59.0281 2636 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

17:04:59.0468 2636 MSTEE - ok

17:04:59.0625 2636 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

17:04:59.0718 2636 Mup - ok

17:04:59.0921 2636 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

17:05:00.0109 2636 NABTSFEC - ok

17:05:00.0265 2636 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

17:05:00.0484 2636 NDIS - ok

17:05:00.0625 2636 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

17:05:00.0828 2636 NdisIP - ok

17:05:01.0031 2636 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

17:05:01.0109 2636 NdisTapi - ok

17:05:01.0375 2636 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

17:05:01.0515 2636 Ndisuio - ok

17:05:01.0671 2636 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

17:05:01.0875 2636 NdisWan - ok

17:05:02.0015 2636 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

17:05:02.0125 2636 NDProxy - ok

17:05:02.0281 2636 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

17:05:02.0453 2636 NetBIOS - ok

17:05:02.0593 2636 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

17:05:02.0750 2636 Npfs - ok

17:05:03.0031 2636 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

17:05:03.0218 2636 Ntfs - ok

17:05:03.0375 2636 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

17:05:03.0515 2636 Null - ok

17:05:04.0000 2636 nv (a93a67f645ea424f0752f8887860fb5f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

17:05:06.0187 2636 nv - ok

17:05:07.0187 2636 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

17:05:07.0421 2636 NwlnkFlt - ok

17:05:07.0609 2636 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

17:05:07.0796 2636 NwlnkFwd - ok

17:05:09.0109 2636 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

17:05:09.0703 2636 Parport - ok

17:05:10.0390 2636 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

17:05:10.0562 2636 PartMgr - ok

17:05:11.0140 2636 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

17:05:11.0328 2636 ParVdm - ok

17:05:12.0031 2636 PBADRV (6ef25fb20cd269e3e51d8ca54935fff2) C:\WINDOWS\system32\drivers\pbadrv.sys

17:05:12.0203 2636 PBADRV ( UnsignedFile.Multi.Generic ) - warning

17:05:12.0203 2636 PBADRV - detected UnsignedFile.Multi.Generic (1)

17:05:12.0765 2636 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

17:05:12.0968 2636 PCI - ok

17:05:13.0515 2636 PCIDump - ok

17:05:15.0531 2636 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

17:05:15.0718 2636 PCIIde - ok

17:05:16.0109 2636 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

17:05:16.0328 2636 Pcmcia - ok

17:05:16.0765 2636 PDCOMP - ok

17:05:16.0984 2636 PDFRAME - ok

17:05:17.0546 2636 PDRELI - ok

17:05:17.0968 2636 PDRFRAME - ok

17:05:18.0843 2636 perc2 - ok

17:05:19.0437 2636 perc2hib - ok

17:05:20.0250 2636 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

17:05:20.0531 2636 PptpMiniport - ok

17:05:21.0171 2636 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

17:05:21.0515 2636 PSched - ok

17:05:22.0937 2636 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

17:05:23.0296 2636 Ptilink - ok

17:05:25.0046 2636 ql1080 - ok

17:05:25.0796 2636 Ql10wnt - ok

17:05:27.0734 2636 ql12160 - ok

17:05:28.0765 2636 ql1240 - ok

17:05:30.0890 2636 ql1280 - ok

17:05:32.0390 2636 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

17:05:32.0578 2636 RasAcd - ok

17:05:34.0734 2636 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

17:05:34.0921 2636 Rasl2tp - ok

17:05:40.0390 2636 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

17:05:40.0562 2636 RasPppoe - ok

17:05:42.0390 2636 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

17:05:42.0609 2636 Raspti - ok

17:05:43.0281 2636 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

17:05:43.0468 2636 Rdbss - ok

17:05:45.0078 2636 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

17:05:45.0296 2636 RDPCDD - ok

17:05:49.0750 2636 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

17:05:50.0156 2636 rdpdr - ok

17:05:51.0406 2636 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

17:05:51.0671 2636 RDPWD - ok

17:05:52.0203 2636 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

17:05:52.0375 2636 redbook - ok

17:05:54.0906 2636 rt2870 (4311d22a38f7e403475aa2c338768c11) C:\WINDOWS\system32\DRIVERS\rt2870.sys

17:05:55.0531 2636 rt2870 - ok

17:05:58.0671 2636 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

17:05:58.0859 2636 Secdrv - ok

17:06:00.0140 2636 Sentinel (a2cc81c30bef6ac9f27055490eef6de3) C:\WINDOWS\System32\Drivers\SENTINEL.SYS

