Jump to content

Malicious URL Repelled Constantly - espeak911.com, colexity777.com and 37.220.36.44


Recommended Posts

I'm running Avast and I'm getting a repeat Malicious URL Repelled notice constantly.

It says:

Object: Http://colexity777.com/x/ or espeak911.com/x/ or 37.220.36.44/x/

URL: Mal

Process: C\Windows\System32\svchost.exe

I've run Malwarebytes Quickscan and it removed something, but the Malicious URL Repelled continues to occur.

Need help, not sure how to fix this issue.

Link to post
Share on other sites

Hello spartanfan.

Your "bump" post made it appear you were being helped. It is not advised that people make a 2nd post once they have created the help topic !

You did not post any DDS logs, nor did you post a copy of your MBAM scan log :excl:

Those would help us to see basic information that we need to get started.

BTW: If you are being helped elsewhere already, stop and let me know.

Download DDS and save it to your desktop from http://www.techsupportforum.com/sectools/sUBs/dds here

or http://download.bleepingcomputer.com/sUBs/dds.scr or

http://www.forospyware.com/sUBs/dds

Disable any script blocker if your antivirus/antimalware has it.

Then double click dds.scr to run the tool.

DDS will run in a command prompt window and will take 3 to 4 minutes or so.

  • When done, DDS will open two (2) logs:
  • DDS.txt
  • Attach.txt
  • Save both reports to your desktop.

Please Copy & Paste contents of the following logs in your next reply:

DDS.txt

Attach.txt

Link to post
Share on other sites

I haven't been helped yet. Thanks for hanging in there with me. I'm attempting to download the DDS files, however, the links are not working for me. The first link under tech support forum, when I click it takes me to a page that says the page I'm looking for cannot be found. The second link opens a window but stays a blank page. The third link comes back in spanish, I let google translate it and clicked the download button, but nothing happens.

Link to post
Share on other sites

Okay, I found another spot to download DDS.scr and ran the program.

Attach.txt results

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 5/9/2009 11:31:47 PM

System Uptime: 8/21/2012 3:56:28 PM (18 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | Goldfish2

Processor: Intel® Pentium® 4 CPU 3.00GHz | CPU 1 | 3000/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 244 GiB total, 203.612 GiB free.

D: is FIXED (NTFS) - 222 GiB total, 155.829 GiB free.

E: is CDROM ()

F: is CDROM ()

G: is Removable

H: is Removable

I: is Removable

J: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: PCI Simple Communications Controller

Device ID: PCI\VEN_11C1&DEV_048C&SUBSYS_044C11C1&REV_03\4&23C0B1C&0&28F0

Manufacturer:

Name: PCI Simple Communications Controller

PNP Device ID: PCI\VEN_11C1&DEV_048C&SUBSYS_044C11C1&REV_03\4&23C0B1C&0&28F0

Service:

.

==== System Restore Points ===================

.

RP1119: 5/24/2012 1:04:45 PM - System Checkpoint

RP1120: 5/25/2012 2:04:43 PM - System Checkpoint

RP1121: 5/26/2012 3:04:44 PM - System Checkpoint

RP1122: 5/27/2012 3:52:43 PM - System Checkpoint

RP1123: 5/28/2012 5:04:25 PM - System Checkpoint

RP1124: 5/29/2012 5:52:25 PM - System Checkpoint

RP1125: 5/30/2012 6:52:27 PM - System Checkpoint

RP1126: 5/31/2012 9:06:57 PM - System Checkpoint

RP1127: 6/3/2012 12:00:21 AM - System Checkpoint

RP1128: 6/5/2012 12:00:23 PM - Software Distribution Service 3.0

RP1129: 6/6/2012 12:22:09 PM - System Checkpoint

RP1130: 6/7/2012 1:22:09 PM - System Checkpoint

RP1131: 6/8/2012 2:22:13 PM - System Checkpoint

RP1132: 6/9/2012 3:22:10 PM - System Checkpoint

RP1133: 6/10/2012 4:21:55 PM - System Checkpoint

RP1134: 6/11/2012 5:21:54 PM - System Checkpoint

RP1135: 6/12/2012 6:21:56 PM - System Checkpoint

RP1136: 6/13/2012 7:21:53 PM - System Checkpoint

RP1137: 6/14/2012 12:00:19 PM - Software Distribution Service 3.0

RP1138: 6/15/2012 12:36:51 PM - System Checkpoint

RP1139: 6/16/2012 12:37:22 PM - System Checkpoint

RP1140: 6/17/2012 1:34:09 PM - System Checkpoint

RP1141: 6/18/2012 5:47:27 PM - System Checkpoint

RP1142: 6/19/2012 6:25:07 PM - System Checkpoint

RP1143: 6/20/2012 7:26:12 PM - System Checkpoint

RP1144: 6/21/2012 8:25:06 PM - System Checkpoint

RP1145: 6/22/2012 8:33:21 PM - System Checkpoint

RP1146: 6/23/2012 9:33:19 PM - System Checkpoint

RP1147: 6/24/2012 10:33:03 PM - System Checkpoint

RP1148: 6/25/2012 11:33:06 PM - System Checkpoint

RP1149: 6/27/2012 12:33:07 AM - System Checkpoint

RP1150: 6/28/2012 1:33:31 AM - System Checkpoint

RP1151: 6/29/2012 2:33:07 AM - System Checkpoint

RP1152: 6/30/2012 2:58:43 AM - System Checkpoint

RP1153: 7/1/2012 3:18:16 AM - System Checkpoint

RP1154: 7/2/2012 4:16:21 AM - System Checkpoint

RP1155: 7/3/2012 5:16:48 AM - System Checkpoint

RP1156: 7/4/2012 5:40:34 AM - System Checkpoint

RP1157: 7/5/2012 11:15:52 AM - System Checkpoint

RP1158: 7/6/2012 10:37:27 AM - Software Distribution Service 3.0

RP1159: 7/7/2012 11:16:29 AM - System Checkpoint

RP1160: 7/8/2012 11:40:28 AM - System Checkpoint

RP1161: 7/9/2012 4:30:53 PM - System Checkpoint

RP1162: 7/10/2012 4:52:30 PM - System Checkpoint

RP1163: 7/11/2012 8:26:38 AM - Software Distribution Service 3.0

RP1164: 7/12/2012 10:40:38 AM - System Checkpoint

RP1165: 7/13/2012 11:45:11 AM - System Checkpoint

RP1166: 7/14/2012 12:06:29 PM - System Checkpoint

RP1167: 7/15/2012 1:53:46 PM - System Checkpoint

RP1168: 7/16/2012 5:20:26 PM - System Checkpoint

RP1169: 7/17/2012 5:51:45 PM - System Checkpoint

RP1170: 7/18/2012 6:51:46 PM - System Checkpoint

RP1171: 7/19/2012 7:49:03 PM - System Checkpoint

RP1172: 7/20/2012 8:46:14 PM - System Checkpoint

RP1173: 7/21/2012 8:49:51 PM - System Checkpoint

RP1174: 7/22/2012 9:48:21 PM - System Checkpoint

RP1175: 7/23/2012 10:48:21 PM - System Checkpoint

RP1176: 7/24/2012 11:48:22 PM - System Checkpoint

RP1177: 7/26/2012 12:46:17 AM - System Checkpoint

RP1178: 7/27/2012 1:23:12 AM - System Checkpoint

RP1179: 7/28/2012 1:46:54 AM - System Checkpoint

RP1180: 7/29/2012 3:14:52 AM - System Checkpoint

RP1181: 7/30/2012 3:28:21 AM - System Checkpoint

RP1182: 7/31/2012 4:22:55 AM - System Checkpoint

RP1183: 8/1/2012 4:46:03 AM - System Checkpoint

RP1184: 8/2/2012 12:24:53 PM - System Checkpoint

RP1185: 8/3/2012 3:39:11 PM - System Checkpoint

RP1186: 8/4/2012 4:04:50 PM - System Checkpoint

RP1187: 8/5/2012 5:04:50 PM - System Checkpoint

RP1188: 8/6/2012 5:11:15 PM - System Checkpoint

RP1189: 8/7/2012 5:55:10 PM - System Checkpoint

RP1190: 8/8/2012 6:55:10 PM - System Checkpoint

RP1191: 8/9/2012 7:51:56 PM - System Checkpoint

RP1192: 8/10/2012 12:45:34 PM - Installed iTunes

RP1193: 8/11/2012 12:54:55 PM - System Checkpoint

RP1194: 8/12/2012 1:54:54 PM - System Checkpoint

RP1195: 8/13/2012 2:27:53 PM - System Checkpoint

RP1196: 8/14/2012 5:14:25 PM - System Checkpoint

RP1197: 8/15/2012 10:47:36 AM - OTL Restore Point - 8/15/2012 10:47:28 AM

RP1198: 8/15/2012 12:01:04 PM - Software Distribution Service 3.0

RP1199: 8/16/2012 5:27:55 PM - System Checkpoint

RP1200: 8/17/2012 5:35:50 PM - System Checkpoint

RP1201: 8/18/2012 6:35:49 PM - System Checkpoint

RP1202: 8/19/2012 7:35:50 PM - System Checkpoint

RP1203: 8/20/2012 7:42:49 PM - System Checkpoint

RP1204: 8/21/2012 8:01:11 PM - System Checkpoint

.

