Jump to content

Infected computer - can't fix


Recommended Posts

About a week ago I would be browsing the internet and be redirected to all sorts of websites. Nothing bad, just I couldn't do a thing. I would do a google search, click one of the topics, and go to some random other websites. I tried running various anti-virus scans and could get nothing to really clean it. It started as the antivir virus, I tried clearing that and downloaded Avast, which I can't seem to remove now.... I just got BitDefender hoping to clean everything up, no luck. BitDefender still pops up with something called Gen:Variant.Bubnix.1 accessed by AvastSvc and apparently can'tg et rid of it. This is after running MBAM as well. I have to post everything on my 2nd computer because now I can't even open internet explorer. Here are the MBAM and DDS/GMER logs.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4430

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

8/14/2010 2:01:17 PM

mbam-log-2010-08-14 (14-01-17).txt

Scan type: Quick scan

Objects scanned: 134560

Time elapsed: 6 minute(s), 22 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 12

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 10

Files Infected: 6

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\adgj.aghlp (Adware.EZLife) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\adgj.aghlp.1 (Adware.EZLife) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\10DPP6O2VE (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\BSK91O3T6D (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\SolutionAV (Rogue.AntivirSolutionPro) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bsk91o3t6d (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mchk (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Documents and Settings\Zach\Application Data\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.

C:\Documents and Settings\Zach\Application Data\Sky-Banners\skb (Adware.Adrotator) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Application Data\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Application Data\Sky-Banners\skb (Adware.Adrotator) -> Quarantined and deleted successfully.

C:\Documents and Settings\Zach\Application Data\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.

C:\Documents and Settings\Zach\Application Data\Street-Ads\sta (Adware.Adrotator) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Application Data\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Application Data\Street-Ads\sta (Adware.Adrotator) -> Quarantined and deleted successfully.

C:\settingsxx.exe (Spyware.SpyEyes) -> Quarantined and deleted successfully.

C:\WINDOWS\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.

Files Infected:

C:\Documents and Settings\Zach\Application Data\Sky-Banners\skb\log.xml (Adware.Adrotator) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Application Data\Sky-Banners\skb\log.xml (Adware.Adrotator) -> Quarantined and deleted successfully.

C:\settingsxx.exe\config.bin (Spyware.SpyEyes) -> Quarantined and deleted successfully.

C:\WINDOWS\$NtUninstallMTF1011$\zrpt.xml (Adware.Adrotator) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\msrun.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

DDS (Ver_10-03-17.01) - NTFSx86

Run by Zach at 10:17:45.04 on Sun 08/15/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2776 [GMT -7:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\rundll32.exe

svchost.exe

C:\WINDOWS\system32\acs.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE

C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe

C:\WINDOWS\CTHELPER.EXE

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Documents and Settings\Zach\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyServer = http=127.0.0.1:6522

uInternet Settings,ProxyOverride = <local>

BHO: PE_IE_Helper Class: {0941c58f-e461-4e03-bd7d-44c27392ade1} - c:\program files\ibm\lotus forms\viewer\3.0\PEhelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"

mRun: [CTDVDDET] "c:\program files\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE"

mRun: [RCSystem] "c:\program files\creative\shared files\module loader\DLLML.exe" RCSystem * -Startup

mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"

mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanel.exe" /r

mRun: [CTHelper] CTHELPER.EXE

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [updReg] c:\windows\UpdReg.EXE

mRun: [masqform.exe] c:\program files\ibm\lotus forms\viewer\3.0\masqform.exe -RunOnce"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [bitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe"

mRun: [bDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe"

dRun: [Llaletil] rundll32.exe "c:\windows\mfockex.dll",Startup

dRun: [fserhsrx] c:\documents and settings\networkservice\local settings\application data\kstjpntbu\igyksvktssd.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe

mPolicies-system: EnableLUA = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab

DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-3 165456]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-3 40384]

R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2010-2-3 153448]

R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2010-4-30 44032]

R3 ndisrd;WinpkFilter Service;c:\windows\system32\drivers\ndisrd.sys [2010-8-8 20480]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2010-7-26 58600]

R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-11-21 22328]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-11-21 1418368]

S2 aswFsBlk;aswFsBlk;aswFsBlk.sys --> aswFsBlk.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-28 135664]

S2 StarWindServiceAE;StarWind AE Service;c:\downloads\alcohol.120.v1.9.8.7612.retail.multilang.patch.v4.1.1.chvl\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]

S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-10-19 183880]

S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-3 40384]

S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-3 40384]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-11-3 25832]

S3 FLASHSYS;FLASHSYS;c:\program files\msi\live update 4\lu4\FlashSys.sys [2009-11-21 9216]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]

=============== Created Last 30 ================

2010-08-15 17:11:28 274 ----a-w- c:\documents and settings\zach\defogger_reenable

2010-08-14 21:04:18 385 ----a-w- c:\windows\system32\user_gensett.xml

2010-08-14 20:52:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-14 20:52:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-14 06:44:56 850 ----a-w- c:\documents and settings\zach\Application DataProductTweaks.xml

2010-08-14 06:44:56 385 ----a-w- c:\documents and settings\zach\Application Datauser_gensett.xml

2010-08-14 06:44:45 52 ----a-w- c:\windows\system32\ashttpstats.csv

2010-08-14 06:41:05 376 ----a-w- c:\documents and settings\zach\Application Dataprivacy.xml

