Jump to content

Recommended Posts

The computer is presuably infected with a Trojan.Win32.FraudPack.gtv (according to Kaspersky AV. infected file siszpe32.exe). After installation of Antimalware byte the program found 2 infected objects and removed them. However the problem remains and now AntiMalware stops running at HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer. No scan files is thus created.

Running RootkitBuster found hidden objects at Windows\Temp\cch~4a8xxxx.htp, but these files could not be removed.

Any suggestions?

Torben

Link to post
Share on other sites

Hello ,

And :) My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the runscanbutton.png button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
    gmer_zip.gif
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.

-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Link to post
Share on other sites

Hej Elise- thank you so much for your reply.

I divide the results in 3 as the post otherwise is too long for the system :-)

OTL logfile created on: 15-06-2010 16:09:10 - Run 1

OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\bruger\Skrivebord

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

767,00 Mb Total Physical Memory | 472,00 Mb Available Physical Memory | 62,00% Memory free

2,00 Gb Paging File | 1,00 Gb Available in Paging File | 79,00% Paging File free

Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmer

Drive C: | 74,52 Gb Total Space | 59,70 Gb Free Space | 80,11% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive J: | 488,48 Mb Total Space | 255,33 Mb Free Space | 52,27% Space Free | Partition Type: FAT

Computer Name: MIN-7SX4R0IRLS0

Current User Name: bruger

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-06-15 15:59:50 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bruger\Skrivebord\OTL.exe

PRC - [2009-03-12 10:44:32 | 000,184,968 | ---- | M] (SPAMfighter ApS) -- C:\Programmer\SPAMfighter\sfus.exe

PRC - [2008-06-10 04:27:04 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe

PRC - [2008-06-10 04:27:03 | 000,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmer\Java\jre1.6.0_07\bin\jucheck.exe

PRC - [2008-04-14 18:05:49 | 001,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008-01-11 23:16:38 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Programmer\Adobe\Reader 8.0\Reader\reader_sl.exe

PRC - [2007-06-28 12:51:38 | 000,218,376 | ---- | M] (Kaspersky Lab) -- C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

========== Modules (SafeList) ==========

MOD - [2010-06-15 15:59:50 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bruger\Skrivebord\OTL.exe

MOD - [2008-04-14 18:04:23 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

MOD - [2007-06-28 12:51:50 | 000,091,400 | ---- | M] (Kaspersky Lab) -- C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll

========== Win32 Services (SafeList) ==========

SRV - [2009-03-12 10:44:32 | 000,184,968 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Programmer\SPAMfighter\sfus.exe -- (SPAMfighter Update Service)

SRV - [2007-06-28 12:51:38 | 000,218,376 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe -- (AVP)

SRV - [2006-03-03 22:03:10 | 000,069,632 | ---- | M] (HP) [unknown | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2009-02-04 20:07:26 | 000,194,320 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (klif)

DRV - [2008-11-19 10:55:32 | 000,112,144 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)

DRV - [2008-04-14 18:06:30 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RDPWD.sys.bak -- (RDPWD)

DRV - [2008-04-14 18:06:29 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TDTCP.sys.bak -- (TDTCP)

DRV - [2008-04-14 18:06:29 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TDPIPE.sys.bak -- (TDPIPE)

DRV - [2008-04-13 20:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)

DRV - [2008-04-13 20:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)

DRV - [2008-04-13 19:40:26 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\lbrtfdc.sys -- (lbrtfdc)

DRV - [2007-04-04 14:58:26 | 000,024,344 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)

DRV - [2004-08-04 07:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) NT-driver til Realtek RTL8139(A/B/C)

DRV - [2003-07-28 15:19:00 | 001,341,339 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2002-11-18 09:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)

DRV - [2001-10-09 14:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\Cdaudio.sys.bak -- (Cdaudio)

DRV - [2001-08-17 23:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1078081533-926492609-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/

IE - HKU\S-1-5-21-1078081533-926492609-725345543-1004\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKU\S-1-5-21-1078081533-926492609-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2001-10-09 14:00:00 | 000,000,723 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\F

Link to post
Share on other sites

#2

OTL Extras logfile created on: 15-06-2010 16:09:10 - Run 1

OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\bruger\Skrivebord

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

767,00 Mb Total Physical Memory | 472,00 Mb Available Physical Memory | 62,00% Memory free