==== Installed Programs ======================

.

2600

2600_Help

2600Trb

ACID Pro 7.0

Acrobat.com

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.1

Adobe Shockwave Player 11.6

AiO_Scan

AiOSoftware

Amazon MP3 Downloader 1.0.5

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Audacity 1.2.6

avast! Free Antivirus

Bonjour

BufferChm

CDBurnerXP

Cohen - Medical Terminology

Compatibility Pack for the 2007 Office system

Copy

Coupon Printer for Windows

CP_AtenaShokunin1Config

cp_dwShrek2Albums1

cp_dwShrek2Cards1

CreativeProjects

CreativeProjectsTemplates

Critical Update for Windows Media Player 11 (KB959772)

CueTour

Destinations

Director

DocProc

DocumentViewer

Fax

Free M4a to MP3 Converter 6.0

Garmin Communicator Plugin

Garmin USB Drivers

Glary Utilities 2.46.0.1518

Google Chrome

Google Earth Plug-in

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Extended Capabilities 4.7

HP Image Zone 4.7

HP Product Assistant

HP PSC & OfficeJet 4.7

HP Software Update

HPSystemDiagnostics

Inkscape 0.46

InstantShare

Intel AppUp(SM) center

Intel® Graphics Media Accelerator Driver

iTunes

Java Auto Updater

Java™ 6 Update 22

Java™ 6 Update 29

LastPass (uninstall only)

LeapFrog Connect

LeapFrog My Pals Plugin

LeapFrog Tag Junior Plugin

Malwarebytes Anti-Malware version 1.62.0.1300

MarketResearch

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Money 2007

Microsoft Money Shared Libraries

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office File Validation Add-In

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Standard Edition 2003

Microsoft Office Visio 2007 Service Pack 3 (SP3)

Microsoft Office Visio MUI (English) 2007

Microsoft Office Visio Professional 2007

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NETGEAR XE102 Powerline Encryption Utility

Nitro PDF Reader

OpenOffice.org 3.3

PanoStandAlone

PhotoGallery

PrimoPDF -- brought to you by Nitro PDF Software

ProductContext

QFolder

QuickTime

Readme

Realtek High Definition Audio Driver

Scan

ScannerCopy

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB963027)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969897)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972260)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974455)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Silvestri Comp Review PN 4e

SkinsHP1

Snapshot Viewer

Sony ACID Pro 6.0

Sony Media Manager 2.2

Sony Vegas Pro 8.0

Spelling Dictionaries Support For Adobe Reader 9

Spybot - Search & Destroy

swMSM

TrayApp

Unload

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB975364)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2718704)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update for Windows XP (KB976749)

Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)

Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin)

VirtualCom driver

Web Games Player Plugin

WebEx

WebFldrs XP

WebReg

Windows 7 Upgrade Advisor

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)

Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)

Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)

Windows Driver Package - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows Search 4.0

Windows XP Service Pack 3

Xtranormal State

Xtranormal State - Showpak-Playgoz-Preview

Xtranormal State - SoundPack-Starter Kit

Xtranormal State - Voicepack-English-UK-Daniel

Xtranormal State - Voicepack-English-UK-Serena

Xtranormal State - Voicepack-English-US-Samantha

Xtranormal State - Voicepack-English-US-Tom

Xvid Video Codec

.

==== Event Viewer Messages From Past Week ========

.

8/20/2012 11:40:11 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 bf84c92f, parameter3 f7192aac, parameter4 00000000.

8/15/2012 8:29:15 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.

8/15/2012 10:16:31 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde

.

==== End Of File ===========================

DDS.txt results

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29

Run by Ray at 9:19:19 on 2012-08-22

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.22 [GMT -4:00]

.

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\windows\system32\svchost -k DcomLaunch

svchost.exe

C:\windows\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\windows\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\windows\System32\svchost.exe -k HTTPFilter

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\system32\SearchIndexer.exe

C:\windows\Explorer.EXE

C:\windows\SOUNDMAN.EXE

C:\windows\ALCWZRD.EXE

C:\windows\ALCMTR.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe

C:\Program Files\Alwil Software\Avast5\avastUI.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://isearch.glarysoft.com/?src=iehome

uDefault_Page_URL = hxxp://isearch.glarysoft.com/?src=iehome

mDefault_Page_URL = hxxp://isearch.glarysoft.com/?src=iehome

mStart Page = hxxp://isearch.glarysoft.com/?src=iehome

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [Google Update] "c:\documents and settings\ray\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [soundMan] SOUNDMAN.EXE

mRun: [AlcWzrd] ALCWZRD.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"

mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: LastPass - file://c:\program files\lastpass\context.html?cmd=lastpass

IE: LastPass Fill Forms - file://c:\program files\lastpass\context.html?cmd=fillforms

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341584638406

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 64.233.217.5 64.233.217.2

TCP: Interfaces\{AD92C9BD-59F6-4350-8DFA-6B88E3525973} : DhcpNameServer = 64.233.217.5 64.233.217.2

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\ray\application data\mozilla\firefox\profiles\mg3y7ybz.default\

FF - prefs.js: browser.startup.homepage - about:home

FF - component: c:\documents and settings\ray\application data\mozilla\firefox\profiles\mg3y7ybz.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll

FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll

FF - plugin: c:\documents and settings\ray\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPcol308.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-12 721000]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-5-10 353688]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-5-10 21256]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-23 44808]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-15 655944]

R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\nitro pdf\reader\NitroPDFReaderDriverService.exe [2011-1-14 196912]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-15 22344]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-14 135664]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-6 250056]

S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2009-7-2 18560]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-4-14 36608]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-14 135664]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-21 113120]

S3 XE102Mp5;XE102Mp5 NDIS Protocol Driver;c:\windows\system32\drivers\XE102Mp5.sys [2009-12-20 21120]

S3 XE102Sp5;XE102Sp5 NDIS Protocol Driver;c:\windows\system32\drivers\XE102Sp5.sys [2009-12-20 18176]

.

=============== Created Last 30 ================

.

2012-08-15 13:56:35 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-10 16:47:28 -------- d-----w- c:\program files\iPod

2012-08-10 16:47:17 -------- d-----w- c:\program files\iTunes

2012-08-10 16:47:17 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2012-08-10 16:36:50 -------- d-----w- c:\program files\Bonjour

.

==================== Find3M ====================

.

2012-08-15 05:14:10 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-15 05:14:10 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-11 16:31:30 81920 -c--a-w- c:\windows\ALCFDRTM.VER

2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll

2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-03 16:21:53 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr

2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll

2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-07-02 17:49:32 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec

2012-06-07 00:59:42 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 21:35:26 222448 ----a-w- c:\windows\system32\muweb.dll

2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll

2010-12-13 19:53:56 9163464 ----a-w- c:\program files\common files\lpuninstall.exe

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: WDC_WD5000AAKS-00H2B0 rev.07.04C07 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x862884B1]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8628f93c]; MOV EAX, [0x8628fab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\Harddisk0\DR0[0x8649FAB8]

3 CLASSPNP[0xF75E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> [0x8635B798]

\Driver\atapi[0x86324C08] -> IRP_MJ_CREATE -> 0x862884B1

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x862882E2

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 9:22:35.01 ===============

Edited by Maurice Naggar
emphasis added
Link to post
Share on other sites

Trojan warning:TDL3

This system has some serious backdoor trojans. TDL3

This is a point where you need to decide about whether to make a clean start.

According to the information provided in logs, one or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information, and download and execute files.

You are strongly advised to do the following immediately.

1. Contact your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.

3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.These trojans leave a backdoor open on the system that can allow a hacker total and complete access to your computer. (Remote access trojan) Hackers can operate your computer just as if they were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.

* Take any other steps you think appropriate for an attempted identity theft.

You should also understand that once a system has been compromised by a Trojan backdoor, it can never really be trusted again unless you completely reformat the hard drives and reinstall Windows fresh.

While we usually can successfully remove malware like this, we cannot guarantee that it is totally gone, and that your system is completely safe to use for future financial information and/or transactions.

Here is some additional information: What Is A Backdoor Trojan? http://www.geekstogo...backdoor-trojan

Danger: Remote Access Trojans http://www.microsoft...o/virusrat.mspx

Consumers – Identity Theft http://www.ftc.gov/b...mers/index.html

When should I re-format? How should I reinstall? http://www.dslreports.com/faq/10063

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451

Let me know what you decide.

IF you decide to attempt cleaning, then start with the following.

Step 1

Disable and keep turned off Spybot's Tea Timer otherwise it will interfere with our tools.

Start Spybot-S&D, switch to the Advanced mode via the menu bar item Mode

then select Advanced Mode

On the left hand side, slect Tools

Then click on the Resident icon in the list

Uncheck Resident TeaTimer and OK any prompts.