17:06:00.0343 2636 Sentinel - ok

17:06:03.0671 2636 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

17:06:03.0812 2636 serenum - ok

17:06:12.0906 2636 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

17:06:13.0359 2636 Sfloppy - ok

17:06:18.0437 2636 Simbad - ok

17:06:22.0484 2636 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

17:06:28.0500 2636 SLIP - ok

17:06:36.0250 2636 Sparrow - ok

17:06:41.0015 2636 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

17:06:41.0187 2636 splitter - ok

17:06:43.0593 2636 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

17:06:43.0843 2636 sr - ok

17:06:53.0578 2636 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

17:06:54.0078 2636 Srv - ok

17:07:00.0812 2636 STHDA (9db5dbed65f2d74acd1d20a53898af79) C:\WINDOWS\system32\drivers\sthda.sys

17:07:02.0359 2636 STHDA - ok

17:07:03.0765 2636 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

17:07:04.0046 2636 streamip - ok

17:07:05.0750 2636 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

17:07:05.0921 2636 swenum - ok

17:07:07.0421 2636 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

17:07:07.0609 2636 swmidi - ok

17:07:08.0343 2636 symc810 - ok

17:07:09.0562 2636 symc8xx - ok

17:07:10.0328 2636 sym_hi - ok

17:07:12.0140 2636 sym_u3 - ok

17:07:14.0187 2636 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

17:07:14.0421 2636 sysaudio - ok

17:07:16.0890 2636 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

17:07:17.0500 2636 Tcpip - ok

17:07:18.0296 2636 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

17:07:18.0500 2636 TDPIPE - ok

17:07:19.0468 2636 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

17:07:19.0640 2636 TDTCP - ok

17:07:24.0843 2636 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

17:07:25.0031 2636 TermDD - ok

17:07:25.0562 2636 TosIde - ok

17:07:26.0375 2636 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

17:07:26.0640 2636 Udfs - ok

17:07:28.0125 2636 ultra - ok

17:07:29.0343 2636 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

17:07:29.0687 2636 Update - ok

17:07:31.0812 2636 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

17:07:32.0078 2636 USBAAPL - ok

17:07:34.0312 2636 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

17:07:34.0859 2636 usbaudio - ok

17:07:39.0171 2636 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

17:07:39.0359 2636 usbccgp - ok

17:07:40.0484 2636 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

17:07:40.0640 2636 usbehci - ok

17:07:41.0125 2636 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

17:07:41.0328 2636 usbhub - ok

17:07:43.0515 2636 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

17:07:43.0703 2636 usbprint - ok

17:07:44.0078 2636 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

17:07:44.0234 2636 usbscan - ok

17:07:44.0828 2636 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

17:07:45.0078 2636 usbstor - ok

17:07:45.0718 2636 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

17:07:45.0875 2636 usbuhci - ok

17:07:46.0375 2636 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

17:07:46.0546 2636 VgaSave - ok

17:07:47.0015 2636 ViaIde - ok

17:07:47.0500 2636 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

17:07:47.0734 2636 VolSnap - ok

17:07:48.0671 2636 VX3000 (e26744e5dd71a16e80d4dd5a286b8423) C:\WINDOWS\system32\DRIVERS\VX3000.sys

17:07:50.0843 2636 VX3000 - ok

17:07:51.0437 2636 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

17:07:51.0593 2636 Wanarp - ok

17:07:51.0640 2636 WDICA - ok

17:07:51.0718 2636 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

17:07:51.0890 2636 wdmaud - ok

17:07:52.0031 2636 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

17:07:52.0171 2636 WSTCODEC - ok

17:07:52.0203 2636 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

17:07:52.0515 2636 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

17:07:52.0515 2636 \Device\Harddisk0\DR0 - detected TDSS File System (1)

17:07:52.0515 2636 Boot (0x1200) (9384bd0efa35fdbd424eea2b29a531da) \Device\Harddisk0\DR0\Partition0

17:07:52.0515 2636 \Device\Harddisk0\DR0\Partition0 - ok

17:07:52.0531 2636 Boot (0x1200) (31ff8ef4f5ae56a65c67e523196c8525) \Device\Harddisk0\DR0\Partition1

17:07:52.0531 2636 \Device\Harddisk0\DR0\Partition1 - ok

17:07:52.0531 2636 ============================================================

17:07:52.0531 2636 Scan finished

17:07:52.0531 2636 ============================================================

17:07:52.0640 2512 Detected object count: 7

17:07:52.0640 2512 Actual detected object count: 7

17:08:01.0859 2512 ANIO ( UnsignedFile.Multi.Generic ) - skipped by user

17:08:01.0859 2512 ANIO ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:08:01.0859 2512 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user

17:08:01.0859 2512 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:08:01.0859 2512 epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user

17:08:01.0859 2512 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:08:01.0859 2512 EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user

17:08:01.0859 2512 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:08:02.0031 2512 C:\WINDOWS\system32\DRIVERS\ipsec.sys - copied to quarantine

17:08:02.0671 2512 Backup copy found, using it..

