Jump to content

Recommended Posts

00:26:06 Mike Stout IP-BLOCK 213.163.89.104

00:26:09 Mike Stout IP-BLOCK 213.163.89.104

00:26:15 Mike Stout IP-BLOCK 213.163.89.104

00:50:28 Mike Stout IP-BLOCK 213.163.89.104

00:50:31 Mike Stout IP-BLOCK 213.163.89.104

00:50:36 Mike Stout IP-BLOCK 213.163.89.104

01:20:49 Mike Stout IP-BLOCK 213.163.89.104

01:20:52 Mike Stout IP-BLOCK 213.163.89.104

01:20:58 Mike Stout IP-BLOCK 213.163.89.104

01:27:10 Mike Stout IP-BLOCK 213.163.89.104

01:27:13 Mike Stout IP-BLOCK 213.163.89.104

01:27:19 Mike Stout IP-BLOCK 213.163.89.104

01:33:23 Mike Stout IP-BLOCK 91.212.226.7

01:33:26 Mike Stout IP-BLOCK 91.212.226.7

01:33:32 Mike Stout IP-BLOCK 91.212.226.7

01:41:31 Mike Stout IP-BLOCK 213.163.89.104

01:41:34 Mike Stout IP-BLOCK 213.163.89.104

01:41:40 Mike Stout IP-BLOCK 213.163.89.104

02:04:27 Mike Stout IP-BLOCK 61.61.20.132

02:04:30 Mike Stout IP-BLOCK 61.61.20.132

02:04:36 Mike Stout IP-BLOCK 61.61.20.132

02:14:49 Mike Stout IP-BLOCK 61.61.20.132

02:14:52 Mike Stout IP-BLOCK 61.61.20.132

02:14:58 Mike Stout IP-BLOCK 61.61.20.132

02:15:53 Mike Stout IP-BLOCK 213.163.89.104

02:15:56 Mike Stout IP-BLOCK 213.163.89.104

02:16:02 Mike Stout IP-BLOCK 213.163.89.104

02:25:10 Mike Stout IP-BLOCK 91.212.226.6

02:25:13 Mike Stout IP-BLOCK 91.212.226.6

02:25:19 Mike Stout IP-BLOCK 91.212.226.6

02:30:14 Mike Stout IP-BLOCK 213.163.89.104

02:30:17 Mike Stout IP-BLOCK 213.163.89.104

02:30:23 Mike Stout IP-BLOCK 213.163.89.104

02:35:32 Mike Stout IP-BLOCK 91.212.226.7

02:35:35 Mike Stout IP-BLOCK 91.212.226.7

02:35:41 Mike Stout IP-BLOCK 91.212.226.7

02:44:35 Mike Stout IP-BLOCK 213.163.89.104

02:44:38 Mike Stout IP-BLOCK 213.163.89.104

02:44:44 Mike Stout IP-BLOCK 213.163.89.104

03:01:57 Mike Stout IP-BLOCK 213.163.89.104

03:02:00 Mike Stout IP-BLOCK 213.163.89.104

03:02:06 Mike Stout IP-BLOCK 213.163.89.104

03:33:18 Mike Stout IP-BLOCK 213.163.89.104

03:33:21 Mike Stout IP-BLOCK 213.163.89.104

03:33:27 Mike Stout IP-BLOCK 213.163.89.104

03:33:53 Mike Stout IP-BLOCK 91.212.226.7

03:33:56 Mike Stout IP-BLOCK 91.212.226.7

03:34:02 Mike Stout IP-BLOCK 91.212.226.7

03:59:40 Mike Stout IP-BLOCK 213.163.89.104

03:59:43 Mike Stout IP-BLOCK 213.163.89.104

03:59:49 Mike Stout IP-BLOCK 213.163.89.104

04:04:58 Mike Stout IP-BLOCK 61.61.20.132

04:05:01 Mike Stout IP-BLOCK 61.61.20.132

04:05:07 Mike Stout IP-BLOCK 61.61.20.132

04:15:19 Mike Stout IP-BLOCK 61.61.20.132

04:15:22 Mike Stout IP-BLOCK 61.61.20.132

04:15:28 Mike Stout IP-BLOCK 61.61.20.132

04:25:41 Mike Stout IP-BLOCK 91.212.226.6

04:25:44 Mike Stout IP-BLOCK 91.212.226.6

04:25:50 Mike Stout IP-BLOCK 91.212.226.6

04:30:01 Mike Stout IP-BLOCK 213.163.89.104

04:30:04 Mike Stout IP-BLOCK 213.163.89.104

04:30:10 Mike Stout IP-BLOCK 213.163.89.104

04:36:02 Mike Stout IP-BLOCK 91.212.226.7

04:36:05 Mike Stout IP-BLOCK 91.212.226.7

04:36:11 Mike Stout IP-BLOCK 91.212.226.7

04:36:23 Mike Stout IP-BLOCK 213.163.89.104

04:36:26 Mike Stout IP-BLOCK 213.163.89.104

04:36:32 Mike Stout IP-BLOCK 213.163.89.104

04:45:44 Mike Stout IP-BLOCK 213.163.89.104

04:45:47 Mike Stout IP-BLOCK 213.163.89.104

04:45:53 Mike Stout IP-BLOCK 213.163.89.104

04:58:06 Mike Stout IP-BLOCK 213.163.89.104

04:58:09 Mike Stout IP-BLOCK 213.163.89.104

04:58:15 Mike Stout IP-BLOCK 213.163.89.104

05:08:27 Mike Stout IP-BLOCK 213.163.89.104

05:08:30 Mike Stout IP-BLOCK 213.163.89.104

05:08:36 Mike Stout IP-BLOCK 213.163.89.104

05:19:48 Mike Stout IP-BLOCK 213.163.89.104

05:19:51 Mike Stout IP-BLOCK 213.163.89.104

05:19:57 Mike Stout IP-BLOCK 213.163.89.104

05:34:24 Mike Stout IP-BLOCK 91.212.226.7

05:34:27 Mike Stout IP-BLOCK 91.212.226.7

05:34:33 Mike Stout IP-BLOCK 91.212.226.7

05:44:45 Mike Stout IP-BLOCK 61.61.20.135

05:44:48 Mike Stout IP-BLOCK 61.61.20.135

05:44:54 Mike Stout IP-BLOCK 61.61.20.135

05:46:10 Mike Stout IP-BLOCK 213.163.89.104

05:46:12 Mike Stout IP-BLOCK 213.163.89.104

05:46:18 Mike Stout IP-BLOCK 213.163.89.104

06:02:31 Mike Stout IP-BLOCK 213.163.89.104

06:02:34 Mike Stout IP-BLOCK 213.163.89.104

06:02:40 Mike Stout IP-BLOCK 213.163.89.104

06:05:28 Mike Stout IP-BLOCK 61.61.20.132

06:05:31 Mike Stout IP-BLOCK 61.61.20.132

06:05:37 Mike Stout IP-BLOCK 61.61.20.132

06:15:50 Mike Stout IP-BLOCK 61.61.20.132

06:15:53 Mike Stout IP-BLOCK 61.61.20.132

06:15:59 Mike Stout IP-BLOCK 61.61.20.132

06:26:11 Mike Stout IP-BLOCK 91.212.226.6

06:26:14 Mike Stout IP-BLOCK 91.212.226.6

06:26:20 Mike Stout IP-BLOCK 91.212.226.6

06:36:32 Mike Stout IP-BLOCK 91.212.226.7

06:36:35 Mike Stout IP-BLOCK 91.212.226.7

06:36:41 Mike Stout IP-BLOCK 91.212.226.7

06:36:53 Mike Stout IP-BLOCK 213.163.89.104

06:36:56 Mike Stout IP-BLOCK 213.163.89.104

06:37:02 Mike Stout IP-BLOCK 213.163.89.104

06:52:14 Mike Stout IP-BLOCK 213.163.89.104

06:52:17 Mike Stout IP-BLOCK 213.163.89.104

06:52:23 Mike Stout IP-BLOCK 213.163.89.104

07:22:36 Mike Stout IP-BLOCK 213.163.89.104

07:22:39 Mike Stout IP-BLOCK 213.163.89.104

07:22:45 Mike Stout IP-BLOCK 213.163.89.104

07:34:54 Mike Stout IP-BLOCK 91.212.226.7

07:34:57 Mike Stout IP-BLOCK 91.212.226.7

07:35:03 Mike Stout IP-BLOCK 91.212.226.7

07:41:57 Mike Stout IP-BLOCK 213.163.89.104

07:42:00 Mike Stout IP-BLOCK 213.163.89.104

07:42:06 Mike Stout IP-BLOCK 213.163.89.104

07:43:38 Mike Stout IP-BLOCK 213.163.89.106

07:43:41 Mike Stout IP-BLOCK 213.163.89.106

07:43:47 Mike Stout IP-BLOCK 213.163.89.106

07:44:04 Mike Stout IP-BLOCK 213.163.89.106

07:44:07 Mike Stout IP-BLOCK 213.163.89.106

07:44:13 Mike Stout IP-BLOCK 213.163.89.106

07:44:26 Mike Stout IP-BLOCK 213.163.89.107

07:44:28 Mike Stout IP-BLOCK 213.163.89.107