Now Logoff & Restart your computer fresh.

Step 2

  • Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Do NOT press any Fix button.
  • Exit/Close RogueKiller

Step 3

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Link to post
Share on other sites

Do the RKILL (listed here) then go back and do the Step 3 for TDSSKILLER

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.


Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

Link to post
Share on other sites

Ran RKill. Here are the results:

Rkill 2.3.1 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2012 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/23/2012 10:53:55 AM in x86 mode.

Windows Version: Windows XP Service Pack 3

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* C:\WINDOWS\system32\HPZipm12.exe (PID: 4012) [WD-HEUR]

* C:\windows\system32\HPZinw12.exe (PID: 2076) [WD-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* No issues found.

Checking Windows Service Integrity:

* Background Intelligent Transfer Service (BITS) is not Running.

Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 08/23/2012 10:54:59 AM

Execution time: 0 hours(s), 1 minute(s), and 4 seconds(s)

Will now run TDSSKILLER.

Link to post
Share on other sites

Okay, ran TDSSKILLER. Here is the report file:

11:10:25.0218 2632 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03

11:10:26.0109 2632 ============================================================

11:10:26.0109 2632 Current date / time: 2012/08/23 11:10:26.0109

11:10:26.0109 2632 SystemInfo:

11:10:26.0109 2632

11:10:26.0109 2632 OS Version: 5.1.2600 ServicePack: 3.0

11:10:26.0109 2632 Product type: Workstation

11:10:26.0109 2632 ComputerName: SCOTT1

11:10:26.0109 2632 UserName: Ray

11:10:26.0109 2632 Windows directory: C:\windows

11:10:26.0109 2632 System windows directory: C:\windows

11:10:26.0109 2632 Processor architecture: Intel x86

11:10:26.0109 2632 Number of processors: 2

11:10:26.0109 2632 Page size: 0x1000

11:10:26.0109 2632 Boot type: Normal boot

11:10:26.0109 2632 ============================================================

11:10:30.0468 2632 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054

11:10:30.0906 2632 ============================================================

11:10:30.0906 2632 \Device\Harddisk0\DR0:

11:10:30.0921 2632 MBR partitions:

11:10:30.0921 2632 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1E846621

11:10:30.0953 2632 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E84669F, BlocksNum 0x1BB3A6E1

11:10:30.0953 2632 ============================================================

11:10:31.0015 2632 C: <-> \Device\Harddisk0\DR0\Partition1

11:10:31.0078 2632 D: <-> \Device\Harddisk0\DR0\Partition2

11:10:31.0281 2632 ============================================================

11:10:31.0281 2632 Initialize success

11:10:31.0281 2632 ============================================================

11:10:50.0750 3704 ============================================================

11:10:50.0750 3704 Scan started

11:10:50.0750 3704 Mode: Manual;

11:10:50.0750 3704 ============================================================

11:10:54.0625 3704 ================ Scan system memory ========================

11:10:54.0625 3704 System memory - ok

11:10:54.0625 3704 ================ Scan services =============================

11:10:54.0812 3704 [ 0B27AE82C113D3687024D18459440426 ] Aavmker4 C:\windows\system32\drivers\Aavmker4.sys

11:10:54.0828 3704 Aavmker4 - ok

11:10:54.0828 3704 Abiosdsk - ok

11:10:54.0843 3704 abp480n5 - ok

11:10:54.0875 3704 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\windows\system32\DRIVERS\ACPI.sys

11:10:54.0875 3704 ACPI - ok

11:10:54.0921 3704 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\windows\system32\drivers\ACPIEC.sys

11:10:54.0921 3704 ACPIEC - ok

11:10:55.0031 3704 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

11:10:55.0031 3704 AdobeFlashPlayerUpdateSvc - ok

11:10:55.0031 3704 adpu160m - ok

11:10:55.0078 3704 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\windows\system32\drivers\aec.sys

11:10:55.0078 3704 aec - ok

11:10:55.0109 3704 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\windows\System32\drivers\afd.sys

11:10:55.0125 3704 AFD - ok

11:10:55.0125 3704 Aha154x - ok

11:10:55.0140 3704 aic78u2 - ok

11:10:55.0140 3704 aic78xx - ok

11:10:55.0171 3704 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\windows\system32\alrsvc.dll

11:10:55.0171 3704 Alerter - ok

11:10:55.0187 3704 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\windows\System32\alg.exe

11:10:55.0203 3704 ALG - ok

11:10:55.0203 3704 AliIde - ok

11:10:55.0203 3704 amsint - ok

11:10:55.0296 3704 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

11:10:55.0296 3704 Apple Mobile Device - ok

11:10:55.0328 3704 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\windows\System32\appmgmts.dll

11:10:55.0343 3704 AppMgmt - ok

11:10:55.0343 3704 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\windows\system32\DRIVERS\arp1394.sys

11:10:55.0343 3704 Arp1394 - ok

11:10:55.0359 3704 asc - ok

11:10:55.0359 3704 asc3350p - ok

11:10:55.0375 3704 asc3550 - ok

11:10:55.0453 3704 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

11:10:55.0453 3704 aspnet_state - ok

11:10:55.0484 3704 [ 1C1F3D6DDDC046C920C493A779649F66 ] aswFsBlk C:\windows\system32\drivers\aswFsBlk.sys

11:10:55.0484 3704 aswFsBlk - ok

11:10:55.0500 3704 [ 9E912FE7B41650701EF2B227ACA440F3 ] aswMon2 C:\windows\system32\drivers\aswMon2.sys

11:10:55.0500 3704 aswMon2 - ok

11:10:55.0515 3704 [ 982E275D1C5801042FE94209FB0160FB ] aswRdr C:\windows\system32\drivers\aswRdr.sys

11:10:55.0531 3704 aswRdr - ok

11:10:55.0578 3704 [ 73DBCF808E00580F2A47F93DD9B03876 ] aswSnx C:\windows\system32\drivers\aswSnx.sys

11:10:55.0593 3704 aswSnx - ok

11:10:55.0609 3704 [ 6CBD7D3A33F498D09C831CDD732DA2E0 ] aswSP C:\windows\system32\drivers\aswSP.sys

11:10:55.0625 3704 aswSP - ok

11:10:55.0640 3704 [ 7109A9AA551F37CD168C02368465957E ] aswTdi C:\windows\system32\drivers\aswTdi.sys

11:10:55.0640 3704 aswTdi - ok

11:10:55.0656 3704 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys

11:10:55.0656 3704 AsyncMac - ok

11:10:55.0671 3704 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\windows\system32\DRIVERS\atapi.sys

11:10:55.0671 3704 atapi - ok

11:10:55.0671 3704 Atdisk - ok

11:10:55.0687 3704 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\windows\system32\DRIVERS\atmarpc.sys

11:10:55.0703 3704 Atmarpc - ok

11:10:55.0734 3704 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\windows\System32\audiosrv.dll

11:10:55.0734 3704 AudioSrv - ok

11:10:55.0765 3704 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\windows\system32\DRIVERS\audstub.sys

11:10:55.0765 3704 audstub - ok

11:10:55.0812 3704 [ 2F7C0F3E39C45E0127FB78B2F18A41F3 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

11:10:55.0828 3704 avast! Antivirus - ok

11:10:55.0859 3704 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\windows\system32\drivers\Beep.sys

11:10:55.0859 3704 Beep - ok

11:10:55.0875 3704 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll

11:10:55.0968 3704 BITS - ok

11:10:56.0046 3704 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

11:10:56.0062 3704 Bonjour Service - ok

11:10:56.0093 3704 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\windows\System32\browser.dll

11:10:56.0093 3704 Browser - ok

11:10:56.0140 3704 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\windows\system32\drivers\cbidf2k.sys

11:10:56.0156 3704 cbidf2k - ok

11:10:56.0171 3704 cd20xrnt - ok

11:10:56.0187 3704 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\windows\system32\drivers\Cdaudio.sys

11:10:56.0203 3704 Cdaudio - ok

11:10:56.0218 3704 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\windows\system32\drivers\Cdfs.sys

11:10:56.0218 3704 Cdfs - ok

11:10:56.0265 3704 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\windows\system32\DRIVERS\cdrom.sys

11:10:56.0265 3704 Cdrom - ok

11:10:56.0281 3704 Changer - ok

11:10:56.0312 3704 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\windows\system32\cisvc.exe

11:10:56.0312 3704 CiSvc - ok

11:10:56.0328 3704 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\windows\system32\clipsrv.exe

11:10:56.0328 3704 ClipSrv - ok

11:10:56.0359 3704 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

11:10:56.0390 3704 clr_optimization_v2.0.50727_32 - ok

11:10:56.0390 3704 CmdIde - ok

11:10:56.0406 3704 COMSysApp - ok

11:10:56.0406 3704 Cpqarray - ok

11:10:56.0437 3704 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\windows\System32\cryptsvc.dll

11:10:56.0437 3704 CryptSvc - ok

11:10:56.0437 3704 dac2w2k - ok

11:10:56.0453 3704 dac960nt - ok

11:10:56.0484 3704 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\windows\system32\rpcss.dll