17:08:02.0859 2512 C:\WINDOWS\system32\DRIVERS\ipsec.sys - will be cured on reboot

17:08:06.0468 2512 IPSec ( Virus.Win32.ZAccess.c ) - User select action: Cure

17:08:06.0468 2512 PBADRV ( UnsignedFile.Multi.Generic ) - skipped by user

17:08:06.0468 2512 PBADRV ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:08:06.0468 2512 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

17:08:06.0468 2512 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

17:08:22.0484 0944 Deinitialize success

ComboFix 12-02-12.01 - David 02/12/2012 23:55:11.1.2 - x86

Running from: c:\documents and settings\David\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

.

.

.

c:\windows\$NtUninstallKB13065$

c:\windows\$NtUninstallKB13065$\1612236592

c:\windows\$NtUninstallKB13065$\757603873\@

c:\windows\$NtUninstallKB13065$\757603873\cfg.ini

c:\windows\$NtUninstallKB13065$\757603873\Desktop.ini

c:\windows\$NtUninstallKB13065$\757603873\L\apenanbc

c:\windows\dasetup.log

c:\windows\EventSystem.log

c:\windows\system32\CNCUPM2K.tmp

c:\windows\system32\GroupPolicy\Machine\Registry.pol

.

c:\windows\system32\drivers\afd.sys was missing

Restored copy from - c:\windows\system32\dllcache\afd.sys

.

c:\windows\system32\drivers\netbt.sys was missing

Restored copy from - c:\windows\ServicePackFiles\i386\netbt.sys

.

c:\windows\system32\drivers\Serial.sys was missing

Restored copy from - c:\windows\system32\dllcache\Serial.sys

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_.afd

-------\Service_.ipsec

-------\Service_.netbt

.

.

.

.

.

2012-02-13 08:13 . 2012-02-13 08:13 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{83042766-939C-4EDA-A972-3F883F28D5F4}\offreg.dll

2012-02-13 08:08 . 2008-04-13 19:15 64512 -c--a-w- c:\windows\system32\dllcache\serial.sys

2012-02-13 08:08 . 2008-04-13 19:15 64512 ----a-w- c:\windows\system32\drivers\Serial.sys

2012-02-13 08:08 . 2008-04-13 19:21 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys

2012-02-13 08:08 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys

2012-02-13 08:08 . 2011-08-17 13:49 138496 -c--a-w- c:\windows\system32\dllcache\afd.sys

2012-02-13 08:08 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2012-02-13 03:41 . 2012-01-06 04:19 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{83042766-939C-4EDA-A972-3F883F28D5F4}\mpengine.dll

2012-02-13 03:28 . 2009-05-18 21:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-02-13 03:28 . 2008-04-17 20:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2012-02-13 03:26 . 2012-02-13 03:26 -------- d-----w- c:\program files\iPod

2012-02-13 03:26 . 2012-02-13 03:28 -------- d-----w- c:\program files\iTunes

2012-02-13 01:08 . 2012-02-13 01:08 -------- d-----w- C:\TDSSKiller_Quarantine

2012-02-12 19:24 . 2012-02-12 19:24 -------- d-----w- C:\adobeTemp

2012-02-11 22:40 . 2012-02-11 22:40 -------- d-----w- c:\documents and settings\David\Local Settings\Application Data\join.me

2012-02-08 05:05 . 2012-02-12 23:37 0 --sha-w- c:\windows\system32\dds_trash_log.cmd

2012-02-07 06:45 . 2012-02-07 06:45 -------- d-----w- c:\program files\Adobe Download Assistant

2012-01-28 08:46 . 2012-01-31 07:46 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess

2012-01-28 08:36 . 2012-01-28 08:36 -------- d-----w- c:\program files\NVIDIA Corporation

2012-01-28 08:17 . 2010-06-02 12:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll

2012-01-28 08:17 . 2010-06-02 12:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll

2012-01-28 08:17 . 2010-06-02 12:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll

2012-01-28 08:17 . 2010-05-26 19:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll

2012-01-28 08:17 . 2010-05-26 19:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll

2012-01-28 08:17 . 2010-05-26 19:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll

2012-01-28 08:17 . 2010-05-26 19:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll

2012-01-28 08:17 . 2010-05-26 19:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll

2012-01-22 22:19 . 2012-02-12 10:29 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll

2012-01-22 22:19 . 2012-01-22 22:19 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll

2012-01-22 22:19 . 2012-01-22 22:19 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll

2012-01-22 22:19 . 2012-01-22 22:19 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll

2012-01-18 07:17 . 2012-01-18 07:17 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON

2012-01-18 07:17 . 2006-08-10 10:02 75264 ----a-w- c:\windows\system32\E_FLBBUA.DLL

2012-01-18 07:17 . 2006-04-19 10:00 62976 ----a-w- c:\windows\system32\E_FD4BBUA.DLL

.

.

.

.

.

2012-02-13 01:10 . 2004-08-04 10:00 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys

2012-02-07 06:36 . 2011-06-02 07:37 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll

2012-02-07 06:36 . 2011-06-02 07:37 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2012-02-07 06:36 . 2011-06-02 07:37 30592 ----a-w- c:\windows\system32\LMIport.dll

2012-02-07 06:36 . 2011-06-02 07:36 87424 ----a-w- c:\windows\system32\LMIinit.dll

2012-01-31 12:44 . 2011-01-23 03:33 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-01-06 04:19 . 2011-01-23 09:45 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-12-15 19:52 . 2011-06-02 07:37 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak

2011-12-15 19:52 . 2011-06-02 07:36 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak

2011-12-10 23:24 . 2011-01-23 19:51 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-25 21:57 . 2004-08-04 10:00 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-11-23 13:25 . 2004-08-04 10:00 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-18 12:35 . 2004-08-04 10:00 60416 ----a-w- c:\windows\system32\packager.exe

2011-11-16 14:21 . 2004-08-04 10:00 354816 ----a-w- c:\windows\system32\winhttp.dll

2011-11-16 14:21 . 2004-08-04 10:00 152064 ----a-w- c:\windows\system32\schannel.dll

2012-02-12 10:29 . 2011-03-26 20:18 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

.

.

.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]

@="{95A27763-F62A-4114-9072-E81D87DE3B68}"

[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]

2011-03-04 03:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

2011-03-04 03:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]

@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"

[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]

2011-03-04 03:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\David\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\David\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\David\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\David\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Akamai NetSession Interface"="c:\documents and settings\David\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-02-02 3329824]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-09-08 102400]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-21 7204864]

"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]

"D-Link D-Link Xtreme N Dual Band DWA-160 "="c:\program files\D-Link\DWA-160\AirNCFG.exe" [2008-03-21 1675264]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-21 282624]

"SoundVolumeHotkeys.{9547D1C7-4F18-4104-8674-046DCD12BDF9}"="c:\program files\Sound Volume Hotkeys\SoundVolumeHotkeys.exe" [2010-09-20 126976]

"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]

"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]

"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-17 421736]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]

.

c:\documents and settings\David\Start Menu\Programs\Startup\

Dropbox.lnk - c:\documents and settings\David\Application Data\Dropbox\bin\Dropbox.exe [2012-1-18 24246216]

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2006-8-25 192512]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2012-02-07 06:36 87424 ----a-w- c:\windows\system32\LMIinit.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\wxvault.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 wvauth

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=

"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=

"c:\\Documents and Settings\\David\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\Next Limit\\Maxwell 2\\maxwell.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=

"c:\\Program Files\\Spotify\\spotify.exe"=

"c:\\Documents and Settings\\David\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

"c:\\Program Files\\Tencent\\QQIntl\\Bin\\QQ.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Documents and Settings\\David\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=

"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=

"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1055:TCP"= 1055:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

.

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 2:00 AM 14336]

R2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [2/2/2011 2:08 PM 18656]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [3/1/2011 11:11 AM 374152]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/17/2010 2:40 PM 12856]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/23/2011 11:51 AM 652360]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/23/2011 11:51 AM 20464]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/10/2011 10:23 PM 136176]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [1/22/2011 10:00 PM 13192]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [1/22/2011 10:00 PM 8456]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/10/2011 10:23 PM 136176]

S3 MHIKEY10;MHIKEY10;c:\windows\system32\drivers\MHIKEY10.sys [2/10/2011 3:34 AM 51968]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

se59unic

wg3n

minilog

CTMFLT

clmtomcatstartersvc

ec2007service

SE27obex

ntrtscan

backupexecnotificationserver

SndTDriverV32

Afc

srvdpi

lxdj_device

RMSvc

epgspooler

xusb21

USBCCID

.