07:44:34 Mike Stout IP-BLOCK 213.163.89.107

07:44:47 Mike Stout IP-BLOCK 213.163.89.107

07:44:50 Mike Stout IP-BLOCK 213.163.89.107

07:44:56 Mike Stout IP-BLOCK 213.163.89.107

07:45:08 Mike Stout IP-BLOCK 213.163.89.105

07:45:11 Mike Stout IP-BLOCK 213.163.89.105

07:45:15 Mike Stout IP-BLOCK 61.61.20.135

07:45:17 Mike Stout IP-BLOCK 213.163.89.105

07:45:18 Mike Stout IP-BLOCK 61.61.20.135

07:45:24 Mike Stout IP-BLOCK 61.61.20.135

07:54:18 Mike Stout IP-BLOCK 213.163.89.104

07:54:21 Mike Stout IP-BLOCK 213.163.89.104

07:54:27 Mike Stout IP-BLOCK 213.163.89.104

08:05:57 Mike Stout IP-BLOCK 61.61.20.132

08:06:00 Mike Stout IP-BLOCK 61.61.20.132

08:06:06 Mike Stout IP-BLOCK 61.61.20.132

08:08:39 Mike Stout IP-BLOCK 213.163.89.104

08:08:42 Mike Stout IP-BLOCK 213.163.89.104

08:08:48 Mike Stout IP-BLOCK 213.163.89.104

08:16:18 Mike Stout IP-BLOCK 61.61.20.132

08:16:21 Mike Stout IP-BLOCK 61.61.20.132

08:16:27 Mike Stout IP-BLOCK 61.61.20.132

08:26:01 Mike Stout IP-BLOCK 213.163.89.104

08:26:04 Mike Stout IP-BLOCK 213.163.89.104

08:26:10 Mike Stout IP-BLOCK 213.163.89.104

08:26:39 Mike Stout IP-BLOCK 91.212.226.6

08:26:42 Mike Stout IP-BLOCK 91.212.226.6

08:26:48 Mike Stout IP-BLOCK 91.212.226.6

08:36:22 Mike Stout IP-BLOCK 213.163.89.104

08:36:25 Mike Stout IP-BLOCK 213.163.89.104

08:36:31 Mike Stout IP-BLOCK 213.163.89.104

08:37:00 Mike Stout IP-BLOCK 91.212.226.7

08:37:03 Mike Stout IP-BLOCK 91.212.226.7

08:37:09 Mike Stout IP-BLOCK 91.212.226.7

08:55:43 Mike Stout IP-BLOCK 213.163.89.104

08:55:46 Mike Stout IP-BLOCK 213.163.89.104

08:55:52 Mike Stout IP-BLOCK 213.163.89.104

09:28:04 Mike Stout IP-BLOCK 213.163.89.104

09:28:07 Mike Stout IP-BLOCK 213.163.89.104

09:28:13 Mike Stout IP-BLOCK 213.163.89.104

09:35:23 Mike Stout IP-BLOCK 91.212.226.7

09:35:26 Mike Stout IP-BLOCK 91.212.226.7

09:35:32 Mike Stout IP-BLOCK 91.212.226.7

09:45:44 Mike Stout IP-BLOCK 61.61.20.135

09:45:47 Mike Stout IP-BLOCK 61.61.20.135

09:45:53 Mike Stout IP-BLOCK 61.61.20.135

09:50:25 Mike Stout IP-BLOCK 213.163.89.104

09:50:28 Mike Stout IP-BLOCK 213.163.89.104

09:50:34 Mike Stout IP-BLOCK 213.163.89.104

09:58:46 Mike Stout IP-BLOCK 213.163.89.104

09:58:49 Mike Stout IP-BLOCK 213.163.89.104

09:58:55 Mike Stout IP-BLOCK 213.163.89.104

10:06:26 Mike Stout IP-BLOCK 61.61.20.132

10:06:29 Mike Stout IP-BLOCK 61.61.20.132

10:06:35 Mike Stout IP-BLOCK 61.61.20.132

10:16:47 Mike Stout IP-BLOCK 61.61.20.132

10:16:50 Mike Stout IP-BLOCK 61.61.20.132

10:16:56 Mike Stout IP-BLOCK 61.61.20.132

10:25:08 Mike Stout IP-BLOCK 213.163.89.104

10:25:11 Mike Stout IP-BLOCK 213.163.89.104

10:25:17 Mike Stout IP-BLOCK 213.163.89.104

10:27:09 Mike Stout IP-BLOCK 91.212.226.6

10:27:12 Mike Stout IP-BLOCK 91.212.226.6

10:27:18 Mike Stout IP-BLOCK 91.212.226.6

10:37:30 Mike Stout IP-BLOCK 91.212.226.7

10:37:33 Mike Stout IP-BLOCK 91.212.226.7

10:37:39 Mike Stout IP-BLOCK 91.212.226.7

10:54:29 Mike Stout IP-BLOCK 213.163.89.104

10:54:32 Mike Stout IP-BLOCK 213.163.89.104

10:54:38 Mike Stout IP-BLOCK 213.163.89.104

11:14:50 Mike Stout IP-BLOCK 213.163.89.104

11:14:53 Mike Stout IP-BLOCK 213.163.89.104

11:14:59 Mike Stout IP-BLOCK 213.163.89.104

11:30:19 Mike Stout MESSAGE IP Protection stopped

11:30:25 Mike Stout MESSAGE Database updated successfully

11:30:27 Mike Stout MESSAGE IP Protection started successfully

11:34:12 Mike Stout IP-BLOCK 213.163.89.104

11:34:15 Mike Stout IP-BLOCK 213.163.89.104

11:34:21 Mike Stout IP-BLOCK 213.163.89.104

11:35:52 Mike Stout IP-BLOCK 91.212.226.7

11:35:55 Mike Stout IP-BLOCK 91.212.226.7

11:36:01 Mike Stout IP-BLOCK 91.212.226.7

11:46:13 Mike Stout IP-BLOCK 61.61.20.135

11:46:16 Mike Stout IP-BLOCK 61.61.20.135

11:46:22 Mike Stout IP-BLOCK 61.61.20.135

12:29:10 (null) MESSAGE Protection started successfully

12:31:38 Mike Stout MESSAGE IP Protection started successfully

12:31:39 Mike Stout IP-BLOCK 91.212.226.7

12:31:41 Mike Stout IP-BLOCK 91.212.226.7

12:31:47 Mike Stout IP-BLOCK 91.212.226.7

19:22:39 (null) MESSAGE Protection started successfully

19:24:10 Mike Stout MESSAGE IP Protection started successfully

19:24:13 Mike Stout IP-BLOCK 91.212.226.7

19:24:16 Mike Stout IP-BLOCK 91.212.226.7

19:24:22 Mike Stout IP-BLOCK 91.212.226.7

19:29:30 Mike Stout IP-BLOCK 213.163.89.104

19:29:33 Mike Stout IP-BLOCK 213.163.89.104

19:29:39 Mike Stout IP-BLOCK 213.163.89.104

19:29:57 Mike Stout IP-BLOCK 213.163.89.104

19:30:00 Mike Stout IP-BLOCK 213.163.89.104

19:30:06 Mike Stout IP-BLOCK 213.163.89.104

19:38:04 (null) MESSAGE Protection started successfully

19:40:00 Mike Stout MESSAGE IP Protection started successfully

19:40:04 Mike Stout IP-BLOCK 91.212.226.7

19:40:07 Mike Stout IP-BLOCK 91.212.226.7

19:40:13 Mike Stout IP-BLOCK 91.212.226.7

20:01:32 (null) MESSAGE Protection started successfully

20:03:06 Mike Stout MESSAGE IP Protection started successfully

20:03:08 Mike Stout IP-BLOCK 91.212.226.7

20:03:11 Mike Stout IP-BLOCK 91.212.226.7

20:03:17 Mike Stout IP-BLOCK 91.212.226.7

20:08:07 Mike Stout IP-BLOCK 213.163.89.104

20:08:10 Mike Stout IP-BLOCK 213.163.89.104

20:08:16 Mike Stout IP-BLOCK 213.163.89.104

20:09:07 Mike Stout IP-BLOCK 213.163.89.104

20:09:10 Mike Stout IP-BLOCK 213.163.89.104

20:09:16 Mike Stout IP-BLOCK 213.163.89.104

20:27:57 (null) MESSAGE Protection started successfully

20:29:35 Mike Stout MESSAGE IP Protection started successfully

20:29:38 Mike Stout IP-BLOCK 91.212.226.7

20:29:41 Mike Stout IP-BLOCK 91.212.226.7

20:29:47 Mike Stout IP-BLOCK 91.212.226.7

20:34:16 Mike Stout IP-BLOCK 213.163.89.104

20:34:19 Mike Stout IP-BLOCK 213.163.89.104