2010-08-14 06:35:59 0 d-----w- c:\program files\BitDefender

2010-08-14 06:35:59 0 d-----w- c:\docume~1\zach\applic~1\BitDefender

2010-08-14 06:35:59 0 d-----w- c:\docume~1\alluse~1\applic~1\BitDefender

2010-08-14 06:35:31 0 d-----w- c:\program files\common files\BitDefender

2010-08-14 06:29:46 880 ----a-w- C:\BdUninstallTool2010.08.13-11.29.45.reg

2010-08-14 06:27:14 79244 ----a-w- C:\BdUninstallTool2010.08.13-11.27.14.reg

2010-08-12 02:58:51 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-08-08 21:37:00 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-08 21:37:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-08-08 21:21:23 0 d-----w- c:\docume~1\zach\applic~1\Malwarebytes

2010-08-08 20:54:46 20480 ----a-w- c:\windows\system32\drivers\ndisrd.sys

2010-08-03 23:47:01 0 d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation

2010-08-03 23:34:32 38848 ----a-w- c:\windows\avastSS.scr

2010-08-03 23:34:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software

2010-08-03 23:22:24 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-08-03 21:04:15 2858 ----a-w- c:\windows\ewazurowov.dll

2010-08-03 20:48:51 5 ----a-w- C:\zrpt.xml

2010-08-03 20:46:50 0 ----a-w- c:\windows\Isiqog.bin

2010-08-03 20:46:49 120 ----a-w- c:\windows\Qworililunutow.dat

2010-08-03 20:46:48 0 d-----w- c:\docume~1\alluse~1\applic~1\Update

2010-08-03 20:45:18 102400 --sha-r- c:\windows\system32\framebufw.dll

2010-08-03 20:44:50 782336 ----a-w- c:\windows\system32\drivers\vtxakhgg.sys

2010-08-03 20:44:25 0 d-----w- c:\docume~1\zach\applic~1\3EA1A769637C132C6EA7D09AACD8BD49

2010-08-02 13:31:23 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

2010-07-26 14:01:24 58600 ----a-w- c:\windows\system32\drivers\nvhda32.sys

2010-07-26 14:01:24 26216 ----a-w- c:\windows\system32\nvhdap32.dll

2010-07-26 14:01:24 227944 ----a-w- c:\windows\system32\nvcohda.dll

2010-07-25 06:09:04 0 d-----w- c:\program files\Heroes of Newerth

2010-07-18 04:13:06 228632 ----a-w- c:\windows\system32\nvdrsdb0.bin

2010-07-18 04:13:04 228632 ----a-w- c:\windows\system32\nvdrsdb1.bin

2010-07-18 04:13:04 1 ----a-w- c:\windows\system32\nvdrssel.bin

2010-07-18 04:13:04 0 ----a-w- c:\windows\system32\nvdrswr.lk

2010-07-18 04:06:56 0 d-----w- c:\program files\SystemRequirementsLab

==================== Find3M ====================

2010-06-14 22:03:00 6352768 ----a-w- c:\windows\system32\nv4_disp.dll

2010-06-14 22:03:00 61440 ----a-w- c:\windows\system32\OpenCL.dll

2010-06-14 22:03:00 4579328 ----a-w- c:\windows\system32\nvcuda.dll

2010-06-14 22:03:00 2910824 ----a-w- c:\windows\system32\nvcuvid.dll

2010-06-14 22:03:00 2505320 ----a-w- c:\windows\system32\nvcuvenc.dll

2010-06-14 22:03:00 232040 ----a-w- c:\windows\system32\nvcodins.dll

2010-06-14 22:03:00 232040 ----a-w- c:\windows\system32\nvcod.dll

2010-06-14 22:03:00 2195030 ----a-w- c:\windows\system32\nvdata.bin

2010-06-14 22:03:00 1388544 ----a-w- c:\windows\system32\nvapi.dll

2010-06-14 22:03:00 13533184 ----a-w- c:\windows\system32\nvoglnt.dll

2010-06-14 22:03:00 10260480 ----a-w- c:\windows\system32\nvcompiler.dll

2010-06-07 02:57:41 68250 ----a-w- c:\windows\hpoins05.dat

2010-06-02 11:55:30 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll

2010-06-02 11:55:30 527192 ----a-w- c:\windows\system32\XAudio2_7.dll

2010-06-02 11:55:30 239960 ----a-w- c:\windows\system32\xactengine3_7.dll

2010-05-26 18:41:02 470880 ----a-w- c:\windows\system32\d3dx10_43.dll

2010-05-26 18:41:02 248672 ----a-w- c:\windows\system32\d3dx11_43.dll

2010-05-26 18:41:02 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll

2010-05-26 18:41:02 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll

2010-05-26 18:41:02 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll

2005-04-06 18:55:38 456384 ----a-w- c:\windows\inf\wg311t\WG311T13.sys

2004-10-20 02:58:28 35232 ----a-w- c:\windows\inf\wg311t\ME_INST.EXE

2004-10-20 02:58:28 26112 ----a-w- c:\windows\inf\wg311t\install.exe

2008-10-27 19:33:29 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100620081013\index.dat

2008-10-27 19:33:29 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102720081028\index.dat

============= FINISH: 10:19:04.10 ===============

Thanks,

Zach

Link to post
Share on other sites

Thanks for your help - this has been supremely frustrating.