11:10:56.0515 3704 DcomLaunch - ok

11:10:56.0546 3704 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\windows\System32\dhcpcsvc.dll

11:10:56.0546 3704 Dhcp - ok

11:10:56.0546 3704 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\windows\system32\DRIVERS\disk.sys

11:10:56.0546 3704 Disk - ok

11:10:56.0562 3704 dmadmin - ok

11:10:56.0593 3704 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\windows\system32\drivers\dmboot.sys

11:10:56.0609 3704 dmboot - ok

11:10:56.0609 3704 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\windows\system32\drivers\dmio.sys

11:10:56.0625 3704 dmio - ok

11:10:56.0640 3704 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\windows\system32\drivers\dmload.sys

11:10:56.0640 3704 dmload - ok

11:10:56.0656 3704 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\windows\System32\dmserver.dll

11:10:56.0671 3704 dmserver - ok

11:10:56.0703 3704 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\windows\system32\drivers\DMusic.sys

11:10:56.0703 3704 DMusic - ok

11:10:56.0734 3704 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\windows\System32\dnsrslvr.dll

11:10:56.0734 3704 Dnscache - ok

11:10:56.0859 3704 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\windows\System32\dot3svc.dll

11:10:56.0859 3704 Dot3svc - ok

11:10:56.0875 3704 dpti2o - ok

11:10:56.0890 3704 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\windows\system32\drivers\drmkaud.sys

11:10:56.0890 3704 drmkaud - ok

11:10:56.0937 3704 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\windows\System32\eapsvc.dll

11:10:56.0937 3704 EapHost - ok

11:10:56.0953 3704 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\windows\System32\ersvc.dll

11:10:56.0953 3704 ERSvc - ok

11:10:57.0000 3704 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\windows\system32\services.exe

11:10:57.0015 3704 Eventlog - ok

11:10:57.0046 3704 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll

11:10:57.0062 3704 EventSystem - ok

11:10:57.0093 3704 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\windows\system32\drivers\Fastfat.sys

11:10:57.0093 3704 Fastfat - ok

11:10:57.0125 3704 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\windows\System32\shsvcs.dll

11:10:57.0156 3704 FastUserSwitchingCompatibility - ok

11:10:57.0171 3704 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\windows\system32\drivers\Fdc.sys

11:10:57.0171 3704 Fdc - ok

11:10:57.0187 3704 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\windows\system32\drivers\Fips.sys

11:10:57.0187 3704 Fips - ok

11:10:57.0187 3704 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\windows\system32\drivers\Flpydisk.sys

11:10:57.0187 3704 Flpydisk - ok

11:10:57.0218 3704 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\windows\system32\drivers\fltmgr.sys

11:10:57.0218 3704 FltMgr - ok

11:10:57.0265 3704 [ 8EFA9BFC940D9EB9348D9DAFB839FE25 ] FlyUsb C:\windows\system32\DRIVERS\FlyUsb.sys

11:10:57.0265 3704 FlyUsb - ok

11:10:57.0343 3704 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

11:10:57.0343 3704 FontCache3.0.0.0 - ok

11:10:57.0390 3704 [ 790A4CA68F44BE35967B3DF61F3E4675 ] FsUsbExDisk C:\WINDOWS\system32\FsUsbExDisk.SYS

11:10:57.0390 3704 FsUsbExDisk - ok

11:10:57.0406 3704 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys

11:10:57.0406 3704 Fs_Rec - ok

11:10:57.0421 3704 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\windows\system32\DRIVERS\ftdisk.sys

11:10:57.0437 3704 Ftdisk - ok

11:10:57.0468 3704 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys

11:10:57.0484 3704 GEARAspiWDM - ok

11:10:57.0500 3704 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\windows\system32\DRIVERS\msgpc.sys

11:10:57.0500 3704 Gpc - ok

11:10:57.0531 3704 [ D956358054E99E6FFAC69CD87E893A89 ] grmnusb C:\windows\system32\drivers\grmnusb.sys

11:10:57.0546 3704 grmnusb - ok

11:10:57.0656 3704 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

11:10:57.0671 3704 gupdate - ok

11:10:57.0671 3704 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

11:10:57.0687 3704 gupdatem - ok

11:10:57.0703 3704 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys

11:10:57.0703 3704 HDAudBus - ok

11:10:57.0765 3704 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll

11:10:57.0765 3704 helpsvc - ok

11:10:57.0765 3704 HidServ - ok

11:10:57.0812 3704 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\windows\System32\kmsvc.dll

11:10:57.0812 3704 hkmsvc - ok

11:10:57.0828 3704 hpn - ok

11:10:57.0875 3704 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\windows\system32\Drivers\HTTP.sys

11:10:57.0875 3704 HTTP - ok

11:10:57.0921 3704 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\windows\System32\w3ssl.dll

11:10:57.0937 3704 HTTPFilter - ok

11:10:57.0953 3704 i2omgmt - ok

11:10:57.0953 3704 i2omp - ok

11:10:57.0968 3704 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys

11:10:57.0968 3704 i8042prt - ok

11:10:58.0031 3704 [ D4405BD2B6E95EFDC8E674ED4032874F ] ialm C:\windows\system32\DRIVERS\ialmnt5.sys

11:10:58.0062 3704 ialm - ok

11:10:58.0125 3704 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

11:10:58.0156 3704 idsvc - ok

11:10:58.0156 3704 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\windows\system32\DRIVERS\imapi.sys

11:10:58.0156 3704 Imapi - ok

11:10:58.0203 3704 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe

11:10:58.0250 3704 ImapiService - ok

11:10:58.0265 3704 ini910u - ok

11:10:58.0625 3704 [ A30685283F90AE02F1CD50972C6065E3 ] IntcAzAudAddService C:\windows\system32\drivers\RtkHDAud.sys

11:10:58.0750 3704 IntcAzAudAddService - ok

11:10:58.0796 3704 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\windows\system32\DRIVERS\intelide.sys

11:10:58.0812 3704 IntelIde - ok

11:10:58.0843 3704 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\windows\system32\DRIVERS\intelppm.sys

11:10:58.0875 3704 intelppm - ok

11:10:58.0890 3704 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\windows\system32\drivers\ip6fw.sys

11:10:58.0890 3704 Ip6Fw - ok

11:10:58.0906 3704 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys

11:10:58.0906 3704 IpFilterDriver - ok

11:10:58.0921 3704 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\windows\system32\DRIVERS\ipinip.sys

11:10:58.0937 3704 IpInIp - ok

11:10:58.0953 3704 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\windows\system32\DRIVERS\ipnat.sys

11:10:58.0953 3704 IpNat - ok

11:10:59.0000 3704 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

11:10:59.0031 3704 iPod Service - ok

11:10:59.0031 3704 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\windows\system32\DRIVERS\ipsec.sys

11:10:59.0046 3704 IPSec - ok

11:10:59.0078 3704 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\windows\system32\DRIVERS\irenum.sys

11:10:59.0093 3704 IRENUM - ok

11:10:59.0109 3704 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\windows\system32\DRIVERS\isapnp.sys

11:10:59.0109 3704 isapnp - ok

11:10:59.0203 3704 [ 381B25DC8E958D905B33130D500BBF29 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe

11:10:59.0203 3704 JavaQuickStarterService - ok

11:10:59.0234 3704 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\windows\system32\DRIVERS\kbdclass.sys

11:10:59.0234 3704 Kbdclass - ok

11:10:59.0281 3704 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\windows\system32\drivers\kmixer.sys

11:10:59.0281 3704 kmixer - ok

11:10:59.0328 3704 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\windows\system32\drivers\KSecDD.sys

11:10:59.0328 3704 KSecDD - ok

11:10:59.0359 3704 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\windows\System32\srvsvc.dll

11:10:59.0375 3704 lanmanserver - ok

11:10:59.0406 3704 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\windows\System32\wkssvc.dll

11:10:59.0437 3704 lanmanworkstation - ok

11:10:59.0437 3704 lbrtfdc - ok

11:10:59.0625 3704 [ 3C879D04BB6466E2853C3155B635CC45 ] LeapFrog Connect Device Service C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

11:10:59.0796 3704 LeapFrog Connect Device Service - ok

11:10:59.0828 3704 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\windows\System32\lmhsvc.dll

11:10:59.0843 3704 LmHosts - ok

11:10:59.0859 3704 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\windows\system32\drivers\mbam.sys

11:10:59.0859 3704 MBAMProtector - ok

11:10:59.0968 3704 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

11:11:00.0015 3704 MBAMService - ok

11:11:00.0156 3704 [ E6CB119EF2E148EAA1A247343550756E ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe

11:11:00.0156 3704 McciCMService - ok

11:11:00.0250 3704 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

11:11:00.0281 3704 MDM - ok

11:11:00.0375 3704 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\windows\System32\msgsvc.dll

11:11:00.0390 3704 Messenger - ok

11:11:00.0453 3704 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\windows\system32\drivers\mnmdd.sys