20:34:25 Mike Stout IP-BLOCK 213.163.89.104

20:35:15 Mike Stout IP-BLOCK 213.163.89.104

20:35:18 Mike Stout IP-BLOCK 213.163.89.104

20:35:24 Mike Stout IP-BLOCK 213.163.89.104

20:39:59 Mike Stout IP-BLOCK 61.61.20.135

20:40:02 Mike Stout IP-BLOCK 61.61.20.135

20:40:08 Mike Stout IP-BLOCK 61.61.20.135

20:47:58 (null) MESSAGE Protection started successfully

20:49:50 Mike Stout MESSAGE IP Protection started successfully

20:49:51 Mike Stout IP-BLOCK 91.212.226.7

20:50:00 Mike Stout IP-BLOCK 91.212.226.7

20:54:29 Mike Stout IP-BLOCK 213.163.89.104

20:54:32 Mike Stout IP-BLOCK 213.163.89.104

20:54:38 Mike Stout IP-BLOCK 213.163.89.104

20:55:29 Mike Stout IP-BLOCK 213.163.89.104

20:55:32 Mike Stout IP-BLOCK 213.163.89.104

20:55:38 Mike Stout IP-BLOCK 213.163.89.104

DDS.txt

Attach.zip

Link to post
Share on other sites

Hello msrods! Welcome to MalwareBytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.

Step 1

Please, uninstall the following applications:

  1. Adobe Reader 8.1.2

You can read, how to this here:

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  • Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

In your next reply, please include these log(s) in this sequence:

  1. MalwareBytes' Anti-Malware log
  2. a new fresh DDS log only

Link to post
Share on other sites

Hello msrods! Welcome to MalwareBytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.

Step 1

Please, uninstall the following applications:

  1. Adobe Reader 8.1.2

You can read, how to this here:

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  • Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

In your next reply, please include these log(s) in this sequence:

  1. MalwareBytes' Anti-Malware log
  2. a new fresh DDS log only

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4170

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/5/2010 1:17:20 PM

mbam-log-2010-06-05 (13-17-20).txt

Scan type: Quick scan

Objects scanned: 158986

Time elapsed: 2 minute(s), 47 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS (Ver_10-03-17.01) - NTFSx86

Run by Mike Stout at 13:18:28.51 on Sat 06/05/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2175 [GMT -5:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}

FW: ZoneAlarm Security Suite Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

svchost.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Voyetra\AudioStation 6\astnscsi.exe

C:\WINDOWS\SYSTEM32\3cmlink.exe

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\WINDOWS\SYSTEM32\3cshtdwn.exe

C:\WINDOWS\SYSTEM32\3cmlink.exe

C:\WINDOWS\system32\fpplock.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe

C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe

C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAgent.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Mike Stout\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = https://signin.ebay.com/ws/eBayISAPI.dll?Si...%2Fwww.ebay.com

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

uInternet Settings,ProxyServer = http=localhost:1103

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: AdSubtract Toolbar: {f14aabdd-0232-4e5a-9b52-4178ac0a62b5} - c:\windows\system32\adsubtb.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [3c1807pd] c:\windows\system32\3cmlink.exe runservices \device\3cpipe-3c1807pd

mRun: [POINTER] c:\program files\microsoft hardware\mouse\point32.exe

mRun: [PrinTray] c:\windows\system32\spool\drivers\w32x86\3\printray.exe

mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [iMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [Warning: do not remove it!] fpplock.exe

mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\docume~1\mikest~1\startm~1\programs\startup\mailwa~1.lnk - c:\program files\firetrust\mailwasher pro\MailWasher.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe

mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)

mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)

IE: AdSubtract: Bypass Site - c:\program files\intermute\adsubtract\AdSub.exe/360

IE: AdSubtract: Cloak Image - c:\program files\intermute\adsubtract\AdSub.exe/361

IE: AdSubtract: Report Site - c:\program files\intermute\adsubtract\AdSub.exe/359

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: ImTranslator - c:\progra~1\smartl~1\imtran~1\startup.html

IE: Open Picture in &Microsoft PhotoDraw - c:\progra~1\micros~2\office\1033\phdintl.dll/phdContext.htm

IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

LSP: %SYSTEMROOT%\system32\nvappfilter.dll

Trusted Zone: turbotax.com

DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab

DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://appldnld.m7z.net/qtinstall.info.apple.com/pthalo/us/win/QuickTimeFullInstaller.exe

DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mikest~1\applic~1\mozilla\firefox\profiles\aplt45el.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxps://www.telepc.net/firstbankceleste/bLogin.aspx

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPEltr32.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2009-11-5 128016]

R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-6-24 486280]

R2 astnscsi;astnscsi;c:\program files\voyetra\audiostation 6\astnscsi.exe [2004-4-30 208464]

R2 BCMNTIO;BCMNTIO;c:\progra~1\checkit\diagno~1\BCMNTIO.sys [2004-12-1 3744]

R2 MAPMEM;MAPMEM;c:\progra~1\checkit\diagno~1\MAPMEM.sys [2004-12-1 3904]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-8-17 304464]

R2 MSSQL$UPSWSDBSERVER;MSSQL$UPSWSDBSERVER;c:\ups\wstd\mssql$upswsdbserver\binn\sqlservr.exe -supswsdbserver --> c:\ups\wstd\mssql$upswsdbserver\binn\sqlservr.exe -sUPSWSDBSERVER [?]