2,00 Gb Paging File | 1,00 Gb Available in Paging File | 79,00% Paging File free

Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmer

Drive C: | 74,52 Gb Total Space | 59,70 Gb Free Space | 80,11% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive J: | 488,48 Mb Total Space | 255,33 Mb Free Space | 52,27% Space Free | Partition Type: FAT

Computer Name: MIN-7SX4R0IRLS0

Current User Name: bruger

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Programmer\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Programmer\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" %*

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Programmer\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Programmer\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring" = 1

"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Programmer\Danware Data\NetOp Remote Control\Guest\ngstw32.exe" = C:\Programmer\Danware Data\NetOp Remote Control\Guest\ngstw32.exe:*:Enabled:NetOp Guest -- (Danware Data A/S)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Programmer\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programmer\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Programmer\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programmer\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Programmer\HP\Digital Imaging\bin\hposid01.exe" = C:\Programmer\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Programmer\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Programmer\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Programmer\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Programmer\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)

"C:\Programmer\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programmer\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Programmer\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programmer\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Programmer\Danware Data\NetOp Remote Control\Guest\ngstw32.exe" = C:\Programmer\Danware Data\NetOp Remote Control\Guest\ngstw32.exe:*:Enabled:NetOp Guest -- (Danware Data A/S)

"F:\ngstw32.exe" = F:\ngstw32.exe:*:Enabled:NetOp 32 Guest Application. -- File not found

"C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" = C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe:*:Disabled:Kaspersky Anti-Virus -- (Kaspersky Lab)

"J:\ngstw32.exe" = J:\ngstw32.exe:*:Disabled:NetOp 32 Guest Application. -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0000003C-0B6D-11DD-9910-0417A1A01290}" = NetOp Remote Control Guest

"{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300

"{16C9924C-C42A-4790-BD18-27BDCA4B23C1}" = SPAMfighter

"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress

"{2729C4B5-822B-43BB-9645-3E2C23F88489}" = Windows Presentation Foundation Language Pack (DAN)

"{31383A1D-FAE6-435A-9DBD-FDB61C7C8EC9}" = Ulead Photo Express 5 SE

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{350C97C6-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm

"{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}" = Kaspersky Anti-Virus 7.0

"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant

"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI

"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox

"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme

"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI

"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status

"{8B08E38A-73EF-4A3D-B166-EB8B7D98E0BA}" = Microsoft .NET Framework 3.0 Danish Language Pack

"{8BADD53C-3A6D-4D22-B8C5-56ACD699C17D}" = Digital Signatur

"{911B0406-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002

"{973F8409-F8DA-4A40-ACB4-12B02F3399D7}" = Microsoft .NET Framework 1.1 Danish Language Pack

"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC2B4C90-9F15-4B52-8FC1-0861725D588D}" = Windows Communication Foundation Language Pack - DAN

"{AC76BA86-7AD7-1030-7B44-A81200000003}" = Adobe Reader 8.1.2 - Dansk

"{AD91693E-78BA-48BF-81E5-6BE98FD09E1F}" = Windows Workflow Foundation DA Language Pack

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update

"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver

"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A

"{C06CE867-0019-4BDD-88C3-CD96F79FCDC7}" = Cortona3D Viewer

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter

"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5

"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp

"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch

"{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help

"{F11806F4-0CF2-4CA6-AD7A-8E96F059B824}" = Microsoft .NET Framework 2.0 Language Pack - DAN

"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC

"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan

"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA

"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth

"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations

"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"CCleaner" = CCleaner

"Digital Signatur" = Digital Signatur

"DXTXTRA" = Microsoft DirectX Transform optional components

"Google Chrome" = Google Chrome

"Google Updater" = Google Updater

"HP Imaging Device Functions" = HP Imaging Device Functions 7.0

"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0

"HPExtendedCapabilities" = HP Customer Participation Program 7.0

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallWIX_{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}" = Kaspersky Anti-Virus 7.0

"iPhoto Plus 4" = iPhoto Plus 4

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 2.0 Language Pack - DAN" = Microsoft .NET Framework 2.0 Language Pack - DAN

"Microsoft .NET Framework 3.0 Danish Language Pack" = Dansk sprogpakke til Microsoft .NET Framework 3.0