11:11:00.0484 3704 mnmdd - ok

11:11:00.0546 3704 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

11:11:00.0562 3704 mnmsrvc - ok

11:11:00.0593 3704 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\windows\system32\drivers\Modem.sys

11:11:00.0593 3704 Modem - ok

11:11:00.0609 3704 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\windows\system32\DRIVERS\mouclass.sys

11:11:00.0625 3704 Mouclass - ok

11:11:00.0656 3704 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\windows\system32\drivers\MountMgr.sys

11:11:00.0656 3704 MountMgr - ok

11:11:00.0718 3704 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

11:11:00.0718 3704 MozillaMaintenance - ok

11:11:00.0734 3704 mraid35x - ok

11:11:00.0734 3704 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\windows\system32\DRIVERS\mrxdav.sys

11:11:00.0750 3704 MRxDAV - ok

11:11:00.0812 3704 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\windows\system32\DRIVERS\mrxsmb.sys

11:11:00.0828 3704 MRxSmb - ok

11:11:00.0859 3704 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe

11:11:00.0875 3704 MSDTC - ok

11:11:00.0921 3704 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\windows\system32\drivers\Msfs.sys

11:11:00.0921 3704 Msfs - ok

11:11:00.0921 3704 MSIServer - ok

11:11:01.0015 3704 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys

11:11:01.0015 3704 MSKSSRV - ok

11:11:01.0109 3704 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys

11:11:01.0140 3704 MSPCLOCK - ok

11:11:01.0156 3704 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\windows\system32\drivers\MSPQM.sys

11:11:01.0156 3704 MSPQM - ok

11:11:01.0218 3704 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys

11:11:01.0218 3704 mssmbios - ok

11:11:01.0265 3704 MSSQL$SONY_MEDIAMGR - ok

11:11:01.0343 3704 [ CB7524C21727404BD3140DCA32DEB7DE ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe

11:11:01.0343 3704 MSSQLServerADHelper - ok

11:11:01.0359 3704 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\windows\system32\drivers\Mup.sys

11:11:01.0375 3704 Mup - ok

11:11:01.0421 3704 [ 0102140028FAD045756796E1C685D695 ] napagent C:\windows\System32\qagentrt.dll

11:11:01.0437 3704 napagent - ok

11:11:01.0453 3704 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\windows\system32\drivers\NDIS.sys

11:11:01.0453 3704 NDIS - ok

11:11:01.0484 3704 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys

11:11:01.0484 3704 NdisTapi - ok

11:11:01.0515 3704 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys

11:11:01.0515 3704 Ndisuio - ok

11:11:01.0531 3704 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys

11:11:01.0531 3704 NdisWan - ok

11:11:01.0562 3704 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\windows\system32\drivers\NDProxy.sys

11:11:01.0562 3704 NDProxy - ok

11:11:01.0562 3704 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys

11:11:01.0578 3704 NetBIOS - ok

11:11:01.0609 3704 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\windows\system32\DRIVERS\netbt.sys

11:11:01.0609 3704 NetBT - ok

11:11:01.0640 3704 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\windows\system32\netdde.exe

11:11:01.0656 3704 NetDDE - ok

11:11:01.0656 3704 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\windows\system32\netdde.exe

11:11:01.0671 3704 NetDDEdsdm - ok

11:11:01.0703 3704 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\windows\system32\lsass.exe

11:11:01.0718 3704 Netlogon - ok

11:11:01.0765 3704 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\windows\System32\netman.dll

11:11:01.0781 3704 Netman - ok

11:11:01.0812 3704 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

11:11:01.0828 3704 NetTcpPortSharing - ok

11:11:01.0843 3704 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\windows\system32\DRIVERS\nic1394.sys

11:11:01.0843 3704 NIC1394 - ok

11:11:01.0937 3704 [ 9CCBCA1FE056F67960C9420FCE635691 ] NitroReaderDriverReadSpool C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe

11:11:01.0953 3704 NitroReaderDriverReadSpool - ok

11:11:02.0031 3704 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\windows\System32\mswsock.dll

11:11:02.0046 3704 Nla - ok

11:11:02.0125 3704 [ FD306FBCCE7ADB1077B709742E7148E9 ] NMSAccessU C:\Program Files\CDBurnerXP\NMSAccessU.exe

11:11:02.0125 3704 NMSAccessU - ok

11:11:02.0140 3704 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\windows\system32\drivers\Npfs.sys

11:11:02.0140 3704 Npfs - ok

11:11:02.0218 3704 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\windows\system32\drivers\Ntfs.sys

11:11:02.0218 3704 Ntfs - ok

11:11:02.0234 3704 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\windows\system32\lsass.exe

11:11:02.0234 3704 NtLmSsp - ok

11:11:02.0281 3704 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\windows\system32\ntmssvc.dll

11:11:02.0296 3704 NtmsSvc - ok

11:11:02.0328 3704 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\windows\system32\drivers\Null.sys

11:11:02.0328 3704 Null - ok

11:11:02.0359 3704 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\windows\system32\DRIVERS\nwlnkflt.sys

11:11:02.0375 3704 NwlnkFlt - ok

11:11:02.0375 3704 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\windows\system32\DRIVERS\nwlnkfwd.sys

11:11:02.0390 3704 NwlnkFwd - ok

11:11:02.0421 3704 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

11:11:02.0437 3704 odserv - ok

11:11:02.0453 3704 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\windows\system32\DRIVERS\ohci1394.sys

11:11:02.0468 3704 ohci1394 - ok

11:11:02.0484 3704 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

11:11:02.0500 3704 ose - ok

11:11:02.0515 3704 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\windows\system32\DRIVERS\parport.sys

11:11:02.0515 3704 Parport - ok

11:11:02.0531 3704 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\windows\system32\drivers\PartMgr.sys

11:11:02.0546 3704 PartMgr - ok

11:11:02.0578 3704 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\windows\system32\drivers\ParVdm.sys

11:11:02.0593 3704 ParVdm - ok

11:11:02.0625 3704 pccsmcfd - ok

11:11:02.0640 3704 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\windows\system32\DRIVERS\pci.sys

11:11:02.0640 3704 PCI - ok

11:11:02.0656 3704 PCIDump - ok

11:11:02.0656 3704 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\windows\system32\drivers\PCIIde.sys

11:11:02.0656 3704 PCIIde - ok

11:11:02.0687 3704 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\windows\system32\drivers\Pcmcia.sys

11:11:02.0703 3704 Pcmcia - ok

11:11:02.0703 3704 PDCOMP - ok

11:11:02.0718 3704 PDFRAME - ok

11:11:02.0718 3704 PDRELI - ok

11:11:02.0718 3704 PDRFRAME - ok

11:11:02.0734 3704 perc2 - ok

11:11:02.0734 3704 perc2hib - ok

11:11:02.0765 3704 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\windows\system32\services.exe

11:11:02.0781 3704 PlugPlay - ok

11:11:02.0812 3704 [ 2D091A99624FB9E7EEF0A86D872EC0C3 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe

11:11:02.0828 3704 Pml Driver HPZ12 - ok

11:11:02.0828 3704 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\windows\system32\lsass.exe

11:11:02.0843 3704 PolicyAgent - ok

11:11:02.0875 3704 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys

11:11:02.0875 3704 PptpMiniport - ok

11:11:02.0890 3704 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\windows\system32\lsass.exe

11:11:02.0890 3704 ProtectedStorage - ok

11:11:02.0906 3704 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\windows\system32\DRIVERS\psched.sys

11:11:02.0906 3704 PSched - ok

11:11:02.0937 3704 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\windows\system32\DRIVERS\ptilink.sys

11:11:02.0953 3704 Ptilink - ok

11:11:02.0953 3704 ql1080 - ok

11:11:02.0953 3704 Ql10wnt - ok

11:11:02.0968 3704 ql12160 - ok

11:11:02.0968 3704 ql1240 - ok

11:11:02.0984 3704 ql1280 - ok

11:11:02.0984 3704 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys

11:11:02.0984 3704 RasAcd - ok

11:11:03.0015 3704 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\windows\System32\rasauto.dll

11:11:03.0031 3704 RasAuto - ok

11:11:03.0062 3704 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys

11:11:03.0109 3704 Rasl2tp - ok

11:11:03.0140 3704 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\windows\System32\rasmans.dll

11:11:03.0156 3704 RasMan - ok

11:11:03.0171 3704 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys

11:11:03.0171 3704 RasPppoe - ok

11:11:03.0187 3704 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\windows\system32\DRIVERS\raspti.sys

11:11:03.0187 3704 Raspti - ok

11:11:03.0250 3704 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\windows\system32\DRIVERS\rdbss.sys

11:11:03.0250 3704 Rdbss - ok

11:11:03.0250 3704 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys

11:11:03.0250 3704 RDPCDD - ok

11:11:03.0265 3704 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\windows\system32\DRIVERS\rdpdr.sys

11:11:03.0296 3704 rdpdr - ok

11:11:03.0343 3704 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\windows\system32\drivers\RDPWD.sys