R2 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\RpcAgentSrv.exe [2008-4-24 98488]

R2 Sdselect;Sdselect;c:\windows\system32\drivers\sdselect.sys [2004-11-9 73296]

R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-8-17 20952]

R3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys [2003-12-29 144768]

R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys [2003-12-29 545088]

S2 FPMSNT;FPMSNT;c:\windows\system32\drivers\FPMSNT.SYS [2004-11-9 113812]

S2 gupdate1c9b7fa825cc196;Google Update Service (gupdate1c9b7fa825cc196);c:\program files\google\update\GoogleUpdate.exe [2009-4-7 133104]

S2 mrtRate;mrtRate; [x]

S3 PPorts;PCIe ECP Parallel Port;c:\windows\system32\drivers\PPorts.sys [2009-4-16 81152]

S3 SPorts;High-Speed PCIe Serial Port;c:\windows\system32\drivers\SPorts.sys [2009-4-16 115712]

S3 SQLAgent$UPSWSDBSERVER;SQLAgent$UPSWSDBSERVER;c:\ups\wstd\mssql$upswsdbserver\binn\sqlagent.exe -i upswsdbserver --> c:\ups\wstd\mssql$upswsdbserver\binn\sqlagent.EXE -i UPSWSDBSERVER [?]

S4 APPSTREAM;APPSTREAM;\??\c:\windows\system32\drivers\appstream.sys --> c:\windows\system32\drivers\APPSTREAM.SYS [?]

S4 REGHOOK;REGHOOK;\??\c:\windows\system32\drivers\reghook.sys --> c:\windows\system32\drivers\REGHOOK.SYS [?]

S4 VSPD;VSPD;\??\c:\windows\system32\drivers\vspd.sys --> c:\windows\system32\drivers\VSPD.SYS [?]

=============== Created Last 30 ================

2010-06-04 16:49:29 0 ----a-w- c:\documents and settings\mike stout\defogger_reenable

2010-06-03 00:12:44 0 d-s---w- C:\ComboFix

2010-06-02 23:53:18 0 d-----w- c:\program files\Trend Micro

2010-06-02 10:27:55 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-06-02 10:27:55 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-05-31 23:24:46 0 d-sha-r- C:\cmdcons

2010-05-31 23:20:41 0 d-----w- C:\Combo-Fix

==================== Find3M ====================

2010-06-05 14:03:56 4212 ---ha-w- c:\windows\system32\zllictbl.dat

2010-04-29 20:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 20:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2003-12-07 03:12:54 121856 --sha-w- c:\windows\system32\fpplock.exe

============= FINISH: 13:20:57.43 ===============

Link to post
Share on other sites

Please download ComboFix from:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Save it on your desktop and then:

Open Notepad and copy and paste the text in the code box below into it:

KillAll::

SecCenter::
{EDC10449-64D1-46c7-A59A-EC20D662F26D}

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Link to post
Share on other sites

Please download ComboFix from:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Save it on your desktop and then:

Open Notepad and copy and paste the text in the code box below into it:

KillAll::

SecCenter::
{EDC10449-64D1-46c7-A59A-EC20D662F26D}

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

ComboFix 10-06-03.01 - Mike Stout 06/05/2010 14:59:33.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2409 [GMT -5:00]

Running from: c:\documents and settings\Mike Stout\Desktop\ComboFix.exe

Command switches used :: /unistall

AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}

FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

.

((((((((((((((((((((((((( Files Created from 2010-05-05 to 2010-06-05 )))))))))))))))))))))))))))))))

.

2010-06-02 23:53 . 2010-06-02 23:53 -------- d-----w- c:\program files\Trend Micro

2010-06-02 10:28 . 2010-06-02 10:28 503808 ----a-w- c:\documents and settings\Mike Stout\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2afb1a39-n\msvcp71.dll

2010-06-02 10:28 . 2010-06-02 10:28 499712 ----a-w- c:\documents and settings\Mike Stout\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2afb1a39-n\jmc.dll

2010-06-02 10:28 . 2010-06-02 10:28 348160 ----a-w- c:\documents and settings\Mike Stout\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2afb1a39-n\msvcr71.dll

2010-06-02 10:28 . 2010-06-02 10:28 61440 ----a-w- c:\documents and settings\Mike Stout\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-51a0c552-n\decora-sse.dll

2010-06-02 10:28 . 2010-06-02 10:28 12800 ----a-w- c:\documents and settings\Mike Stout\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-51a0c552-n\decora-d3d.dll

2010-06-02 10:28 . 2010-06-02 10:28 -------- d-----w- c:\windows\Sun

2010-06-02 10:28 . 2010-06-02 10:28 -------- d-----w- c:\program files\Common Files\Java

2010-06-02 10:27 . 2010-06-02 10:27 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-06-02 10:27 . 2010-06-02 10:27 -------- d-----w- c:\program files\Java

2010-05-31 23:20 . 2010-05-31 23:48 -------- d-----w- C:\Combo-Fix

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-05 19:54 . 2005-04-19 19:17 -------- d-----w- c:\documents and settings\Mike Stout\Application Data\MailWasherPro

2010-06-05 18:12 . 2003-12-25 02:18 -------- d-----w- c:\program files\Common Files\Adobe

2010-06-05 14:18 . 2008-07-28 22:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2010-06-05 14:03 . 2008-06-25 00:44 4212 ---ha-w- c:\windows\system32\zllictbl.dat

2010-06-05 02:55 . 2006-03-07 01:30 -------- d-----w- c:\program files\Full Tilt Poker

2010-06-05 01:32 . 2010-06-05 01:44 4140032 ----a-w- c:\windows\Internet Logs\xDBF.tmp

2010-06-05 01:32 . 2010-06-05 01:44 2762752 ----a-w- c:\windows\Internet Logs\xDBE.tmp

2010-06-04 12:54 . 2009-09-21 12:34 -------- d-----w- c:\program files\Vuze

2010-06-02 16:36 . 2008-07-12 03:16 -------- d-----w- c:\program files\Hide My IP Address

2010-05-31 22:07 . 2009-08-17 15:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-29 01:36 . 2005-01-15 00:44 -------- d-----w- c:\program files\PokerStars

2010-05-14 10:53 . 2009-08-17 22:20 -------- d-----w- c:\program files\Defraggler

2010-05-08 03:22 . 2007-05-21 10:52 -------- d-----w- c:\program files\Google

2010-05-07 16:37 . 2008-09-15 17:26 13521306 ----a-w- c:\windows\Internet Logs\tvDebug.zip

2010-05-07 16:13 . 2010-05-07 16:37 4014592 ----a-w- c:\windows\Internet Logs\xDBD.tmp

2010-04-29 20:39 . 2009-08-17 15:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 20:39 . 2009-08-17 15:53 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-15 01:50 . 2009-01-31 02:19 2316 ----a-w- c:\documents and settings\All Users\Application Data\xml6F9.tmp

2010-04-15 01:50 . 2008-04-24 12:29 13718 ----a-w- c:\documents and settings\All Users\Application Data\xml2C.tmp

2010-04-15 01:50 . 2008-04-24 12:29 9036 ----a-w- c:\documents and settings\All Users\Application Data\xml2B.tmp

2010-04-15 01:31 . 2009-09-21 12:38 -------- d-----w- c:\documents and settings\Mike Stout\Application Data\Azureus

2003-12-07 03:12 . 2003-12-07 03:12 121856 --sha-w- c:\windows\system32\fpplock.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"3c1807pd"="c:\windows\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd" [X]

"POINTER"="c:\program files\Microsoft Hardware\Mouse\point32.exe" [2002-04-11 176128]

"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe" [2001-10-12 36864]

"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-23 44032]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]

"nwiz"="nwiz.exe" [2007-10-04 1626112]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]

"Warning: do not remove it!"="fpplock.exe" [2003-12-07 121856]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-10-17 1037192]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\Mike Stout\Start Menu\Programs\Startup\

MailWasherPro.lnk - c:\program files\FireTrust\MailWasher Pro\MailWasher.exe [2008-8-14 18120904]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2004-1-3 209016]

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-1-16 169472]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"SynchronousMachineGroupPolicy"= 0 (0x0)