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers

"PCI Audio Applications" = PCI Audio Applications

"PCI Audio Driver" = PCI Audio Driver

"SPAMfighter" = SPAMfighter

"VLC media player" = VLC media player 1.0.5

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"WIC" = Windows Imaging Component

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

"Yahoo! Companion" = Yahoo! Toolbar

"Yahoo! Toolbar" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 18-07-2009 13:44:48 | Computer Name = MIN-7SX4R0IRLS0 | Source = crypt32 | ID = 131080

Description = Automatisk opdateringshentning af sekvensnummer for tredjepartsrodliste

mislykkedes fra <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

med fejlen Handlingen returnerede fordi timeout-perioden udl

Link to post
Share on other sites

Hello again, lets see if we can do a bit of cleanup here :)

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

Hello again,

  • Please download TDSSKiller.zip and save it to your desktop.
  • Extract the zip file to your desktop (important, before continuing, make sure the file is located on your desktop, otherwise the following steps will not work!). Do NOT run the file yet!
  • Click Start > Run and copy paste the following bolded text in the run box
    "%userprofile%\desktop\tdsskiller.exe" -l report.txt
  • When it finished press any key to continue.
  • If needed reboot the computer.

A logfile (report.txt) will be created on your desktop. Please post its contents in your next reply.

Link to post
Share on other sites

09:46:47:883 0612 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48

09:46:47:883 0612 ================================================================================

09:46:47:883 0612 SystemInfo:

09:46:47:883 0612 OS Version: 5.1.2600 ServicePack: 3.0

09:46:47:883 0612 Product type: Workstation

09:46:47:883 0612 ComputerName: MIN-7SX4R0IRLS0

09:46:47:883 0612 UserName: bruger

09:46:47:883 0612 Windows directory: C:\WINDOWS

09:46:47:883 0612 Processor architecture: Intel x86

09:46:47:883 0612 Number of processors: 1

09:46:47:883 0612 Page size: 0x1000

09:46:47:883 0612 Boot type: Normal boot

09:46:47:883 0612 ================================================================================

09:46:48:164 0612 Initialize success

09:46:48:164 0612

09:46:48:164 0612 Scanning Services ...

09:46:48:664 0612 Raw services enum returned 294 services

09:46:48:664 0612 Suspicious serv Sfloppy (h: 0, b: 1)

09:46:48:664 0612

09:46:48:664 0612 Hidden service detected!

09:46:48:664 0612 Service name: Sfloppy

09:46:48:664 0612 Image path:

09:46:48:664 0612 Type "delete" (without quotes) to delete it: 09:46:58:946 0612

09:46:58:946 0612 By user detect Sfloppy

09:46:58:946 0612 RegNode HKLM\SYSTEM\ControlSet001\services\Sfloppy infected by TDSS rootkit ... 09:46:58:946 0612 will be deleted on reboot

09:46:58:946 0612 RegNode HKLM\SYSTEM\ControlSet002\services\Sfloppy infected by TDSS rootkit ... 09:46:58:946 0612 will be deleted on reboot

09:46:58:946 0612 File C:\WINDOWS\system32\drivers\Sfloppy.sys infected by TDSS rootkit ... 09:46:58:946 0612 will be deleted on reboot

09:46:58:946 0612

09:46:58:946 0612 Scanning Drivers ...

09:46:59:946 0612 ACPI (991b6d6fe2a4d70caf76c41334e60926) C:\WINDOWS\system32\DRIVERS\ACPI.sys

09:47:00:071 0612 ACPIEC (6f99fe216de8c4875dbb12937620da0c) C:\WINDOWS\system32\drivers\ACPIEC.sys

09:47:00:227 0612 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

09:47:00:758 0612 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

09:47:00:946 0612 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

09:47:01:086 0612 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

09:47:01:180 0612 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

09:47:01:305 0612 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

09:47:01:461 0612 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

09:47:01:727 0612 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

09:47:01:852 0612 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

09:47:02:071 0612 cmpci (e5842ccf0953d3d46d5e26427b67e901) C:\WINDOWS\system32\drivers\cmaudio.sys

09:47:02:539 0612 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

09:47:02:711 0612 dmboot (8a3088f97b2caa3340bbb068f314e596) C:\WINDOWS\system32\drivers\dmboot.sys