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #2

==============================================

>Drivers

==============================================

0xB32B1000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 10600448 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 258.56 )

0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 6352896 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 258.56 )

0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)

0x804D7000 PnpManager 2150400 bytes

0x804D7000 RAW 2150400 bytes

0x804D7000 WMIxWDM 2150400 bytes

0xBF800000 Win32k 1851392 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0xAC68C000 C:\WINDOWS\system32\drivers\viahduaa.sys 1421312 bytes (VIA Technologies, Inc., VIA High Definition Audio Function Driver)

0xACAF6000 C:\WINDOWS\system32\drivers\ha20x2k.sys 1114112 bytes (Creative Technology Ltd, Creative 20X HAL (WDM))

0xB7EA2000 vtxakhgg.sys 811008 bytes

0xACA06000 C:\WINDOWS\system32\drivers\ctac32k.sys 638976 bytes (Creative Technology Ltd, Creative AC3 SW Decoder Device Driver (WDM))

0xB7D5C000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xAC453000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xB31C2000 C:\WINDOWS\system32\drivers\ctaud2k.sys 442368 bytes (Creative Technology Ltd, Creative WDM Audio Device Driver)

0xB2FEE000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)

0xAC600000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0xAB74B000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)

0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0xAB372000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xB316C000 C:\WINDOWS\system32\drivers\ctoss2k.sys 204800 bytes (Creative Technology Ltd., Creative OS Services Driver (WDM))

0xB304C000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)

0xB7F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)

0xACAC9000 C:\WINDOWS\system32\drivers\emupia2k.sys 184320 bytes (Creative Technology Ltd, E-mu Plug-in Architecture Driver (WDM))

0xAB842000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0xB7D2F000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xAB061000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)

0xAC4C3000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xB3275000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)

0xAC5B0000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0xAC42C000 C:\WINDOWS\System32\Drivers\aswSP.SYS 159744 bytes (ALWIL Software, avast! self protection module)

0xACAA2000 C:\WINDOWS\system32\drivers\ctsfm2k.sys 159744 bytes (Creative Technology Ltd, SoundFont® Manager (WDM))

0xB7E5D000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)

0xAC113000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)

0xB319E000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0xB3251000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xB322E000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0xAC58E000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x806E4000 ACPI_HAL 134400 bytes

0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xB7E25000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0xB7E83000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)

0xB7D15000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0xB7E45000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)

0xABD8C000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (ALWIL Software, avast! File System Filter Driver for Windows XP)

0xB7DFC000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xB312D000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0xABAA7000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)

0xB329D000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)

0xAC659000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)

0xB7DE9000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)

0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)

0xB7E13000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)

0xB7F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0xB307C000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)

0xB30ED000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)

0xB8198000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xB80A8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)

0xB81B8000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)

0xB81C8000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0xB8178000 C:\WINDOWS\system32\DRIVERS\l1c51x86.sys 61440 bytes (Atheros Communications, Inc., Atheros AR813x/AR815x PCI-E Ethernet Controller ndis miniport driver)

0xB81A8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)

0xABF3B000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)

0xB8258000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)

0xB80B8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)

0xB8168000 C:\WINDOWS\system32\DRIVERS\AmdPPM.sys 53248 bytes (Advanced Micro Devices, AMD Processor Driver)

0xB8108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)

0xB8278000 C:\WINDOWS\system32\drivers\nvhda32.sys 53248 bytes (NVIDIA Corporation, NVIDIA HDMI Audio Driver)

0xB81D8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xB80E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0xB81F8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0xB8238000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)

0xB8188000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)

0xB80D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)

0xB81E8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0xB30BD000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (ALWIL Software, avast! TDI Filter Driver)

0xB80C8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)

0xB8268000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)

0xB8228000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)

0xB80F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)

0xB8298000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)

0xB8208000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)

0xB8218000 C:\WINDOWS\system32\DRIVERS\ndisrd.sys 36864 bytes (NT Kernel Resources, NDISRD helper driver)

0xB309D000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)

0xAB603000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0xB8118000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)

0xB30AD000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xB8398000 C:\WINDOWS\system32\drivers\ctprxy2k.sys 32768 bytes (Creative Technology Ltd, Creative Proxy Device Driver (WDM))

0xB84A8000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)

0xB8430000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)

0xB8380000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0xB8468000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0xB8328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0xB8480000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)

0xB8340000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (ALWIL Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)

0xB83E8000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)

0xB83F0000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)

0xB8488000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0xB8498000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)

0xB8330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)

0xB83C8000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)

0xB83D8000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)

0xB83B8000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)

0xB8370000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)

0xB8390000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)

0xABECB000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 16384 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)

0xB859C000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0xB85A4000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)

0xABEEB000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)

0xB8560000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)

0xB854C000 C:\WINDOWS\system32\DRIVERS\usbfilter.sys 16384 bytes (Advanced Micro Devices, AMD USB Filter Driver)

0xB84B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)

0xAC424000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)

0xAC848000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)

0xB2FEA000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0xB857C000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0xB2FDA000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0xB8574000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)

0xB85EA000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)

0xB85AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)

0xB85E6000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)

0xB85A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0xB85EE000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)

0xB85F2000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)

0xB85CE000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0xB85B6000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0xB85AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0xB8671000 amdide.sys 4096 bytes (Advanced Micro Devices, AMD PCI SATA/IDE Bus Driver)

0xB87D5000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)

0xB8777000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)

0xB86DC000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)

0xB8670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

0x8AFE5158 unknown_irp_handler 3752 bytes

!!!!!!!!!!!Hidden driver: 0x8ACCFAEA ?_empty_? 1302 bytes

!!!!!!!!!!!Hidden driver: 0x8AE3DF38 ?_empty_? 0 bytes

==============================================

>Stealth

==============================================

0xB7E45000 WARNING: suspicious driver modification [atapi.sys::0x8ACCFAEA]