"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ \0

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Configuration Wizard.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Configuration Wizard.lnk

backup=c:\windows\pss\Configuration Wizard.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Controller.LNK]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Controller.LNK

backup=c:\windows\pss\Controller.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GammaTray.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GammaTray.lnk

backup=c:\windows\pss\GammaTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk

backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Delivery Agent.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Delivery Agent.lnk

backup=c:\windows\pss\QuickBooks Delivery Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UPS WorldShip Messaging Utility.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk

backup=c:\windows\pss\UPS WorldShip Messaging Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UPS WorldShip PLD Reminder Utility.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk

backup=c:\windows\pss\UPS WorldShip PLD Reminder Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Mike Stout^Start Menu^Programs^Startup^AdSubtract.lnk]

path=c:\documents and settings\Mike Stout\Start Menu\Programs\Startup\AdSubtract.lnk

backup=c:\windows\pss\AdSubtract.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Mike Stout^Start Menu^Programs^Startup^MailWasherPro.lnk]

path=c:\documents and settings\Mike Stout\Start Menu\Programs\Startup\MailWasherPro.lnk

backup=c:\windows\pss\MailWasherPro.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Mike Stout^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]

path=c:\documents and settings\Mike Stout\Start Menu\Programs\Startup\Microsoft Find Fast.lnk

backup=c:\windows\pss\Microsoft Find Fast.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Mike Stout^Start Menu^Programs^Startup^Office Startup.lnk]

path=c:\documents and settings\Mike Stout\Start Menu\Programs\Startup\Office Startup.lnk

backup=c:\windows\pss\Office Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]

2007-02-16 23:49 149024 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]

2007-02-16 23:57 1945960 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AT&T DSL Service PCA Program]

2002-09-10 20:45 196608 ----a-w- c:\program files\AT&T\ACP\Programs\WnPCA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2008-11-20 19:20 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NA1Messenger]

2007-12-13 21:53 20480 ----a-w- c:\ups\WSTD\UPSNA1Msgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

2001-07-09 10:50 155648 ----a-r- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2008-11-04 16:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]

1997-08-06 05:00 34304 ----a-w- c:\program files\Microsoft Money\System\REMINDER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]

2009-12-09 14:36 866200 ----a-w- c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2005-01-08 18:03 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]

2007-02-16 23:45 1169776 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]

2009-10-17 07:39 1037192 ----a-w- c:\program files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\PROGRA~1\\COMMON~1\\MICROW~1\\Agent\\MWAGENT.EXE"=

"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=

"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\RpcAgentSrv.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\PokerStars\\PokerStarsUpdate.exe"=

"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\WNt500x86\\RpcSandraSrv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26002:TCP"= 26002:TCP:p stars

"443:TCP"= 443:TCP:pstars 1

"22:TCP"= 22:TCP:pstars3

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

"AllowInboundRouterRequest"= 1 (0x1)

"AllowOutboundSourceQuench"= 1 (0x1)

R2 astnscsi;astnscsi;c:\program files\Voyetra\AudioStation 6\astnscsi.exe [4/30/2004 2:29 PM 208464]

R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [12/1/2004 9:51 AM 3744]

R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [12/1/2004 9:51 AM 3904]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/17/2009 10:53 AM 304464]

R2 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [4/24/2008 7:28 AM 98488]

R2 Sdselect;Sdselect;c:\windows\system32\drivers\sdselect.sys [11/9/2004 7:50 PM 73296]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/17/2009 10:53 AM 20952]

R3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys [12/29/2003 10:11 PM 144768]

R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys [12/29/2003 10:11 PM 545088]

S2 FPMSNT;FPMSNT;c:\windows\system32\drivers\FPMSNT.SYS [11/9/2004 7:50 PM 113812]

S2 gupdate1c9b7fa825cc196;Google Update Service (gupdate1c9b7fa825cc196);c:\program files\Google\Update\GoogleUpdate.exe [4/7/2009 10:31 PM 133104]

S2 mrtRate;mrtRate; [x]

S2 MSSQL$UPSWSDBSERVER;MSSQL$UPSWSDBSERVER;c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe -sUPSWSDBSERVER --> c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe -sUPSWSDBSERVER [?]

S3 PPorts;PCIe ECP Parallel Port;c:\windows\system32\drivers\PPorts.sys [4/16/2009 6:09 PM 81152]

S3 SPorts;High-Speed PCIe Serial Port;c:\windows\system32\drivers\SPorts.sys [4/16/2009 6:09 PM 115712]

S3 SQLAgent$UPSWSDBSERVER;SQLAgent$UPSWSDBSERVER;c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE -i UPSWSDBSERVER --> c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE -i UPSWSDBSERVER [?]

S4 APPSTREAM;APPSTREAM;\??\c:\windows\System32\Drivers\APPSTREAM.SYS --> c:\windows\System32\Drivers\APPSTREAM.SYS [?]

S4 REGHOOK;REGHOOK;\??\c:\windows\System32\Drivers\REGHOOK.SYS --> c:\windows\System32\Drivers\REGHOOK.SYS [?]

S4 VSPD;VSPD;\??\c:\windows\System32\Drivers\VSPD.SYS --> c:\windows\System32\Drivers\VSPD.SYS [?]

.

Contents of the 'Scheduled Tasks' folder

2010-05-31 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:34]

2010-06-05 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-28 23:10]

2010-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-08 03:31]

2010-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-08 03:31]

.

.

------- Supplementary Scan -------

.

uStart Page = https://signin.ebay.com/ws/eBayISAPI.dll?Si...%2Fwww.ebay.com

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

uInternet Settings,ProxyServer = http=localhost:1103

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

IE: AdSubtract: Bypass Site - c:\program files\interMute\AdSubtract\AdSub.exe/360

IE: AdSubtract: Cloak Image - c:\program files\interMute\AdSubtract\AdSub.exe/361

IE: AdSubtract: Report Site - c:\program files\interMute\AdSubtract\AdSub.exe/359

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: ImTranslator - c:\progra~1\SMARTL~1\IMTRAN~1\startup.html

IE: Open Picture in &Microsoft PhotoDraw - c:\progra~1\MICROS~2\office\1033\phdintl.dll/phdContext.htm

LSP: %SYSTEMROOT%\system32\nvappfilter.dll

Trusted Zone: turbotax.com

FF - ProfilePath - c:\documents and settings\Mike Stout\Application Data\Mozilla\Firefox\Profiles\aplt45el.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxps://www.telepc.net/firstbankceleste/bLogin.aspx

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPEltr32.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

.

- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe

MSConfigStartUp-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-05 15:11

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]

"KeepImagePath"=multi:"System32\drivers\sdfloppy.sys\00"

"SDImagePath"=multi:"System32\Drivers\fdc.sys\00"

"ImagePath"=multi:"System32\Drivers\fdc.sys\00"

--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]

"ImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"

"KeepImagePath"=multi:"System32\drivers\sdfloppy.sys\00"

"SDImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]

"KeepImagePath"=multi:"System32\drivers\sdfloppy.sys\00"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]

"KeepImagePath"=multi:"System32\drivers\sdfloppy.sys\00"

"SDImagePath"=multi:"System32\Drivers\fdc.sys\00"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]

"KeepImagePath"=multi:"System32\drivers\sdfloppy.sys\00"

"SDImagePath"=multi:"System32\Drivers\fdc.sys\00"

"ImagePath"=multi:"System32\Drivers\fdc.sys\00"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]

"ImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]

"ImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"

"KeepImagePath"=multi:"System32\drivers\sdfloppy.sys\00"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]

"ImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"

"KeepImagePath"=multi:"System32\drivers\sdfloppy.sys\00"

"SDImagePath"=multi:"System32\Drivers\Sdfloppy.sys\00"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1214440339-1614895754-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1214440339-1614895754-839522115-1003\Software\Policies\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (S-1-5-21-1214440339-1614895754-839522115-1003)

@Allowed: (Read) (S-1-5-21-1214440339-1614895754-839522115-1003)