09:47:02:977 0612 dmio (6d152a2781ffbd6a63a1e58801240e8e) C:\WINDOWS\system32\drivers\dmio.sys

09:47:03:118 0612 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

09:47:03:258 0612 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

09:47:03:414 0612 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

09:47:03:555 0612 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

09:47:03:664 0612 Fips (bb52a20854cf3e8e0474ee7167c7a3a5) C:\WINDOWS\system32\drivers\Fips.sys

09:47:03:789 0612 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

09:47:03:977 0612 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

09:47:04:102 0612 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

09:47:04:211 0612 Ftdisk (0a58505b5d0aba661d2ff59cd8cf79b9) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

09:47:04:352 0612 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys

09:47:04:461 0612 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

09:47:04:664 0612 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

09:47:04:789 0612 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

09:47:04:930 0612 i8042prt (42f890598efb480076558ca3cc151107) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

09:47:05:055 0612 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys

09:47:05:227 0612 intelppm (d1cd31b6cd4a99f3b82aec84cfdd4cba) C:\WINDOWS\system32\DRIVERS\intelppm.sys

09:47:05:352 0612 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

09:47:05:477 0612 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

09:47:05:602 0612 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

09:47:05:727 0612 isapnp (3ce6ec5903c59223b61f6a0b9b84b022) C:\WINDOWS\system32\DRIVERS\isapnp.sys

09:47:05:852 0612 Kbdclass (32e823dfd0a7f18cf3b024f78c7aa7dd) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

09:47:05:977 0612 kl1 (45056287cdd70803bad130bf71fe6890) C:\WINDOWS\system32\drivers\kl1.sys

09:47:06:102 0612 klif (ab2739a1456710bd224abb9e2f519af9) C:\WINDOWS\system32\drivers\klif.sys

09:47:06:227 0612 klim5 (967e2224217431b21f1d04fbb4c68a4b) C:\WINDOWS\system32\DRIVERS\klim5.sys

09:47:06:336 0612 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys

09:47:06:446 0612 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

09:47:06:555 0612 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

09:47:06:696 0612 lbrtfdc (406598827a1b5f77954de11dde115ced) C:\WINDOWS\system32\drivers\lbrtfdc.sys

09:47:06:821 0612 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

09:47:06:930 0612 Modem (67ac997db66fdfd07738df58b45cd1b9) C:\WINDOWS\system32\drivers\Modem.sys

09:47:07:071 0612 Mouclass (22774a2ab832972eca2ce227819f5af0) C:\WINDOWS\system32\DRIVERS\mouclass.sys

09:47:07:196 0612 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

09:47:07:336 0612 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

09:47:07:493 0612 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

09:47:07:743 0612 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

09:47:07:868 0612 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

09:47:07:977 0612 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys

09:47:08:118 0612 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

09:47:08:243 0612 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

09:47:08:368 0612 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

09:47:08:493 0612 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

09:47:08:618 0612 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

09:47:08:789 0612 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

09:47:08:914 0612 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

09:47:09:008 0612 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

09:47:09:180 0612 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

09:47:09:305 0612 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

09:47:09:446 0612 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

09:47:09:664 0612 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

09:47:09:852 0612 nv (1685a86ce8dc5a70d307dca625fb50e7) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

09:47:10:086 0612 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

09:47:10:227 0612 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

09:47:10:352 0612 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

09:47:10:477 0612 Parport (9e048790f33fe5f4fa9d27b5650a1dd5) C:\WINDOWS\system32\DRIVERS\parport.sys

09:47:10:555 0612 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

09:47:10:618 0612 ParVdm (48e97af5b876301131e9d1b0c43212c3) C:\WINDOWS\system32\drivers\ParVdm.sys

09:47:10:696 0612 PCI (5d756da95bd1e2f6e495704715532fdc) C:\WINDOWS\system32\DRIVERS\pci.sys

09:47:10:836 0612 PCIIde (69ce0d409c11347196147ea4c6c02364) C:\WINDOWS\system32\DRIVERS\pciide.sys

09:47:10:961 0612 Pcmcia (e980b6d0ca6acba679a0ac810ab9a57c) C:\WINDOWS\system32\drivers\Pcmcia.sys