0xB83F0000 WARNING: Virus alike driver modification [mouclass.sys], 24576 bytes

WARNING: File locked for read access [C:\WINDOWS\system32\drivers\vtxakhgg.sys]

==============================================

>Files

==============================================

!-->[Hidden] C:\Documents and Settings\Zach\Local Settings\Temporary Internet Files\Content.IE5\D3KN7N2F\pixel;r=270870788;fpan=1;fpa=P0-817672776-1281714151296;ns=0;url=http___www.thathomesite.com_forums_load_windows_msg091959

1531546.html_5;ref=http___www.google[1].gif]

!-->[Hidden] C:\Documents and Settings\Zach\Local Settings\Temporary Internet Files\Content.IE5\NMJVQWBC\data=LtgX-e3f8ctI3U5dJtbt7EJ1ZfRneYme,PR-UWyqR0rGpaBnEu1s6_mSnkkr42DYmCQ8QXe0UOU59v9QzktdomgTyW40ucTeEj4l369E9QoQhlLwnvlP

i0d-QIm79hkn5cY8sOT_B_uvpfPJjW_wObgs[1].gifif

!-->[Hidden] C:\Documents and Settings\Zach\Local Settings\Temporary Internet Files\Content.IE5\VWEMK758\data=LtgX-e3f8ctI3U5dJtbt7EJ1ZfRneYme,5NjbnR36G-srCeLqF8d0n6M3Awg8Ri6CtxX1ophb3WeeQbzp3qpKYEOW8hmxjcyoRLnMXTPFMLugc1M9Z0EBMj23AY

txhXNy1E0uBlHadgrvJWAxB-wi800[1].gifif

!-->[Hidden] C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb::$DATA

!-->[Hidden] C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log::$DATA

!-->[Hidden] C:\WINDOWS\system32\CatRoot2\tmp.edb

==============================================

>Hooks

==============================================

Key object-->ParseProcedure, Type: Kernel Object [unknown_code_page]

ntkrnlpa.exe+0x0006ECAE, Type: Inline - RelativeJump 0x80545CAE-->80545CB5 [ntkrnlpa.exe]

[1464]svchost.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]

[1464]svchost.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]

[1464]svchost.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]

[1464]svchost.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]

[1464]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]

[1464]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]

[1464]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x7E42974E-->00000000 [unknown_code_page]

[440]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]

[440]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]

[440]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]

[440]explorer.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]

[440]explorer.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]

[440]explorer.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]

[440]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]

[440]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]

[440]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]

[440]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]

[440]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]

[780]rundll32.exe-->user32.dll-->MessageBoxW, Type: IAT modification 0x010010A8-->00000000 [unknown_code_page]

[984]services.exe-->advapi32.dll-->CreateProcessAsUserW, Type: IAT modification 0x01001094-->00000000 [unknown_code_page]

[984]services.exe-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x01001114-->00000000 [unknown_code_page]

!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 10/10/2008 10:56:17 AM

System Uptime: 8/15/2010 10:12:44 AM (0 hours ago)

Motherboard: MSI | | 770-G45 (MS-7599)

Processor: AMD Phenom II X2 550 Processor | CPU1 | 3100/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 128 GiB total, 11.37 GiB free.

D: is FIXED (NTFS) - 105 GiB total, 30.689 GiB free.

E: is CDROM ()

F: is FIXED (NTFS) - 149 GiB total, 66.792 GiB free.

H: is Removable

I: is Removable

J: is Removable

K: is Removable

L: is Removable

N: is FIXED (FAT32) - 596 GiB total, 331.994 GiB free.

P: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: NETGEAR 108 Mbps Wireless PCI Adapter WG311T

Device ID: PCI\VEN_168C&DEV_0013&SUBSYS_5A001385&REV_01\4&2966AB86&0&38A4

Manufacturer: NETGEAR, Inc.

Name: NETGEAR 108 Mbps Wireless PCI Adapter WG311T #3

PNP Device ID: PCI\VEN_168C&DEV_0013&SUBSYS_5A001385&REV_01\4&2966AB86&0&38A4

Service: AR5211

==== System Restore Points ===================

RP1: 8/3/2010 2:01:06 PM - System Checkpoint

RP2: 8/3/2010 2:43:56 PM - Software Distribution Service 3.0

RP3: 8/3/2010 4:34:27 PM - avast! Free Antivirus Setup

RP4: 8/3/2010 4:41:27 PM - avast! Free Antivirus Setup

RP5: 8/4/2010 9:33:15 PM - System Checkpoint

RP6: 8/5/2010 9:45:03 PM - System Checkpoint

RP7: 8/6/2010 10:07:55 PM - System Checkpoint

RP8: 8/7/2010 11:55:13 PM - System Checkpoint

RP9: 8/9/2010 3:17:53 AM - System Checkpoint

RP10: 8/10/2010 3:43:11 AM - System Checkpoint

RP11: 8/11/2010 4:35:47 AM - System Checkpoint

RP12: 8/12/2010 4:45:27 AM - System Checkpoint

RP13: 8/13/2010 4:57:39 AM - System Checkpoint

RP14: 8/13/2010 11:35:56 PM - Installed BitDefender Antivirus 2010

RP15: 8/15/2010 1:38:41 AM - System Checkpoint

==== Installed Programs ======================

AAC Decoder

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.3.3

Adobe Shockwave Player 11.5

AiO_Scan

AMD Processor Driver

AMD USB Filter Driver

ATI - Software Uninstall Utility

ATI AVIVO Codecs

ATI Parental Control & Encoder

AutoUpdate

avast! Free Antivirus

BitComet 1.12

BitDefender Antivirus 2010

BufferChm

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center HydraVision Full

ccc-core-preinstall

ccc-core-static

ccc-utility

CCC Help English

CCScore

Citrix Presentation Server Client - Web Only

Compatibility Pack for the 2007 Office system

Copy

CP_AtenaShokunin1Config

cp_dwShrek2Albums1

cp_dwShrek2Cards1

Creative Media Toolbox

Creative MediaSource

Creative System Information

CreativeProjects

CreativeProjectsTemplates

Critical Update for Windows Media Player 11 (KB959772)