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(744)

c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(804)

c:\windows\system32\WININET.dll

c:\windows\system32\relog_ap.dll

c:\windows\system32\nvappfilter.dll

- - - - - - - > 'explorer.exe'(1932)

c:\windows\system32\WININET.dll

c:\windows\system32\nvappfilter.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-06-05 15:17:35

ComboFix-quarantined-files.txt 2010-06-05 20:17

ComboFix2.txt 2010-06-02 23:48

Pre-Run: 73,509,150,720 bytes free

Post-Run: 73,767,350,272 bytes free

- - End Of File - - AEE21CB40A1D1333B66B1845253F0FF2

Link to post
Share on other sites

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: EOLS1.gif
  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Now click on Advanced Settings and select the following:

    • Remove found threats
    • Scan archives
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

[*]Now click on: EOLS3.gif

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

[*]When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on: EOLS4.gif

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Link to post
Share on other sites

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: EOLS1.gif
  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Now click on Advanced Settings and select the following:

    • Remove found threats
    • Scan archives
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

[*]Now click on: EOLS3.gif

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

[*]When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on: EOLS4.gif

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=258ccd4f992e324282a909e8382231a2

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-06-06 12:25:37

# local_time=2010-06-05 07:25:37 (-0600, Central Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 160843 160843 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# compatibility_mode=9217 16776870 100 77 18226501 19084175 0 0

# scanned=196804

# found=1

# cleaned=1

# scan_time=13896

C:\Program Files\AT&T\ACP\Programs\WnCon.exe probably unknown NewHeur_PE virus (deleted - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=258ccd4f992e324282a909e8382231a2

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-06-06 12:25:37

# local_time=2010-06-05 07:25:37 (-0600, Central Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 160843 160843 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# compatibility_mode=9217 16776870 100 77 18226501 19084175 0 0

# scanned=196804

# found=1

# cleaned=1

# scan_time=13896

C:\Program Files\AT&T\ACP\Programs\WnCon.exe probably unknown NewHeur_PE virus (deleted - quarantined) 00000000000000000000000000000000 C

FYI still getting malicious IP Blocks and now being redirected with new windows trying to open sites.

Link to post
Share on other sites

Open Notepad and copy and paste next in it:

REGEDIT4

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26002:TCP"=-
"443:TCP"=-
"22:TCP"=-

Save this as fix.reg . Choose to save as All Files and place it on your desktop. It should look like this: reg.gif

Doubleclick on it and when it asks you, click Yes and then OK button.

Then reboot your computer to apply the changes.

Link to post
Share on other sites

Open Notepad and copy and paste next in it:

REGEDIT4

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26002:TCP"=-
"443:TCP"=-
"22:TCP"=-

Save this as fix.reg . Choose to save as All Files and place it on your desktop. It should look like this: reg.gif

Doubleclick on it and when it asks you, click Yes and then OK button.

Then reboot your computer to apply the changes.

Done, still have malicious website blocks and browser windows opening on their own.

Link to post
Share on other sites

Please download to your Desktop: Dr.Web CureIt

  • After the file has downloaded, disable your current Anti-Virus and disconnect from the Internet
  • Doubleclick the drweb-cureit.exe file, then click the Start button, then the OK button to perform an Express Scan.
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click on the Complete scan radio button.
  • Then click on the Settings menu on top, the select Change Settings or press the F9 key. You can also change the Language
  • Choose the Scanning tab and I recomend leaving the Heuristic analysis enabled (this can lead to False Positives though)
  • On the File types tab ensure you select All files
  • Click on the Actions tab and set the following:
    • Objects Infected objects = Cure, Incurable objects = Move, Suspicious objects = Report
    • Infected packages Archive = Move, E-mails = Report, Containers = Move
    • Malware Adware = Move, Dialers = Move, Jokes = Move, Riskware = Move, Hacktools = Move
    • Do not change the Rename extension - default is: #??
    • Leave the default save path for Moved files here: %USERPROFILE%\DoctorWeb\Quarantine\
    • Leave prompt on Action checked

    [*]On the Log file tab leave the Log to file checked.

    [*]Leave the log file path alone: %USERPROFILE%\DoctorWeb\CureIt.log

    [*]Log mode = Append

    [*]Encoding = ANSI

    [*]Details Leave Names of file packers and Statistics checked.

    [*]Limit log file size = 2048 KB and leave the check mark on the Maximum log file size.

    [*]On the General tab leave the Scan Priority on High

    [*]Click the Apply button at the bottom, and then the OK button.

    [*]On the right side under the Dr Web Anti-Virus Logo you will see 3 little buttons. Click the left VCR style Start button.

    [*]In this mode it will scan Boot sectors of all disks, All removable media, and all local drives

    [*]The more files and folders you have the longer the scan will take. On large drives it can take hours to complete.

    [*]When the Cure option is selected, an additional context menu will open. Select the necessary action of the program, if the curing fails.

    [*]Click 'Yes to all' if it asks if you want to cure/move the files.

    [*]This will move it to the %USERPROFILE%\DoctorWeb\Quarantine\ folder if it can't be cured. (in this case we need samples)

    [*]After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list

    [*]Save the report to your Desktop. The report will be called DrWeb.csv

    [*]Close Dr.Web Cureit.

    [*]Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.

    [*]After reboot, post the contents of the log from Dr.Web you saved previously to your Desktop in your next reply with a new hijackthis log.

    drweb.jpg

Link to post
Share on other sites

Please download to your Desktop: Dr.Web CureIt

  • After the file has downloaded, disable your current Anti-Virus and disconnect from the Internet
  • Doubleclick the drweb-cureit.exe file, then click the Start button, then the OK button to perform an Express Scan.
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click on the Complete scan radio button.
  • Then click on the Settings menu on top, the select Change Settings or press the F9 key. You can also change the Language
  • Choose the Scanning tab and I recomend leaving the Heuristic analysis enabled (this can lead to False Positives though)
  • On the File types tab ensure you select All files
  • Click on the Actions tab and set the following:
    • Objects Infected objects = Cure, Incurable objects = Move, Suspicious objects = Report
    • Infected packages Archive = Move, E-mails = Report, Containers = Move
    • Malware Adware = Move, Dialers = Move, Jokes = Move, Riskware = Move, Hacktools = Move
    • Do not change the Rename extension - default is: #??
    • Leave the default save path for Moved files here: %USERPROFILE%\DoctorWeb\Quarantine\
    • Leave prompt on Action checked

    [*]On the Log file tab leave the Log to file checked.

    [*]Leave the log file path alone: %USERPROFILE%\DoctorWeb\CureIt.log

    [*]Log mode = Append

    [*]Encoding = ANSI

    [*]Details Leave Names of file packers and Statistics checked.

    [*]Limit log file size = 2048 KB and leave the check mark on the Maximum log file size.

    [*]On the General tab leave the Scan Priority on High

    [*]Click the Apply button at the bottom, and then the OK button.

    [*]On the right side under the Dr Web Anti-Virus Logo you will see 3 little buttons. Click the left VCR style Start button.

    [*]In this mode it will scan Boot sectors of all disks, All removable media, and all local drives

    [*]The more files and folders you have the longer the scan will take. On large drives it can take hours to complete.

    [*]When the Cure option is selected, an additional context menu will open. Select the necessary action of the program, if the curing fails.

    [*]Click 'Yes to all' if it asks if you want to cure/move the files.

    [*]This will move it to the %USERPROFILE%\DoctorWeb\Quarantine\ folder if it can't be cured. (in this case we need samples)

    [*]After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list

    [*]Save the report to your Desktop. The report will be called DrWeb.csv

    [*]Close Dr.Web Cureit.

    [*]Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.