09:47:11:274 0612 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

09:47:11:399 0612 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

09:47:11:508 0612 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

09:47:11:743 0612 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

09:47:11:899 0612 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

09:47:12:024 0612 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

09:47:12:149 0612 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

09:47:12:227 0612 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

09:47:12:352 0612 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

09:47:12:493 0612 redbook (d2ea9dae9a9f1bf40c0ea1d1d7c5592c) C:\WINDOWS\system32\DRIVERS\redbook.sys

09:47:12:618 0612 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

09:47:12:743 0612 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

09:47:12:868 0612 Serial (680ed46039ebd4c23eb708f1af6b9e5d) C:\WINDOWS\system32\DRIVERS\serial.sys

09:47:13:024 0612 Sfloppy (19c8fb7ae0c7f10453aafda8debae559) C:\WINDOWS\system32\drivers\Sfloppy.sys

09:47:13:024 0612 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\Sfloppy.sys. md5: 19c8fb7ae0c7f10453aafda8debae559

09:47:13:196 0612 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

09:47:13:352 0612 sr (b3ecb8b07f7991132c71c1b16a82ffe3) C:\WINDOWS\system32\DRIVERS\sr.sys

09:47:13:493 0612 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys

09:47:13:680 0612 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

09:47:14:149 0612 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

09:47:14:321 0612 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

09:47:14:539 0612 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

09:47:14:633 0612 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

09:47:14:758 0612 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

09:47:14:977 0612 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

09:47:15:102 0612 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

09:47:15:227 0612 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

09:47:15:336 0612 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

09:47:15:461 0612 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

09:47:15:586 0612 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

09:47:15:774 0612 VolSnap (69d9e1de5f897580f8b1d1957528b0b2) C:\WINDOWS\system32\drivers\VolSnap.sys

09:47:15:883 0612 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

09:47:16:039 0612 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

09:47:16:180 0612 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

09:47:16:305 0612 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

09:47:16:305 0612 Reboot required for cure complete..

09:47:16:711 0612 Cure on reboot scheduled successfully

09:47:16:711 0612

09:47:16:711 0612 Completed

09:47:16:711 0612

09:47:16:711 0612 Results:

09:47:16:711 0612 Registry objects infected / cured / cured on reboot: 2 / 0 / 2

09:47:16:711 0612 File objects infected / cured / cured on reboot: 1 / 0 / 1

09:47:16:711 0612

09:47:16:711 0612 KLMD(ARK) unloaded successfully

Torben

Link to post
Share on other sites

Hello again, that took finally care of the issue :)

Please let me know how things are running now.

UPDATE JAVA

------------------

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 20 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.

Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.

  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u20-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.

-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

MALWAREBYTES ANTIMALWARE

-------------------------------------------

Please launch MBAM and update the program before performing a scan.

  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Link to post
Share on other sites

OTL logfile created on: 20-06-2010 17:07:13 - Run 2

OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\bruger\Skrivebord

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

767,00 Mb Total Physical Memory | 320,00 Mb Available Physical Memory | 42,00% Memory free

2,00 Gb Paging File | 1,00 Gb Available in Paging File | 77,00% Paging File free

Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmer

Drive C: | 74,52 Gb Total Space | 59,72 Gb Free Space | 80,14% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MIN-7SX4R0IRLS0

Current User Name: bruger

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-06-15 15:59:50 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bruger\Skrivebord\OTL.exe

PRC - [2009-03-12 10:44:32 | 000,184,968 | ---- | M] (SPAMfighter ApS) -- C:\Programmer\SPAMfighter\sfus.exe

PRC - [2008-04-14 18:05:49 | 001,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008-01-11 23:16:38 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Programmer\Adobe\Reader 8.0\Reader\reader_sl.exe

PRC - [2007-06-28 11:51:38 | 000,218,376 | ---- | M] (Kaspersky Lab) -- C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

========== Modules (SafeList) ==========

MOD - [2010-06-15 15:59:50 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bruger\Skrivebord\OTL.exe

MOD - [2008-04-14 18:04:23 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

MOD - [2007-06-28 11:51:50 | 000,091,400 | ---- | M] (Kaspersky Lab) -- C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll

========== Win32 Services (SafeList) ==========

SRV - [2009-03-12 10:44:32 | 000,184,968 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Programmer\SPAMfighter\sfus.exe -- (SPAMfighter Update Service)