CueTour

Destinations

Director

DivX Codec

DivX Player

DivX Plus DirectShow Filters

DivX Version Checker

DivX Web Player

DocProc

DocumentViewer

Download Manager 2.3.10

Dragon Age: Origins

Dragon Age: Origins Character Creator

ESSCDBK

ESScore

ESSgui

ESSini

ESSPCD

ESSSONIC

ESSTOOLS

essvatgt

ExtractNow

getPlus® for Adobe

Google Toolbar for Internet Explorer

Google Update Helper

H.264 Decoder

Heroes of Newerth

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Extended Capabilities 4.7

HP Image Zone 4.7

HP PSC & OfficeJet 4.7

HP Software Update

HPSystemDiagnostics

IBM Lotus Forms Viewer 3.0

InstantShare

Java Auto Updater

Java 6 Update 18

K-Lite Codec Pack 4.1.7 (Full)

kgcbaby

kgcbase

kgchday

kgchlwn

kgcinvt

kgckids

kgcmove

kgcvday

KODAK EASYSHARE Gallery Upload ActiveX Control

Kodak EasyShare software

KODAK Gallery Upload Software

KSU

Liveupdate4

Malwarebytes' Anti-Malware

MarketResearch

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft National Language Support Downlevel APIs

Microsoft Office Professional Edition 2003

Microsoft Office XP Media Content

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

MKV Splitter

Move Media Player

MSI Afterburner 1.6.0

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nancy Drew: Secret of Shadow Ranch

netbrdg

NETGEAR Wireless Adapter WG311T

Notifier

NVIDIA Display Control Panel

NVIDIA Drivers

NVIDIA nView Desktop Manager

NVIDIA PhysX

OfotoXMI

OGA Notifier 2.0.0048.0

Pando Media Booster

PanoStandAlone

PCDADDIN

PCDHELP

PhotoGallery

Platform

PSP ISO Compressor

QFolder

QuickTime

Scan

ScannerCopy

Security Update for CAPICOM (KB931906)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956390)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

SFR

SHASTA

SKIN0001

SkinsHP1

SKINXSDK

Sound Blaster X-Fi

StarCraft II

staticcr

System Requirements Lab

tooltips

TrayApp

Uniblue DriverScanner 2009

Unload

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB973874)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VC80CRTRedist - 8.0.50727.762

VIA Platform Device Manager

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

VLC media player 1.0.1

VPRINTOL

WebFldrs XP

WebReg

Windows Genuine Advantage Notifications (KB905474)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

WinRAR archiver

WIRELESS

XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

8/8/2010 10:51:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

8/13/2010 8:12:37 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the nvsvc service.

8/12/2010 1:54:42 PM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

8/12/2010 1:54:42 PM, error: Service Control Manager [7000] - The aswFsBlk service failed to start due to the following error: The system cannot find the file specified.

8/12/2010 1:53:59 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.

8/12/2010 1:53:59 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.

==== End Of File ===========================

Link to post
Share on other sites

Trullyn:

This will take several steps to clean. Here are your first instructions.

icon11.gif Please download MBRCheck.exe to your desktop.

  • Be sure to disable your security programs
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A small window should open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your deskop. Please post the contents of that file.

icon11.gif Download ComboFix from one of the following locations:

Link 1

Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link

  • Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

  • Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please include the following in your next post:

  • MBRCheck log
  • ComboFix log

Link to post
Share on other sites

After running Combofix it told me that Rootkit activity was detected and it needed to restart. I restarted the computer and Combofix started back up again, and restarted again. Here are the logs:

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Professional

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x0000afbc

Kernel Drivers (total 127):

0x804D7000 \WINDOWS\system32\ntkrnlpa.exe

0x806E4000 \WINDOWS\system32\hal.dll

0xB85A8000 \WINDOWS\system32\KDCOM.DLL

0xB84B8000 \WINDOWS\system32\BOOTVID.dll

0xB7F79000 ACPI.sys

0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

0xB7F68000 pci.sys

0xB80A8000 ohci1394.sys

0xB80B8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS

0xB80C8000 isapnp.sys

0xB7EA2000 vtxakhgg.sys

0xB8670000 pciide.sys

0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

0xB80D8000 MountMgr.sys

0xB7E83000 ftdisk.sys

0xB85AC000 dmload.sys

0xB7E5D000 dmio.sys

0xB8330000 PartMgr.sys

0xB8671000 amdide.sys

0xB80E8000 VolSnap.sys

0xB7E45000 atapi.sys

0xB80F8000 disk.sys

0xB8108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

0xB7E25000 fltmgr.sys

0xB7E13000 sr.sys

0xB8118000 PxHelp20.sys

0xB7DFC000 KSecDD.sys

0xB7DE9000 WudfPf.sys

0xB7D5C000 Ntfs.sys

0xB7D2F000 NDIS.sys

0xB7D15000 Mup.sys

0xB8168000 \SystemRoot\system32\DRIVERS\AmdPPM.sys

0xB32B1000 \SystemRoot\system32\DRIVERS\nv4_mini.sys

0xB329D000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

0xB3275000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0xB8178000 \SystemRoot\system32\DRIVERS\l1c51x86.sys