11:11:03.0359 3704 RDPWD - ok

11:11:03.0390 3704 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

11:11:03.0421 3704 RDSessMgr - ok

11:11:03.0437 3704 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\windows\system32\DRIVERS\redbook.sys

11:11:03.0453 3704 redbook - ok

11:11:03.0468 3704 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\windows\System32\mprdim.dll

11:11:03.0484 3704 RemoteAccess - ok

11:11:03.0500 3704 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\windows\system32\regsvc.dll

11:11:03.0515 3704 RemoteRegistry - ok

11:11:03.0546 3704 [ F17713D108ACA124A139FDE877EEF68A ] RimUsb C:\windows\system32\Drivers\RimUsb.sys

11:11:03.0562 3704 RimUsb - ok

11:11:03.0578 3704 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\windows\system32\locator.exe

11:11:03.0593 3704 RpcLocator - ok

11:11:03.0625 3704 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\windows\system32\rpcss.dll

11:11:03.0640 3704 RpcSs - ok

11:11:03.0703 3704 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\windows\system32\rsvp.exe

11:11:03.0750 3704 RSVP - ok

11:11:03.0765 3704 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\windows\system32\DRIVERS\RTL8139.SYS

11:11:03.0781 3704 rtl8139 - ok

11:11:03.0796 3704 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\windows\system32\lsass.exe

11:11:03.0796 3704 SamSs - ok

11:11:03.0828 3704 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\windows\System32\SCardSvr.exe

11:11:03.0843 3704 SCardSvr - ok

11:11:03.0875 3704 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\windows\system32\schedsvc.dll

11:11:03.0906 3704 Schedule - ok

11:11:03.0937 3704 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\windows\system32\DRIVERS\secdrv.sys

11:11:03.0937 3704 Secdrv - ok

11:11:03.0968 3704 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\windows\System32\seclogon.dll

11:11:03.0984 3704 seclogon - ok

11:11:03.0984 3704 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\windows\system32\sens.dll

11:11:04.0000 3704 SENS - ok

11:11:04.0015 3704 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\windows\system32\drivers\Serial.sys

11:11:04.0015 3704 Serial - ok

11:11:04.0062 3704 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\windows\system32\drivers\Sfloppy.sys

11:11:04.0062 3704 Sfloppy - ok

11:11:04.0109 3704 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\windows\System32\ipnathlp.dll

11:11:04.0125 3704 SharedAccess - ok

11:11:04.0187 3704 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\windows\System32\shsvcs.dll

11:11:04.0187 3704 ShellHWDetection - ok

11:11:04.0203 3704 Simbad - ok

11:11:04.0203 3704 Sparrow - ok

11:11:04.0250 3704 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\windows\system32\drivers\splitter.sys

11:11:04.0250 3704 splitter - ok

11:11:04.0281 3704 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\windows\system32\spoolsv.exe

11:11:04.0296 3704 Spooler - ok

11:11:04.0343 3704 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\windows\system32\Drivers\sptd.sys

11:11:04.0343 3704 Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505

11:11:04.0359 3704 sptd ( LockedFile.Multi.Generic ) - warning

11:11:04.0359 3704 sptd - detected LockedFile.Multi.Generic (1)

11:11:04.0359 3704 SQLAgent$SONY_MEDIAMGR - ok

11:11:04.0375 3704 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\windows\system32\DRIVERS\sr.sys

11:11:04.0390 3704 sr - ok

11:11:04.0421 3704 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll

11:11:04.0437 3704 srservice - ok

11:11:04.0453 3704 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\windows\system32\DRIVERS\srv.sys

11:11:04.0468 3704 Srv - ok

11:11:04.0484 3704 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\windows\System32\ssdpsrv.dll

11:11:04.0500 3704 SSDPSRV - ok

11:11:04.0546 3704 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\windows\system32\DRIVERS\serscan.sys

11:11:04.0546 3704 StillCam - ok

11:11:04.0640 3704 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\windows\system32\wiaservc.dll

11:11:04.0703 3704 stisvc - ok

11:11:04.0734 3704 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\windows\system32\DRIVERS\swenum.sys

11:11:04.0734 3704 swenum - ok

11:11:04.0765 3704 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\windows\system32\drivers\swmidi.sys

11:11:04.0765 3704 swmidi - ok

11:11:04.0765 3704 SwPrv - ok

11:11:04.0781 3704 symc810 - ok

11:11:04.0781 3704 symc8xx - ok

11:11:04.0796 3704 sym_hi - ok

11:11:04.0796 3704 sym_u3 - ok

11:11:04.0843 3704 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\windows\system32\drivers\sysaudio.sys

11:11:04.0859 3704 sysaudio - ok

11:11:04.0890 3704 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\windows\system32\smlogsvc.exe

11:11:04.0906 3704 SysmonLog - ok

11:11:04.0953 3704 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\windows\System32\tapisrv.dll

11:11:04.0968 3704 TapiSrv - ok

11:11:05.0015 3704 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\windows\system32\DRIVERS\tcpip.sys

11:11:05.0031 3704 Tcpip - ok

11:11:05.0062 3704 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\windows\system32\drivers\TDPIPE.sys

11:11:05.0062 3704 TDPIPE - ok

11:11:05.0078 3704 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\windows\system32\drivers\TDTCP.sys

11:11:05.0093 3704 TDTCP - ok

11:11:05.0109 3704 [ 88155247177638048422893737429D9E ] TermDD C:\windows\system32\DRIVERS\termdd.sys

11:11:05.0125 3704 TermDD - ok

11:11:05.0156 3704 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\windows\System32\termsrv.dll

11:11:05.0203 3704 TermService - ok

11:11:05.0250 3704 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\windows\System32\shsvcs.dll

11:11:05.0250 3704 Themes - ok

11:11:05.0281 3704 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe

11:11:05.0328 3704 TlntSvr - ok

11:11:05.0328 3704 TosIde - ok

11:11:05.0375 3704 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\windows\system32\trkwks.dll

11:11:05.0406 3704 TrkWks - ok

11:11:05.0468 3704 [ B3C9C35DC93563B8D19AD414EDF2FC82 ] TrueSight c:\windows\system32\drivers\TrueSight.sys

11:11:05.0468 3704 TrueSight - ok

11:11:05.0500 3704 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\windows\system32\drivers\Udfs.sys

11:11:05.0500 3704 Udfs - ok

11:11:05.0515 3704 ultra - ok

11:11:05.0562 3704 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\windows\system32\DRIVERS\update.sys

11:11:05.0578 3704 Update - ok

11:11:05.0609 3704 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\windows\System32\upnphost.dll

11:11:05.0625 3704 upnphost - ok

11:11:05.0640 3704 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\windows\System32\ups.exe

11:11:05.0656 3704 UPS - ok

11:11:05.0703 3704 [ 60A68A5EA173A97971EE9F1FF49EB2B3 ] USBAAPL C:\windows\system32\Drivers\usbaapl.sys

11:11:05.0718 3704 USBAAPL - ok

11:11:05.0765 3704 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys

11:11:05.0765 3704 usbccgp - ok

11:11:05.0781 3704 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\windows\system32\DRIVERS\usbehci.sys

11:11:05.0781 3704 usbehci - ok

11:11:05.0812 3704 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\windows\system32\DRIVERS\usbhub.sys

11:11:05.0812 3704 usbhub - ok

11:11:05.0843 3704 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys

11:11:05.0859 3704 usbprint - ok

11:11:05.0875 3704 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys

11:11:05.0890 3704 usbscan - ok

11:11:05.0906 3704 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS

11:11:05.0921 3704 USBSTOR - ok

11:11:05.0937 3704 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys

11:11:05.0937 3704 usbuhci - ok

11:11:05.0953 3704 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\windows\System32\drivers\vga.sys

11:11:05.0953 3704 VgaSave - ok

11:11:05.0953 3704 ViaIde - ok

11:11:06.0000 3704 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\windows\system32\drivers\VolSnap.sys

11:11:06.0000 3704 VolSnap - ok

11:11:06.0031 3704 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\windows\System32\vssvc.exe

11:11:06.0078 3704 VSS - ok

11:11:06.0093 3704 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll

11:11:06.0109 3704 W32Time - ok

11:11:06.0156 3704 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\windows\system32\DRIVERS\wanarp.sys

11:11:06.0156 3704 Wanarp - ok

11:11:06.0156 3704 WDICA - ok

11:11:06.0187 3704 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\windows\system32\drivers\wdmaud.sys

11:11:06.0187 3704 wdmaud - ok

11:11:06.0218 3704 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\windows\System32\webclnt.dll

11:11:06.0234 3704 WebClient - ok

11:11:06.0296 3704 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\windows\system32\wbem\WMIsvc.dll

11:11:06.0296 3704 winmgmt - ok

11:11:06.0343 3704 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll

11:11:06.0343 3704 WmdmPmSN - ok

11:11:06.0390 3704 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\windows\System32\advapi32.dll