SRV - [2007-06-28 11:51:38 | 000,218,376 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe -- (AVP)

SRV - [2006-03-03 22:03:10 | 000,069,632 | ---- | M] (HP) [unknown | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2009-02-04 20:07:26 | 000,194,320 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (klif)

DRV - [2008-11-19 10:55:32 | 000,112,144 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)

DRV - [2008-04-14 18:06:30 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RDPWD.sys.bak -- (RDPWD)

DRV - [2008-04-14 18:06:29 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TDTCP.sys.bak -- (TDTCP)

DRV - [2008-04-14 18:06:29 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TDPIPE.sys.bak -- (TDPIPE)

DRV - [2008-04-13 20:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)

DRV - [2008-04-13 20:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)

DRV - [2008-04-13 19:40:26 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\lbrtfdc.sys -- (lbrtfdc)

DRV - [2007-04-04 13:58:26 | 000,024,344 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)

DRV - [2004-08-04 07:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) NT-driver til Realtek RTL8139(A/B/C)

DRV - [2003-07-28 15:19:00 | 001,341,339 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2002-11-18 09:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)

DRV - [2001-10-09 14:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\Cdaudio.sys.bak -- (Cdaudio)

DRV - [2001-08-17 23:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1078081533-926492609-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/

IE - HKU\S-1-5-21-1078081533-926492609-725345543-1004\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKU\S-1-5-21-1078081533-926492609-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2010-06-16 15:25:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\F

Link to post
Share on other sites

OTL logfile created on: 20-06-2010 17:07:13 - Run 2

OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\bruger\Skrivebord

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

767,00 Mb Total Physical Memory | 320,00 Mb Available Physical Memory | 42,00% Memory free

2,00 Gb Paging File | 1,00 Gb Available in Paging File | 77,00% Paging File free

Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmer

Drive C: | 74,52 Gb Total Space | 59,72 Gb Free Space | 80,14% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MIN-7SX4R0IRLS0

Current User Name: bruger

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-06-15 15:59:50 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bruger\Skrivebord\OTL.exe

PRC - [2009-03-12 10:44:32 | 000,184,968 | ---- | M] (SPAMfighter ApS) -- C:\Programmer\SPAMfighter\sfus.exe

PRC - [2008-04-14 18:05:49 | 001,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008-01-11 23:16:38 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Programmer\Adobe\Reader 8.0\Reader\reader_sl.exe

PRC - [2007-06-28 11:51:38 | 000,218,376 | ---- | M] (Kaspersky Lab) -- C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

========== Modules (SafeList) ==========

MOD - [2010-06-15 15:59:50 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bruger\Skrivebord\OTL.exe

MOD - [2008-04-14 18:04:23 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

MOD - [2007-06-28 11:51:50 | 000,091,400 | ---- | M] (Kaspersky Lab) -- C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll

========== Win32 Services (SafeList) ==========

SRV - [2009-03-12 10:44:32 | 000,184,968 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Programmer\SPAMfighter\sfus.exe -- (SPAMfighter Update Service)

SRV - [2007-06-28 11:51:38 | 000,218,376 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe -- (AVP)

SRV - [2006-03-03 22:03:10 | 000,069,632 | ---- | M] (HP) [unknown | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2009-02-04 20:07:26 | 000,194,320 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (klif)

DRV - [2008-11-19 10:55:32 | 000,112,144 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)

DRV - [2008-04-14 18:06:30 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RDPWD.sys.bak -- (RDPWD)

DRV - [2008-04-14 18:06:29 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TDTCP.sys.bak -- (TDTCP)

DRV - [2008-04-14 18:06:29 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TDPIPE.sys.bak -- (TDPIPE)

DRV - [2008-04-13 20:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)

DRV - [2008-04-13 20:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)

DRV - [2008-04-13 19:40:26 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\lbrtfdc.sys -- (lbrtfdc)

DRV - [2007-04-04 13:58:26 | 000,024,344 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)

DRV - [2004-08-04 07:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) NT-driver til Realtek RTL8139(A/B/C)

DRV - [2003-07-28 15:19:00 | 001,341,339 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2002-11-18 09:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)

DRV - [2001-10-09 14:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\Cdaudio.sys.bak -- (Cdaudio)

DRV - [2001-08-17 23:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1078081533-926492609-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/