0xB8370000 \SystemRoot\system32\DRIVERS\usbohci.sys

0xB3251000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0xB854C000 \SystemRoot\system32\DRIVERS\usbfilter.sys

0xB85B6000 \SystemRoot\system32\DRIVERS\USBD.SYS

0xB8380000 \SystemRoot\system32\DRIVERS\usbehci.sys

0xB8188000 \SystemRoot\system32\DRIVERS\imapi.sys

0xB8198000 \SystemRoot\system32\DRIVERS\cdrom.sys

0xB81A8000 \SystemRoot\system32\DRIVERS\redbook.sys

0xB322E000 \SystemRoot\system32\DRIVERS\ks.sys

0xB81B8000 \SystemRoot\system32\DRIVERS\serial.sys

0xB8560000 \SystemRoot\system32\DRIVERS\serenum.sys

0xB31C2000 \SystemRoot\system32\drivers\ctaud2k.sys

0xB319E000 \SystemRoot\system32\drivers\portcls.sys

0xB81C8000 \SystemRoot\system32\drivers\drmk.sys

0xB316C000 \SystemRoot\system32\drivers\ctoss2k.sys

0xB8398000 \SystemRoot\system32\drivers\ctprxy2k.sys

0xB8574000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

0xB87D5000 \SystemRoot\system32\DRIVERS\audstub.sys

0xB81D8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0xB857C000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0xB312D000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0xB81E8000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0xB81F8000 \SystemRoot\system32\DRIVERS\raspptp.sys

0xB83B8000 \SystemRoot\system32\DRIVERS\TDI.SYS

0xB307C000 \SystemRoot\system32\DRIVERS\psched.sys

0xB8208000 \SystemRoot\system32\DRIVERS\msgpc.sys

0xB83C8000 \SystemRoot\system32\DRIVERS\ptilink.sys

0xB83D8000 \SystemRoot\system32\DRIVERS\raspti.sys

0xB8218000 \SystemRoot\system32\DRIVERS\ndisrd.sys

0xB304C000 \SystemRoot\system32\DRIVERS\rdpdr.sys

0xB8228000 \SystemRoot\system32\DRIVERS\termdd.sys

0xB83E8000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0xB83F0000 \SystemRoot\system32\DRIVERS\mouclass.sys

0xB85CE000 \SystemRoot\system32\DRIVERS\swenum.sys

0xB2FEE000 \SystemRoot\system32\DRIVERS\update.sys

0xB85A4000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0xB8258000 \SystemRoot\system32\DRIVERS\usbhub.sys

0xB8268000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xB8278000 \SystemRoot\system32\drivers\nvhda32.sys

0xACAF6000 \SystemRoot\system32\drivers\ha20x2k.sys

0xACAC9000 \SystemRoot\system32\drivers\emupia2k.sys

0xACAA2000 \SystemRoot\system32\drivers\ctsfm2k.sys

0xACA06000 \SystemRoot\system32\drivers\ctac32k.sys

0xAC68C000 \SystemRoot\system32\drivers\viahduaa.sys

0xB85E6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xB86DC000 \SystemRoot\System32\Drivers\Null.SYS

0xB85EA000 \SystemRoot\System32\Drivers\Beep.SYS

0xB8468000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0xB8488000 \SystemRoot\System32\drivers\vga.sys

0xB85EE000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xB85F2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xB8498000 \SystemRoot\System32\Drivers\Msfs.SYS

0xB84A8000 \SystemRoot\System32\Drivers\Npfs.SYS

0xB2FDA000 \SystemRoot\system32\DRIVERS\rasacd.sys

0xAC659000 \SystemRoot\system32\DRIVERS\ipsec.sys

0xAC600000 \SystemRoot\system32\DRIVERS\tcpip.sys

0xB30BD000 \SystemRoot\System32\Drivers\aswTdi.SYS

0xB30AD000 \SystemRoot\system32\DRIVERS\wanarp.sys

0xAC5B0000 \SystemRoot\system32\DRIVERS\netbt.sys

0xAC58E000 \SystemRoot\System32\drivers\afd.sys

0xB309D000 \SystemRoot\system32\DRIVERS\netbios.sys

0xAC4C3000 \SystemRoot\system32\DRIVERS\rdbss.sys

0xAC453000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xB8238000 \SystemRoot\System32\Drivers\Fips.SYS

0xB8430000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0xAC42C000 \SystemRoot\System32\Drivers\aswSP.SYS

0xB8340000 \SystemRoot\System32\Drivers\Aavmker4.SYS

0xAC848000 \SystemRoot\system32\DRIVERS\hidusb.sys

0xB8298000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0xB859C000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0xB2FEA000 \SystemRoot\system32\DRIVERS\mouhid.sys

0xB30ED000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xB8480000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xAC424000 \SystemRoot\System32\drivers\Dxapi.sys

0xB8390000 \SystemRoot\System32\watchdog.sys

0xBD000000 \SystemRoot\System32\drivers\dxg.sys

0xB8777000 \SystemRoot\System32\drivers\dxgthk.sys

0xBD012000 \SystemRoot\System32\nv4_disp.dll

0xAC113000 \SystemRoot\System32\Drivers\Fastfat.SYS

0xBFFA0000 \SystemRoot\System32\ATMFD.DLL

0xABECB000 \SystemRoot\system32\DRIVERS\AegisP.sys

0xABEEB000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0xABD8C000 \SystemRoot\System32\Drivers\aswMon2.SYS