.

.

2012-02-10 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 20:34]

.

2012-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-11 06:23]

.

2012-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-11 06:23]

.

2012-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1275210071-1801674531-1003Core.job

- c:\documents and settings\David\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-01 03:34]

.

2012-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1275210071-1801674531-1003UA.job

- c:\documents and settings\David\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-01 03:34]

.

2012-02-13 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]

.

.

------- -------

.

uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 10.0.0.1

FF - ProfilePath - c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\bef3kch8.default\

FF - prefs.js: browser.startup.homepage - google.com

.

.

------- -------

.

txtfile=c:\windows\notepad.exe %1

.scr=AutoCADScriptFile

.

- - - - - - - -

.

HKCU-Run-AdobeBridge - (no file)

HKLM-Run-nwiz - nwiz.exe

SafeBoot-18917131.sys

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-02-13 00:16

Windows 5.1.2600 Service Pack 3 NTFS

.

.

.

.

.

: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]

"ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll"

.

--------------------- ---------------------

.

- - - - - - - > 'winlogon.exe'(484)

c:\windows\system32\LMIinit.dll

c:\windows\system32\LMIRfsClientNP.dll

.

- - - - - - - > 'lsass.exe'(540)

c:\windows\system32\wvauth.dll

c:\windows\system32\biolsp.dll

.

- - - - - - - > 'explorer.exe'(2784)

c:\windows\system32\WININET.dll

c:\windows\system32\AcSignIcon.dll

c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

c:\documents and settings\David\Application Data\Dropbox\bin\DropboxExt.14.dll

c:\program files\Common Files\Autodesk Shared\DirectConnect2012\bin\Aruba\AcSignCore16.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\LMIRfsClientNP.dll

.

------------------------ ------------------------

.

c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe

c:\program files\Wave Systems Corp\Common\DataServer.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\LogMeIn\x86\RaMaint.exe

c:\program files\LogMeIn\x86\LogMeIn.exe

c:\program files\Microsoft LifeCam\MSCamS32.exe

c:\windows\system32\nvsvc32.exe

c:\program files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe

c:\windows\stsystra.exe

c:\program files\OpenOffice.org 3\program\soffice.exe

c:\program files\OpenOffice.org 3\program\soffice.bin

c:\windows\system32\wscntfy.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\System32\vssvc.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\msdtc.exe

.

**************************************************************************

.

: 2012-02-13 00:24:10 -

ComboFix-quarantined-files.txt 2012-02-13 08:23

.

Pre-Run: 4,430,569,472 bytes free

: 5,155,328,000 bytes free

.

- - End Of File - - 0928BD6098F614AE8269A7931F2D5B97

Link to post
Share on other sites

Please re-run TDSSKiller and take a look these entries:

17:08:06.0468 2512 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
17:08:06.0468 2512 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

And click on Delete option instead of Skip.

Link to post
Share on other sites

Malwarebytes Anti-Malware (PRO) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.14.04

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 7.0.5730.13

David :: PAGGY-DESKTOP [administrator]

Protection: Enabled

2/14/2012 10:00:48 AM

mbam-log-2012-02-14 (10-00-48).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 264537

Time elapsed: 11 minute(s), 37 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=7.00.6000.17106 (vista_gdr.111024-1604)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=fa3d6cf66b48c44eb1eb6a06a8283f13

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-02-16 11:23:37

# local_time=2012-02-16 03:23:37 (-0800, Pacific Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=5891 16776533 42 87 0 26122767 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=488254

# found=0

# cleaned=0

# scan_time=20719

Link to post
Share on other sites

Everything is still fine. However, I'm a little worried about connecting back my external hard drive. It was connected when I got the virus so I'm not sure if it could re-infect my computer once I plug it in. I did run a malwarebytes scan on the external drive but that was before the virus was totally gone.

Link to post
Share on other sites

In this case, let us proceed in this way:

Flash Drive Disinfector

Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.

  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.

Let me know.

Link to post
Share on other sites

Great! :)

Here some final steps:

Please uninstall ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix#uninstall

Please manually delete DDS and TDSSKiller.

Next, uninstall ESET Online Scanner.

Here some malware preventions:

http://forums.malwarebytes.org/index.php?showtopic=104379&pid=515983&st=0entry515983

Safe surfing! :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.