IE - HKU\S-1-5-21-1078081533-926492609-725345543-1004\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKU\S-1-5-21-1078081533-926492609-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2010-06-16 15:25:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\F

Link to post
Share on other sites

18:59:01:421 2692 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48

18:59:01:421 2692 ================================================================================

18:59:01:421 2692 SystemInfo:

18:59:01:421 2692 OS Version: 5.1.2600 ServicePack: 3.0

18:59:01:421 2692 Product type: Workstation

18:59:01:421 2692 ComputerName: MIN-7SX4R0IRLS0

18:59:01:421 2692 UserName: bruger

18:59:01:421 2692 Windows directory: C:\WINDOWS

18:59:01:421 2692 Processor architecture: Intel x86

18:59:01:421 2692 Number of processors: 1

18:59:01:421 2692 Page size: 0x1000

18:59:01:421 2692 Boot type: Normal boot

18:59:01:421 2692 ================================================================================

18:59:01:812 2692 Initialize success

18:59:01:812 2692

18:59:01:812 2692 Scanning Services ...

18:59:02:265 2692 Raw services enum returned 293 services

18:59:02:281 2692

18:59:02:281 2692 Scanning Drivers ...

18:59:03:406 2692 ACPI (991b6d6fe2a4d70caf76c41334e60926) C:\WINDOWS\system32\DRIVERS\ACPI.sys

18:59:03:531 2692 ACPIEC (6f99fe216de8c4875dbb12937620da0c) C:\WINDOWS\system32\drivers\ACPIEC.sys

18:59:03:718 2692 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

18:59:04:187 2692 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

18:59:04:390 2692 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

18:59:04:531 2692 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

18:59:04:671 2692 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

18:59:04:796 2692 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

18:59:05:171 2692 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

18:59:05:359 2692 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

18:59:05:484 2692 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

18:59:05:687 2692 cmpci (e5842ccf0953d3d46d5e26427b67e901) C:\WINDOWS\system32\drivers\cmaudio.sys

18:59:06:109 2692 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

18:59:06:265 2692 dmboot (8a3088f97b2caa3340bbb068f314e596) C:\WINDOWS\system32\drivers\dmboot.sys

18:59:06:437 2692 dmio (6d152a2781ffbd6a63a1e58801240e8e) C:\WINDOWS\system32\drivers\dmio.sys

18:59:06:562 2692 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

18:59:06:843 2692 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

18:59:07:125 2692 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

18:59:07:250 2692 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

18:59:07:328 2692 Fips (bb52a20854cf3e8e0474ee7167c7a3a5) C:\WINDOWS\system32\drivers\Fips.sys

18:59:07:421 2692 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

18:59:07:531 2692 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

18:59:07:625 2692 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

18:59:07:750 2692 Ftdisk (0a58505b5d0aba661d2ff59cd8cf79b9) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

18:59:07:906 2692 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys

18:59:08:031 2692 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

18:59:08:203 2692 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

18:59:08:375 2692 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

18:59:08:515 2692 i8042prt (42f890598efb480076558ca3cc151107) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

18:59:08:640 2692 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys

18:59:08:890 2692 intelppm (d1cd31b6cd4a99f3b82aec84cfdd4cba) C:\WINDOWS\system32\DRIVERS\intelppm.sys

18:59:09:062 2692 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

18:59:09:187 2692 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

18:59:09:359 2692 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

18:59:09:453 2692 isapnp (3ce6ec5903c59223b61f6a0b9b84b022) C:\WINDOWS\system32\DRIVERS\isapnp.sys

18:59:09:515 2692 Kbdclass (32e823dfd0a7f18cf3b024f78c7aa7dd) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

18:59:09:656 2692 kl1 (45056287cdd70803bad130bf71fe6890) C:\WINDOWS\system32\drivers\kl1.sys

18:59:09:796 2692 klif (ab2739a1456710bd224abb9e2f519af9) C:\WINDOWS\system32\drivers\klif.sys

18:59:09:921 2692 klim5 (967e2224217431b21f1d04fbb4c68a4b) C:\WINDOWS\system32\DRIVERS\klim5.sys

18:59:10:046 2692 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys

18:59:10:203 2692 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

18:59:10:359 2692 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

18:59:10:484 2692 lbrtfdc (406598827a1b5f77954de11dde115ced) C:\WINDOWS\system32\drivers\lbrtfdc.sys