11:11:06.0406 3704 Wmi - ok

11:11:06.0437 3704 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

11:11:06.0453 3704 WmiApSrv - ok

11:11:06.0531 3704 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe

11:11:06.0562 3704 WMPNetworkSvc - ok

11:11:06.0609 3704 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\windows\system32\wscsvc.dll

11:11:06.0625 3704 wscsvc - ok

11:11:06.0656 3704 WSearch - ok

11:11:06.0687 3704 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\windows\system32\wuauserv.dll

11:11:06.0703 3704 wuauserv - ok

11:11:06.0734 3704 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\windows\system32\DRIVERS\WudfPf.sys

11:11:06.0750 3704 WudfPf - ok

11:11:06.0781 3704 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\windows\system32\DRIVERS\wudfrd.sys

11:11:06.0781 3704 WudfRd - ok

11:11:06.0796 3704 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\windows\System32\WUDFSvc.dll

11:11:06.0812 3704 WudfSvc - ok

11:11:06.0859 3704 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\windows\System32\wzcsvc.dll

11:11:06.0906 3704 WZCSVC - ok

11:11:06.0937 3704 [ 6D87C2DAD885A8A98B9D2AD680A4086E ] XE102Mp5 C:\windows\system32\Drivers\XE102Mp5.sys

11:11:06.0953 3704 XE102Mp5 - ok

11:11:07.0000 3704 [ 8368BD6DEE11A749B7DB2B64648DD0D4 ] XE102Sp5 C:\windows\system32\Drivers\XE102Sp5.sys

11:11:07.0000 3704 XE102Sp5 - ok

11:11:07.0031 3704 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\windows\System32\xmlprov.dll

11:11:07.0062 3704 xmlprov - ok

11:11:07.0078 3704 ================ Scan global ===============================

11:11:07.0109 3704 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\windows\system32\basesrv.dll

11:11:07.0140 3704 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\windows\system32\winsrv.dll

11:11:07.0187 3704 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\windows\system32\winsrv.dll

11:11:07.0234 3704 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\windows\system32\services.exe

11:11:07.0234 3704 [Global] - ok

11:11:07.0234 3704 ================ Scan MBR ==================================

11:11:07.0250 3704 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0

11:11:07.0250 3704 Suspicious mbr (Forged): \Device\Harddisk0\DR0

11:11:07.0281 3704 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

11:11:07.0281 3704 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

11:11:07.0281 3704 ================ Scan VBR ==================================

11:11:07.0296 3704 [ 3513EDB8D179794C7208D8874233C52E ] \Device\Harddisk0\DR0\Partition1

11:11:07.0296 3704 \Device\Harddisk0\DR0\Partition1 - ok

11:11:07.0312 3704 [ FFF1261264F8869689AEF43AABCB0581 ] \Device\Harddisk0\DR0\Partition2

11:11:07.0312 3704 \Device\Harddisk0\DR0\Partition2 - ok

11:11:07.0312 3704 ============================================================

11:11:07.0312 3704 Scan finished

11:11:07.0312 3704 ============================================================

11:11:07.0328 1716 Detected object count: 2

11:11:07.0328 1716 Actual detected object count: 2

11:11:47.0171 1716 sptd ( LockedFile.Multi.Generic ) - skipped by user

11:11:47.0171 1716 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

11:11:48.0312 1716 \Device\Harddisk0\DR0\# - copied to quarantine

11:11:48.0312 1716 \Device\Harddisk0\DR0 - copied to quarantine

11:11:48.0343 1716 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

11:11:48.0359 1716 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

11:11:48.0359 1716 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

11:11:48.0375 1716 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

11:11:48.0375 1716 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

11:11:48.0421 1716 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

11:11:48.0453 1716 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

11:11:48.0453 1716 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

11:11:48.0453 1716 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

11:11:48.0468 1716 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

11:11:48.0562 1716 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

11:11:48.0562 1716 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

11:11:48.0578 1716 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

11:11:48.0578 1716 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

11:11:48.0593 1716 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

11:11:48.0593 1716 \Device\Harddisk0\DR0 - ok

11:11:49.0031 1716 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

11:12:43.0765 1152 Deinitialize success

Link to post
Share on other sites

Trojan & rootkit warning:TDSS

This system has some serious backdoor trojans.

This is a point where you need to decide about whether to make a clean start.

According to the information provided in logs, one or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information, and download and execute files.

You are strongly advised to do the following immediately.

1. Contact your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.

3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.These trojans leave a backdoor open on the system that can allow a hacker total and complete access to your computer. (Remote access trojan) Hackers can operate your computer just as if they were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.

* Take any other steps you think appropriate for an attempted identity theft.

You should also understand that once a system has been compromised by a Trojan backdoor, it can never really be trusted again unless you completely reformat the hard drives and reinstall Windows fresh.

While we usually can successfully remove malware like this, we cannot guarantee that it is totally gone, and that your system is completely safe to use for future financial information and/or transactions.

Here is some additional information: What Is A Backdoor Trojan? http://www.geekstogo...backdoor-trojan

Danger: Remote Access Trojans http://www.microsoft...o/virusrat.mspx

Consumers – Identity Theft http://www.ftc.gov/b...mers/index.html

When should I re-format? How should I reinstall? http://www.dslreports.com/faq/10063

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451

Let me know what you decide.

Link to post
Share on other sites

Allright. Let's do these steps.

Step 1

First, Logoff and Restart the system fresh.

Step 2

Next, you already have RKILL. Run it one more time.

Next, do as much as you can of the following:

Step 3

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 4

Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

Step 5

Turn OFF your AVAST antivirus so that it does not interfere

You already have RogueKiller. We want to try just one more time to run it.

  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Do NOT press any Fix button.
  • Exit/Close RogueKiller

Edited by Maurice Naggar
Link to post
Share on other sites

Ran RKill, here is the report:

Rkill 2.3.1 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2012 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/23/2012 12:23:41 PM in x86 mode.

Windows Version: Windows XP Service Pack 3

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* No issues found.

Checking Windows Service Integrity:

* Background Intelligent Transfer Service (BITS) is not Running.

Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 08/23/2012 12:24:23 PM

Execution time: 0 hours(s), 0 minute(s), and 41 seconds(s)

I will now download ERUNT.

Link to post
Share on other sites

Installed ERUNT and made the back-up folder for the registry files and backed everything up.

Ran Rogue Killer again. Here is the report:

RogueKiller V7.6.6 [08/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: Ray [Admin rights]

Mode: Scan -- Date: 08/23/2012 12:33:47

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 1 ¤¤¤

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

IRP[iRP_MJ_CREATE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF72E9B40)

IRP[iRP_MJ_CLOSE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF72E9B40)

IRP[iRP_MJ_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF72E9B40)

IRP[iRP_MJ_INTERNAL_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF72E9B40)

IRP[iRP_MJ_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF72E9B40)

IRP[iRP_MJ_DEVICE_CHANGE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF72E9B40)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

127.0.0.1

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1001namen.com

127.0.0.1 1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

[...]

¤¤¤ MBR Check: ¤¤¤

Link to post
Share on other sites

Okay, installed and ran Listparts. Here is the report:

ListParts by Farbar Version: 10-08-2012

Ran by Ray (administrator) on 23-08-2012 at 12:51:47

Windows XP (X86)

Running From: C:\Documents and Settings\Ray\desktop

Language: 0409

************************************************************

========================= Memory info ======================

Percentage of memory in use: 55%

Total physical RAM: 1015.29 MB

Available physical RAM: 454.21 MB

Total Pagefile: 2442 MB

Available Pagefile: 2006.02 MB

Total Virtual: 2047.88 MB

Available Virtual: 2003.38 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:244.14 GB) (Free:203.4 GB) NTFS

2 Drive d: (Storage) (Fixed) (Total:221.61 GB) (Free:155.83 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ---------- ------- ------- --- ---

Disk 0 Online 466 GB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 244 GB 32 KB

Partition 2 Extended 222 GB 244 GB

Partition 3 Logical 222 GB 244 GB

======================================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 244 GB Healthy System (partition with boot components)

======================================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Link to post
Share on other sites

These steps are for spartan_fan98 only. If you are a casual viewer, do NOT try this on your system!

If you are not spartan_fan98 and have a similar problem, do NOT post here; start your own topic

The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to any other system!

You will want to print out or copy these instructions to Notepad for Safe offline reference!

Do not do any websurfing on this system. Only go to this forum and the sites I guide you to for tools or online scans.

Please follow my guidance

eusa_hand.gif If you are a casual viewer, do NOT try this on your system!

If you are not the originating-member-poster and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

icon_arrow.gifDo NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

Close any of your open programs while you run these tools.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

If you have a prior copy of Combofix, delete it now !

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1

Link 2

CF_download_FF.gif

CF_download_rename.gif

* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop

If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on Combo-Fix.exe cf-icon.jpg accept the EULA & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

-------------------------------------------------------

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh !

Reply & Copy & Paste the C:\Combofix.txt log and tell me, How is the system now :excl:

RE-Enable your AntiVirus and AntiSpyware applications.