    [*]After reboot, post the contents of the log from Dr.Web you saved previously to your Desktop in your next reply with a new hijackthis log.

    drweb.jpg

Logfile of HijackThis v1.99.1

Scan saved at 4:33:27 PM, on 6/6/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

C:\WINDOWS\SYSTEM32\3cmlink.exe

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\WINDOWS\SYSTEM32\3cshtdwn.exe

C:\WINDOWS\SYSTEM32\3cmlink.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\fpplock.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe

C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAgent.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://signin.ebay.com/ws/eBayISAPI.dll?Si...%2Fwww.ebay.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1103

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: AdSubtract Toolbar - {F14AABDD-0232-4e5a-9B52-4178AC0A62B5} - C:\WINDOWS\system32\adsubtb.dll

O4 - HKLM\..\Run: [3c1807pd] C:\WINDOWS\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd

O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe

O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Warning: do not remove it!] fpplock.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe

O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: AdSubtract: Bypass Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/360

O8 - Extra context menu item: AdSubtract: Cloak Image - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/361

O8 - Extra context menu item: AdSubtract: Report Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/359

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: ImTranslator - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html

O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://c:\PROGRA~1\MICROS~2\office\1033\phdintl.dll/phdContext.htm

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: ImTranslator - {AE436396-55E7-4ec4-AD6D-45E88A530A4C} - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html (HKCU)

O9 - Extra 'Tools' menuitem: ImTranslator - {AE436396-55E7-4ec4-AD6D-45E88A530A4C} - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html (HKCU)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O11 - Options group: [iNTERNATIONAL] International

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.info.app...llInstaller.exe

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: astnscsi - Voyetra Turtle Beach, Inc. - C:\Program Files\Voyetra\AudioStation 6\astnscsi.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)

O23 - Service: Google Update Service (gupdate1c9b7fa825cc196) (gupdate1c9b7fa825cc196) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\Voyetra\AUDIOS~1\x10nets.exe

Had to zip Dr Web to get it to upload.

DrWeb.zip

Link to post
Share on other sites

Please uninstall your HiJackThis. Then:

Click here to download HJTInstall.exe

  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Link to post
Share on other sites

Please uninstall your HiJackThis. Then:

Click here to download HJTInstall.exe

  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 7:52:13 AM, on 6/7/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

C:\WINDOWS\SYSTEM32\3cmlink.exe

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\WINDOWS\SYSTEM32\3cshtdwn.exe

C:\WINDOWS\SYSTEM32\3cmlink.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\fpplock.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe

C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAgent.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\sol.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://signin.ebay.com/ws/eBayISAPI.dll?Si...%2Fwww.ebay.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1103

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: AdSubtract Toolbar - {F14AABDD-0232-4e5a-9B52-4178AC0A62B5} - C:\WINDOWS\system32\adsubtb.dll

O4 - HKLM\..\Run: [3c1807pd] C:\WINDOWS\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd

O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe

O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Warning: do not remove it!] fpplock.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe

O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: AdSubtract: Bypass Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/360

O8 - Extra context menu item: AdSubtract: Cloak Image - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/361

O8 - Extra context menu item: AdSubtract: Report Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/359

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: ImTranslator - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html

O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://c:\PROGRA~1\MICROS~2\office\1033\phdintl.dll/phdContext.htm

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: ImTranslator - {AE436396-55E7-4ec4-AD6D-45E88A530A4C} - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html (HKCU)

O9 - Extra 'Tools' menuitem: ImTranslator - {AE436396-55E7-4ec4-AD6D-45E88A530A4C} - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html (HKCU)

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.info.app...llInstaller.exe

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: astnscsi - Voyetra Turtle Beach, Inc. - C:\Program Files\Voyetra\AudioStation 6\astnscsi.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: Google Update Service (gupdate1c9b7fa825cc196) (gupdate1c9b7fa825cc196) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\Voyetra\AUDIOS~1\x10nets.exe

O24 - Desktop Component 0: (no name) - http://my.att.net/cobrand/bellsouth/img/icons/usrCPicon.png

O24 - Desktop Component 1: (no name) - http://img.worldcarfans.com/US/2008/1/7/90....008.Mini2L.jpg

O24 - Desktop Component 2: (no name) - http://www.f1fanatic.co.uk/wp-content/uplo...8_launch_11.jpg

--

End of file - 12291 bytes

Link to post
Share on other sites

1. Please uninstall the following application: NVIDIA ForceWare Network Access Manager

2. Please, open HiJackThis and select Do a system scan only.

Check the following entries:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1103

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Then, close all open windows except that of HijackThis, and select Fix Checked.

Link to post
Share on other sites

1. Please uninstall the following application: NVIDIA ForceWare Network Access Manager

2. Please, open HiJackThis and select Do a system scan only.

Check the following entries:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1103

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Then, close all open windows except that of HijackThis, and select Fix Checked.

So far so good. Thank you.

Link to post
Share on other sites

I may have spoke to soon just got redirected and have had 4 blocks in the last 10 minutes.

getting this again "Successfully Blocked Access To A Potentially Malicious Website

61.61.20.132

Also 213.163.89.104 and 91.212.226.6 and redirects in Firefox

Link to post
Share on other sites

Please read the following through carefully so that you understand what to do.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)
    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • It may ask you to reboot the computer to complete the process. Allow it to do so.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Link to post
Share on other sites

Please read the following through carefully so that you understand what to do.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)
    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • It may ask you to reboot the computer to complete the process. Allow it to do so.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

here is the file

09:56:36:142 2044 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48

09:56:36:142 2044 ================================================================================

09:56:36:142 2044 SystemInfo:

09:56:36:142 2044 OS Version: 5.1.2600 ServicePack: 3.0

09:56:36:142 2044 Product type: Workstation

09:56:36:142 2044 ComputerName: MSR

09:56:36:142 2044 UserName: Mike Stout

09:56:36:142 2044 Windows directory: C:\WINDOWS

09:56:36:142 2044 Processor architecture: Intel x86

09:56:36:142 2044 Number of processors: 2

09:56:36:142 2044 Page size: 0x1000

09:56:36:142 2044 Boot type: Normal boot

09:56:36:142 2044 ================================================================================

09:56:39:345 2044 Initialize success

09:56:39:345 2044

09:56:39:345 2044 Scanning Services ...

09:56:39:408 2044 Raw services enum returned 383 services

09:56:39:408 2044

09:56:39:408 2044 Scanning Drivers ...

09:56:40:189 2044 3c1807pd (20598faa1765af9495760c368b7156f0) C:\WINDOWS\system32\DRIVERS\3c1807pd.sys

09:56:40:314 2044 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

09:56:40:361 2044 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

09:56:40:392 2044 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

09:56:40:439 2044 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

09:56:40:502 2044 AFS2K (bc812c77f8a24370fd0512f0ff4967f8) C:\WINDOWS\system32\drivers\AFS2K.sys

09:56:40:580 2044 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys

09:56:40:627 2044 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

09:56:40:642 2044 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

09:56:40:674 2044 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

09:56:40:720 2044 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

09:56:40:752 2044 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys

09:56:40:845 2044 BCMNTIO (90a87d49205b3893281203a477f66fe5) C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys

09:56:40:892 2044 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

09:56:41:033 2044 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

09:56:41:095 2044 CdaC15BA (69419792390122eefd84e598d896715b) C:\WINDOWS\System32\drivers\CdaC15BA.SYS

09:56:41:189 2044 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

09:56:41:220 2044 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

09:56:41:236 2044 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

09:56:41:252 2044 Compbatt (f2f536fd6eadd65f4311a1bb9157f964) C:\WINDOWS\system32\DRIVERS\compbatt.sys

09:56:41:252 2044 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\compbatt.sys. Real md5: f2f536fd6eadd65f4311a1bb9157f964, Fake md5: 6e4c9f21f0fae8940661144f41b13203

09:56:41:252 2044 File "C:\WINDOWS\system32\DRIVERS\compbatt.sys" infected by TDSS rootkit ... 09:56:41:455 2044 Backup copy found, using it..