18:59:10:625 2692 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

18:59:10:750 2692 Modem (67ac997db66fdfd07738df58b45cd1b9) C:\WINDOWS\system32\drivers\Modem.sys

18:59:10:828 2692 Mouclass (22774a2ab832972eca2ce227819f5af0) C:\WINDOWS\system32\DRIVERS\mouclass.sys

18:59:10:953 2692 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

18:59:11:125 2692 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

18:59:11:265 2692 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

18:59:11:437 2692 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

18:59:11:546 2692 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

18:59:11:671 2692 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys

18:59:11:796 2692 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

18:59:11:937 2692 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

18:59:12:078 2692 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

18:59:12:171 2692 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

18:59:12:296 2692 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

18:59:12:375 2692 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

18:59:12:453 2692 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

18:59:12:546 2692 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

18:59:12:656 2692 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

18:59:12:703 2692 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

18:59:12:859 2692 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

18:59:13:093 2692 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

18:59:13:281 2692 nv (1685a86ce8dc5a70d307dca625fb50e7) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

18:59:13:437 2692 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

18:59:13:593 2692 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

18:59:13:718 2692 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

18:59:13:843 2692 Parport (9e048790f33fe5f4fa9d27b5650a1dd5) C:\WINDOWS\system32\DRIVERS\parport.sys

18:59:13:984 2692 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

18:59:14:062 2692 ParVdm (48e97af5b876301131e9d1b0c43212c3) C:\WINDOWS\system32\drivers\ParVdm.sys

18:59:14:187 2692 PCI (5d756da95bd1e2f6e495704715532fdc) C:\WINDOWS\system32\DRIVERS\pci.sys

18:59:14:328 2692 PCIIde (69ce0d409c11347196147ea4c6c02364) C:\WINDOWS\system32\DRIVERS\pciide.sys

18:59:14:406 2692 Pcmcia (e980b6d0ca6acba679a0ac810ab9a57c) C:\WINDOWS\system32\drivers\Pcmcia.sys

18:59:14:859 2692 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

18:59:15:000 2692 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

18:59:15:125 2692 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

18:59:15:359 2692 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

18:59:15:437 2692 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

18:59:15:562 2692 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

18:59:15:687 2692 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

18:59:15:812 2692 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

18:59:15:937 2692 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

18:59:16:109 2692 redbook (d2ea9dae9a9f1bf40c0ea1d1d7c5592c) C:\WINDOWS\system32\DRIVERS\redbook.sys

18:59:16:234 2692 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

18:59:16:359 2692 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

18:59:16:437 2692 Serial (680ed46039ebd4c23eb708f1af6b9e5d) C:\WINDOWS\system32\DRIVERS\serial.sys

18:59:16:578 2692 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

18:59:16:671 2692 sr (b3ecb8b07f7991132c71c1b16a82ffe3) C:\WINDOWS\system32\DRIVERS\sr.sys

18:59:16:812 2692 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys

18:59:16:953 2692 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

18:59:17:187 2692 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

18:59:17:296 2692 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

18:59:17:515 2692 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

18:59:17:656 2692 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

18:59:17:812 2692 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

18:59:17:921 2692 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

18:59:18:015 2692 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

18:59:18:125 2692 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

18:59:18:203 2692 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

18:59:18:328 2692 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

18:59:18:453 2692 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

18:59:18:609 2692 VolSnap (69d9e1de5f897580f8b1d1957528b0b2) C:\WINDOWS\system32\drivers\VolSnap.sys

18:59:18:734 2692 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

18:59:18:890 2692 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

18:59:19:062 2692 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

18:59:19:140 2692 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

18:59:19:140 2692

18:59:19:140 2692 Completed

18:59:19:156 2692

18:59:19:156 2692 Results:

18:59:19:156 2692 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

18:59:19:156 2692 File objects infected / cured / cured on reboot: 0 / 0 / 0

18:59:19:156 2692

18:59:19:156 2692 KLMD(ARK) unloaded successfully

After starting Kaspersly antivirus I got a warning:

c:\documents and setting\bruger\skrivebord\combofix.exe//PE_Patch/32788R22FWJFW\filekill.cfxxe and catchme.cfxxe

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.