Link to post
Share on other sites

Okay, installed combo-fix.exe and ran it. Here is the report:

ComboFix 12-08-22.03 - Ray 08/23/2012 13:26:39.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.572 [GMT -4:00]

Running from: c:\documents and settings\Ray\Desktop\Combo-Fix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Ray\System

c:\documents and settings\Ray\System\win_qs8.jqx

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\regtlib.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-07-23 to 2012-08-23 )))))))))))))))))))))))))))))))

.

.

2012-08-23 16:27 . 2012-08-23 16:27 -------- d-----w- c:\program files\ERUNT

2012-08-23 15:11 . 2012-08-23 15:11 -------- d-----w- C:\TDSSKiller_Quarantine

2012-08-23 15:06 . 2012-08-23 15:06 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer

2012-08-15 13:56 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-10 16:47 . 2012-08-10 16:47 -------- d-----w- c:\program files\iPod

2012-08-10 16:47 . 2012-08-10 16:48 -------- d-----w- c:\program files\iTunes

2012-08-10 16:47 . 2012-08-10 16:48 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2012-08-10 16:44 . 2012-08-10 16:44 -------- d-----w- c:\program files\Apple Software Update

2012-08-10 16:37 . 2012-08-10 16:37 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer

2012-08-10 16:36 . 2012-08-10 16:36 -------- d-----w- c:\program files\Bonjour

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-21 09:13 . 2011-04-12 16:43 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-08-21 09:13 . 2009-05-10 04:37 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-08-21 09:13 . 2009-05-10 04:37 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-08-21 09:13 . 2009-05-10 04:37 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-08-21 09:13 . 2009-05-10 04:37 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-08-21 09:13 . 2009-05-10 04:37 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-08-21 09:13 . 2009-05-10 04:37 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-08-21 09:13 . 2009-05-10 04:37 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-08-21 09:12 . 2010-07-06 04:24 41224 ----a-w- c:\windows\avastSS.scr

2012-08-21 09:12 . 2009-05-10 04:37 227648 ----a-w- c:\windows\system32\aswBoot.exe

2012-08-15 05:14 . 2012-07-06 14:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-15 05:14 . 2012-07-06 14:21 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-11 16:31 . 2009-05-16 06:23 81920 -c--a-w- c:\windows\ALCFDRTM.VER

2012-07-06 13:58 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\browser.dll

2012-07-04 14:05 . 2009-05-10 03:26 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-03 13:40 . 2006-02-28 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-07-02 17:49 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-07-02 17:49 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-07-02 17:49 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-07-02 12:05 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec

2012-06-07 00:59 . 2012-06-07 00:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-06-05 15:50 . 2008-04-14 00:12 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50 . 2006-02-28 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 21:35 . 2008-10-16 21:07 222448 ----a-w- c:\windows\system32\muweb.dll

2012-06-04 04:32 . 2006-02-28 12:00 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 19:19 . 2008-10-16 21:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 19:19 . 2009-05-10 03:27 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 19:19 . 2009-05-10 03:27 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 19:19 . 2009-05-10 03:27 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 19:19 . 2008-10-16 21:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 19:19 . 2009-05-10 03:27 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 19:19 . 2009-05-10 03:27 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 19:19 . 2008-10-16 21:09 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 19:19 . 2008-10-16 21:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 19:19 . 2006-02-28 12:00 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 19:19 . 2008-10-16 21:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 19:19 . 2009-05-10 03:27 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 19:19 . 2009-05-10 03:27 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 19:18 . 2009-05-16 04:40 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 19:18 . 2009-05-16 04:40 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2010-12-13 19:53 . 2010-12-13 19:53 9163464 ----a-w- c:\program files\Common Files\lpuninstall.exe

2010-12-07 18:48 . 2010-12-07 18:48 288568 -c--a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll

2012-07-26 18:39 . 2011-05-04 13:25 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-08-21 09:12 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2005-09-21 86016]

"AlcWzrd"="ALCWZRD.EXE" [2005-09-21 2807808]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]

"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-08-21 4282728]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]

HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-27 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intel AppUp(SM) center]

2011-03-07 15:50 933 -c--a-w- c:\program files\Intel\IntelAppStore\bin\serviceManager.lnk

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-06-07 23:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]

2011-11-12 16:04 268640 ----a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-05-26 21:18 413696 -c--a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"InstallVCOM"=c:\windows\system32\InstallVCOM.exe

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"HotKeysCmds"=c:\windows\system32\hkcmd.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\temp\\HP_WebRelease\\Setup\\HPZnet01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/18/2010 3:46 PM 691696]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/12/2011 12:43 PM 729752]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/10/2009 12:37 AM 355632]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/10/2009 12:37 AM 21256]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/15/2012 9:56 AM 655944]

R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [1/14/2011 1:35 PM 196912]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/15/2012 9:56 AM 22344]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/14/2010 10:54 AM 135664]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [7/6/2012 10:21 AM 250056]

S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [7/2/2009 8:53 PM 18560]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [4/14/2010 10:36 AM 36608]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/14/2010 10:54 AM 135664]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6/21/2012 1:53 PM 113120]

S3 XE102Mp5;XE102Mp5 NDIS Protocol Driver;c:\windows\system32\drivers\XE102Mp5.sys [12/20/2009 1:04 PM 21120]

S3 XE102Sp5;XE102Sp5 NDIS Protocol Driver;c:\windows\system32\drivers\XE102Sp5.sys [12/20/2009 1:04 PM 18176]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - DMADMIN

*Deregistered* - TrueSight

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-23 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-06 05:14]

.

2012-08-22 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

2012-08-23 c:\windows\Tasks\avast! Emergency Update.job

- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-02 09:12]

.

2012-08-23 c:\windows\Tasks\GlaryInitialize.job

- c:\program files\Glary Utilities\initialize.exe [2011-05-24 13:43]

.

2012-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-14 14:54]

.

2012-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-14 14:54]

.

2012-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1202660629-725345543-1004Core.job

- c:\documents and settings\Ray\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 03:24]

.

2012-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1202660629-725345543-1004UA.job

- c:\documents and settings\Ray\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 03:24]

.

2012-08-23 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2012-07-06 02:18]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://isearch.glarysoft.com/?src=iehome

mStart Page = hxxp://isearch.glarysoft.com/?src=iehome

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: LastPass - file://c:\program files\LastPass\context.html?cmd=lastpass

IE: LastPass Fill Forms - file://c:\program files\LastPass\context.html?cmd=fillforms

TCP: DhcpNameServer = 64.233.217.5 64.233.217.2

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - ProfilePath - c:\documents and settings\Ray\Application Data\Mozilla\Firefox\Profiles\mg3y7ybz.default\

FF - prefs.js: browser.startup.homepage - about:home

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

SafeBoot-58483566.sys

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-08-23 13:38

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2012-08-23 13:41:56

ComboFix-quarantined-files.txt 2012-08-23 17:41

.

Pre-Run: 218,301,607,936 bytes free

Post-Run: 220,416,376,832 bytes free

.

- - End Of File - - 68140897E9D793214FBB3B2A137B0DC5

Link to post
Share on other sites

Very good.

Now, make sure Tea Timer is still off.

Start your Avast, Make sure to do an Update run. Then have it do a scan.

Advise me of result.

NEXT:

Download >> Farbar's Service Scanner utility << and Save to your Desktop.

If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Admisnitrator.

If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are checkmarked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Copy & Paste contents of FSS.txt into your reply.

NEXT:

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and paste The MBAM scan log.

And, tell me, How is the system now ?

Link to post
Share on other sites

Avast found the following:

C:\TDSSKiller_Quarantine\23.08.2012_11.10.26\mbr0000\tsk0001.dta High Threat: MBR: Alureon-B [Rtk]

C:\TDSSKiller_Quarantine\23.08.2012_11.10.26\mbr0000\tsk0003.dta High Threat: Win32:Alureon-MJ@mbr [Rtk]

C:\TDSSKiller_Quarantine\23.08.2012_11.10.26\mbr0000\tsk0004.dta High Threat: Win32:Malware-gen

C:\TDSSKiller_Quarantine\23.08.2012_11.10.26\mbr0000\tsk0005.dta High Threat: Win32:Rootkit-gen [Rtk]

C:\TDSSKiller_Quarantine\23.08.2012_11.10.26\mbr0000\tsk0006.dta High Threat: Win32:Rootkit-gen [Rtk]

C:\TDSSKiller_Quarantine\23.08.2012_11.10.26\mbr0000\tsk0009.dta High Threat: MBR: Alureon-B [Rtk]

C:\TDSSKiller_Quarantine\23.08.2012_11.10.26\mbr0000\tsk00001.dta High Threat: Win32: Rootkit-gen [Rtk]

C:\TDSSKiller_Quarantine\23.08.2012_11.10.26\mbr0000\tsk0001.dta High Threat: Win64: Alureon-B@mbr [Rtk]

I have left Avast on the Scan Results screen because you did not say to let Avast clean those out. I did not want to do anything else before I let you know those results.

Let me know if I should let Avast delete those files.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.