09:56:41:470 2044 will be cured on next reboot

09:56:41:502 2044 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

09:56:41:549 2044 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

09:56:41:595 2044 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys

09:56:41:642 2044 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

09:56:41:674 2044 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

09:56:41:689 2044 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

09:56:41:705 2044 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

09:56:41:720 2044 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\Drivers\fdc.sys

09:56:41:736 2044 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

09:56:41:783 2044 Flpydisk (badedbf182e560fa9a179b0f5f552958) C:\WINDOWS\system32\Drivers\Sdfloppy.sys

09:56:41:830 2044 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

09:56:41:861 2044 FPMSNT (b8842541c0ec22aa64148046f65a3e39) C:\WINDOWS\system32\drivers\FPMSNT.sys

09:56:41:877 2044 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

09:56:41:877 2044 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

09:56:41:908 2044 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys

09:56:41:955 2044 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

09:56:41:970 2044 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys

09:56:42:017 2044 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

09:56:42:049 2044 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys

09:56:42:064 2044 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

09:56:42:127 2044 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

09:56:42:158 2044 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

09:56:42:174 2044 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

09:56:42:330 2044 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

09:56:42:345 2044 IPFilter (9ea02e03ed52d25551a6e46cf3b94b01) C:\WINDOWS\system32\DRIVERS\IPFilter.sys

09:56:42:377 2044 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

09:56:42:424 2044 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

09:56:42:455 2044 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

09:56:42:517 2044 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

09:56:42:549 2044 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

09:56:42:564 2044 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

09:56:42:595 2044 itchfltr (8f1ba487b35f0c8f637e05113aa815f8) C:\WINDOWS\system32\DRIVERS\itchfltr.sys

09:56:42:595 2044 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

09:56:42:627 2044 kl1 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\WINDOWS\system32\DRIVERS\kl1.sys

09:56:42:658 2044 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys

09:56:42:689 2044 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

09:56:42:736 2044 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

09:56:42:892 2044 MAPMEM (61330a29bd4230505a7618bc41693cbb) C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys

09:56:42:924 2044 MBAMProtector (67b48a903430c6d4fb58cbaca1866601) C:\WINDOWS\system32\drivers\mbam.sys

09:56:42:939 2044 Memctl (6dc926c53624755b07cfe254f3845afa) C:\Program Files\U-ABIT\FlashMenu\Memctl.sys

09:56:42:986 2044 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

09:56:43:002 2044 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

09:56:43:002 2044 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

09:56:43:095 2044 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

09:56:43:111 2044 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

09:56:43:142 2044 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

09:56:43:189 2044 MRxSmb (421f7b922cec5a5f340e7574a98f7b7c) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

09:56:43:205 2044 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

09:56:43:236 2044 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

09:56:43:252 2044 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

09:56:43:299 2044 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

09:56:43:345 2044 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

09:56:43:377 2044 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

09:56:43:408 2044 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

09:56:43:455 2044 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

09:56:43:486 2044 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

09:56:43:486 2044 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

09:56:43:517 2044 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

09:56:43:533 2044 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

09:56:43:564 2044 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

09:56:43:580 2044 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

09:56:43:595 2044 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

09:56:43:642 2044 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

09:56:43:845 2044 nv (c190757a29a9bc0199032f353dd2557a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

09:56:44:049 2044 nvata (b7fb72492b753930ec70a0f49d04f12f) C:\WINDOWS\system32\DRIVERS\nvata.sys

09:56:44:080 2044 NVENET (c8400ca70bf8a30156487bf887886432) C:\WINDOWS\system32\DRIVERS\NVENET.sys

09:56:44:174 2044 NVENETFD (cc34564bca235ebad8b308d871efa2df) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

09:56:44:189 2044 nvnetbus (46fdb8d07dd4fc81093b0acb243a525d) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

09:56:44:236 2044 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

09:56:44:267 2044 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

09:56:44:299 2044 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

09:56:44:314 2044 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

09:56:44:345 2044 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

09:56:44:361 2044 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

09:56:44:377 2044 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

09:56:44:392 2044 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

09:56:44:502 2044 PPorts (1584b6d53116049a726a5c0f63d5dcf7) C:\WINDOWS\system32\DRIVERS\PPorts.sys

09:56:44:549 2044 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

09:56:44:595 2044 PQNTDrv (4228630829c0e521c43d882a00533374) C:\WINDOWS\system32\drivers\PQNTDrv.sys

09:56:44:611 2044 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

09:56:44:627 2044 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

09:56:44:658 2044 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

09:56:44:658 2044 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

09:56:44:720 2044 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

09:56:44:752 2044 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

09:56:44:783 2044 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

09:56:44:783 2044 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

09:56:44:845 2044 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

09:56:44:892 2044 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

09:56:44:908 2044 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

09:56:44:939 2044 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

09:56:44:970 2044 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

09:56:45:017 2044 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

09:56:45:142 2044 SANDRA (a4d65b2568f09ed2597bdb1f145153d7) C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\Sandra.sys

09:56:45:252 2044 Sdselect (7c4b01e60c2fd76ed7bc408b87d226c3) C:\WINDOWS\system32\drivers\Sdselect.sys

09:56:45:314 2044 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

09:56:45:361 2044 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

09:56:45:424 2044 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

09:56:45:439 2044 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

09:56:45:517 2044 snapman (e78c98378a071ce4d48a7c514fa98fa1) C:\WINDOWS\system32\DRIVERS\snapman.sys

09:56:45:549 2044 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys

09:56:45:611 2044 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

09:56:45:689 2044 SPorts (bc8b5bc7c59d5a60db72a95aae43b350) C:\WINDOWS\system32\DRIVERS\SPorts.sys

09:56:45:705 2044 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

09:56:45:799 2044 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys

09:56:45:861 2044 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

09:56:45:908 2044 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

09:56:46:002 2044 SymEvent (4091b529b88c16cdafdd50cb623f8365) C:\Program Files\Symantec\SYMEVENT.SYS

09:56:46:049 2044 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

09:56:46:111 2044 tbcspud (b45259cc19ea0a5b8a407923e03df96c) C:\WINDOWS\system32\drivers\tbcspud.sys

09:56:46:174 2044 tbcwdm (c7480d4478fa45bc83753e3e0b09cb58) C:\WINDOWS\system32\drivers\tbcwdm.sys

09:56:46:267 2044 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

09:56:46:314 2044 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

09:56:46:330 2044 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

09:56:46:345 2044 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

09:56:46:377 2044 tifsfilter (b84b82c0cbeb1b0d7eb7a946bade5830) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys

09:56:46:424 2044 timounter (74711884439bdf9ccf446c79cb05fac0) C:\WINDOWS\system32\DRIVERS\timntr.sys

09:56:46:502 2044 TSP (a11c971434468fa05815eec8228d63fd) C:\WINDOWS\system32\drivers\klif.sys

09:56:46:580 2044 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS

09:56:46:627 2044 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

09:56:46:705 2044 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

09:56:46:752 2044 USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\WINDOWS\system32\Drivers\usbaapl.sys

09:56:46:830 2044 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

09:56:46:845 2044 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

09:56:46:861 2044 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

09:56:46:892 2044 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

09:56:46:924 2044 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

09:56:46:970 2044 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

09:56:47:002 2044 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

09:56:47:017 2044 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

09:56:47:080 2044 vsdatant (1045d05bbd5170565927d7653346c961) C:\WINDOWS\system32\vsdatant.sys

09:56:47:111 2044 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

09:56:47:142 2044 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

09:56:47:252 2044 WINFLASH (fd5b87cd55134bf3545116dbbd45be88) C:\Program Files\U-ABIT\FlashMenu\WinFlash.sys

09:56:47:283 2044 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

09:56:47:314 2044 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

09:56:47:345 2044 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

09:56:47:377 2044 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

09:56:47:392 2044 Reboot required for cure complete..

09:56:47:408 2044 Cure on reboot scheduled successfully

09:56:47:408 2044

09:56:47:408 2044 Completed

09:56:47:408 2044

09:56:47:408 2044 Results:

09:56:47:408 2044 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

09:56:47:408 2044 File objects infected / cured / cured on reboot: 1 / 0 / 1

09:56:47:408 2044

09:56:47:424 2044 KLMD(ARK) unloaded successfully

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.