0xABAA7000 \SystemRoot\system32\drivers\wdmaud.sys

0xABF3B000 \SystemRoot\system32\drivers\sysaudio.sys

0xAB842000 \SystemRoot\system32\DRIVERS\mrxdav.sys

0xAB74B000 \SystemRoot\system32\DRIVERS\srv.sys

0xAB372000 \SystemRoot\System32\Drivers\HTTP.sys

0xAA46B000 \SystemRoot\system32\drivers\kmixer.sys

0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 41):

0 System Idle Process

4 System

856 C:\WINDOWS\system32\smss.exe

912 csrss.exe

936 C:\WINDOWS\system32\winlogon.exe

984 C:\WINDOWS\system32\services.exe

996 C:\WINDOWS\system32\lsass.exe

1168 C:\WINDOWS\system32\nvsvc32.exe

1240 C:\WINDOWS\system32\svchost.exe

1324 svchost.exe

1464 C:\WINDOWS\system32\svchost.exe

1564 C:\WINDOWS\system32\svchost.exe

1680 svchost.exe

1900 svchost.exe

2004 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

440 C:\WINDOWS\explorer.exe

772 C:\WINDOWS\system32\spoolsv.exe

780 C:\WINDOWS\system32\rundll32.exe

352 svchost.exe

412 C:\WINDOWS\system32\acs.exe

720 C:\WINDOWS\system32\CTSVCCDA.EXE

1420 C:\Program Files\Java\jre6\bin\jqs.exe

1700 C:\WINDOWS\system32\HPZipm12.exe

2104 C:\WINDOWS\system32\svchost.exe

2748 C:\WINDOWS\system32\ctfmon.exe

3016 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

3024 C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe

3128 C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

3364 C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe

3376 C:\WINDOWS\CTHELPER.EXE

3384 C:\WINDOWS\system32\CTXFIHLP.EXE

3408 C:\Program Files\QuickTime\qttask.exe

3416 C:\Program Files\Common Files\Java\Java Update\jusched.exe

3424 C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe

3456 C:\WINDOWS\system32\rundll32.exe

3480 C:\Program Files\Messenger\msmsgs.exe

3488 C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

3520 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

3688 C:\WINDOWS\system32\CTXFISPI.EXE

360 C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

2848 C:\Documents and Settings\Zach\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

\\.\D: --> \\.\PhysicalDrive1 at offset 0x0000001f`ff588800 (NTFS)

\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

\\.\N: --> \\.\PhysicalDrive7 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive1 Model Number: WDCWD2500KS-00MJB0, Rev: 02.01C03

PhysicalDrive0 Model Number: WDCWD1600KS-00MJB0, Rev: 02.01C03

PhysicalDrive7 Model Number: WD6400AAK External, Rev: 1.05

Size Device Name MBR Status

--------------------------------------------

232 GB \\.\PhysicalDrive1 Windows XP MBR code detected

SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

149 GB \\.\PhysicalDrive0 Legit MBR code detected

SHA1: 317A49A9E93F077F2D004734D2A7B6CA7E7B9495

596 GB \\.\PhysicalDrive7 RE: Windows 98 MBR code detected

SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E

Done!

ComboFix 10-08-16.04 - Zach 08/17/2010 6:57.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2980 [GMT -7:00]

Running from: c:\documents and settings\Zach\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Zach\Local Settings\Application Data\{8F51F13C-F973-4A91-8278-343263DD702A}

c:\documents and settings\Zach\Local Settings\Application Data\{8F51F13C-F973-4A91-8278-343263DD702A}\chrome.manifest

c:\documents and settings\Zach\Local Settings\Application Data\{8F51F13C-F973-4A91-8278-343263DD702A}\chrome\content\_cfg.js

c:\documents and settings\Zach\Local Settings\Application Data\{8F51F13C-F973-4A91-8278-343263DD702A}\chrome\content\overlay.xul

c:\documents and settings\Zach\Local Settings\Application Data\{8F51F13C-F973-4A91-8278-343263DD702A}\install.rdf

c:\windows\ewazurowov.dll

c:\windows\system32\drivers\ndisrd.sys

N:\Autorun.inf

Infected copy of c:\windows\system32\drivers\mouclass.sys was found and disinfected

Restored copy from - Kitty had a snack :)

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_6TO4

-------\Service_ndisrd

((((((((((((((((((((((((( Files Created from 2010-07-17 to 2010-08-17 )))))))))))))))))))))))))))))))

.

2010-08-14 20:52 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-14 20:52 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-14 06:35 . 2010-08-17 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender

2010-08-14 06:35 . 2010-08-14 06:35 -------- d-----w- c:\program files\BitDefender

2010-08-14 06:35 . 2010-08-17 02:54 -------- d-----w- c:\program files\Common Files\BitDefender

2010-08-14 06:29 . 2010-08-14 06:30 880 ----a-w- C:\BdUninstallTool2010.08.13-11.29.45.reg

2010-08-14 06:27 . 2010-08-14 06:28 79244 ----a-w- C:\BdUninstallTool2010.08.13-11.27.14.reg

2010-08-12 02:58 . 2010-08-12 02:58 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-08-08 21:37 . 2010-08-14 20:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-08 21:37 . 2010-08-08 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-08-08 21:21 . 2010-08-08 21:21 -------- d-----w- c:\documents and settings\Zach\Application Data\Malwarebytes

2010-08-08 20:55 . 2010-08-09 05:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\kstjpntbu

2010-08-05 01:56 . 2010-08-05 02:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2010-08-04 10:28 . 2010-08-04 10:28 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-08-03 23:47 . 2010-08-03 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation

2010-08-03 23:40 . 2010-08-14 05:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-08-03 23:34 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-08-03 23:34 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-08-03 23:34 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-08-03 23:34 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-08-03 23:34 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-08-03 23:34 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-08-03 23:34 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-08-03 23:34 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr

2010-08-03 23:34 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe

2010-08-03 23:34 . 2010-08-03 23:34 -------- d-----w- c:\program files\Alwil Software

2010-08-03 23:34 . 2010-08-03 23:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2010-08-03 23:22 . 2010-08-08 05:03 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-08-03 20:47 . 2010-08-03 20:47 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE

2010-08-03 20:46 . 2010-08-12 03:39 -------- d-----w- c:\documents and settings\Zach\Local Settings\Application Data\lfwngnurp

2010-08-03 20:46 . 2010-08-03 20:46 0 ----a-w- c:\windows\Isiqog.bin

2010-08-03 20:46 . 2010-08-03 20:46 120 ----a-w- c:\windows\Qworililunutow.dat

2010-08-03 20:46 . 2010-08-04 03:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Update

2010-08-03 20:45 . 2010-08-03 20:45 102400 --sha-r- c:\windows\system32\framebufw.dll

2010-08-03 20:44 . 2010-08-17 17:29 782336 ----a-w- c:\windows\system32\drivers\vtxakhgg.sys

2010-08-03 20:44 . 2010-08-03 20:44 -------- d-----w- c:\documents and settings\Zach\Application Data\3EA1A769637C132C6EA7D09AACD8BD49

2010-08-02 13:31 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

2010-07-26 14:01 . 2010-05-21 03:08 227944 ----a-w- c:\windows\system32\nvcohda.dll

2010-07-26 14:01 . 2010-03-10 01:48 58600 ----a-w- c:\windows\system32\drivers\nvhda32.sys

2010-07-26 14:01 . 2010-03-10 01:47 26216 ----a-w- c:\windows\system32\nvhdap32.dll

2010-07-25 06:09 . 2010-07-25 06:15 -------- d-----w- c:\program files\Heroes of Newerth

2010-07-21 23:14 . 2010-07-21 23:14 -------- d-----w- c:\program files\Common Files\Adobe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-09 08:59 . 2010-08-09 08:59 348160 ----a-w- c:\documents and settings\Zach\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-446489cf-n\msvcr71.dll

2010-08-09 08:59 . 2010-08-09 08:59 503808 ----a-w- c:\documents and settings\Zach\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-446489cf-n\msvcp71.dll

2010-08-09 08:59 . 2010-08-09 08:59 499712 ----a-w- c:\documents and settings\Zach\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-446489cf-n\jmc.dll

2010-08-09 08:59 . 2010-08-09 08:59 61440 ----a-w- c:\documents and settings\Zach\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2a9d2249-n\decora-sse.dll

2010-08-09 08:59 . 2010-08-09 08:59 12800 ----a-w- c:\documents and settings\Zach\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2a9d2249-n\decora-d3d.dll

2010-08-06 01:57 . 2010-03-26 19:49 -------- d-----w- c:\documents and settings\Zach\Application Data\vlc

2010-08-05 23:12 . 2010-08-05 23:12 47364 ----a-w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll

2010-08-03 23:25 . 2010-06-04 18:38 884 ----a-w- c:\windows\system32\d3d8caps.dat

2010-07-27 08:27 . 2010-04-22 12:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment

2010-07-27 08:27 . 2010-04-22 00:37 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment

2010-07-26 14:00 . 2009-10-12 04:38 -------- d-----w- c:\program files\NVIDIA Corporation

2010-07-26 14:00 . 2010-07-18 04:13 228632 ----a-w- c:\windows\system32\nvdrsdb0.bin

2010-07-26 14:00 . 2010-07-18 04:13 1 ----a-w- c:\windows\system32\nvdrssel.bin

2010-07-26 14:00 . 2010-07-18 04:13 228632 ----a-w- c:\windows\system32\nvdrsdb1.bin

2010-07-26 13:55 . 2008-12-20 03:37 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-07-21 23:10 . 2008-12-20 03:42 -------- d-----w- c:\program files\Common Files\Adobe AIR

2010-07-21 23:10 . 2010-07-21 23:09 12124624 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\AdobeAIRInstaller.exe

2010-07-21 23:09 . 2010-07-21 23:09 77184 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe

2010-07-21 00:14 . 2009-12-28 23:37 -------- d-----w- c:\program files\Nancy Drew

2010-07-21 00:09 . 2008-10-11 01:38 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-07-18 04:06 . 2010-07-18 04:06 -------- d-----w- c:\program files\SystemRequirementsLab

2010-07-18 04:06 . 2010-07-18 04:06 290816 ----a-w- c:\documents and settings\Zach\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll

2010-07-18 04:06 . 2010-07-18 04:06 -------- d-----w- c:\documents and settings\Zach\Application Data\SystemRequirementsLab

2010-07-18 04:06 . 2010-07-18 04:06 290816 ----a-w- c:\documents and settings\Zach\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll

2010-07-18 04:06 . 2010-07-18 04:06 290816 ----a-w- c:\documents and settings\Zach\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll

2010-07-18 04:06 . 2010-07-18 04:06 290816 ----a-w- c:\documents and settings\Zach\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll

2010-07-17 19:38 . 2010-07-17 19:38 -------- d-----w- c:\documents and settings\Zach\Application Data\dvdcss

2010-07-02 22:47 . 2010-07-02 22:46 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files

2010-07-02 22:46 . 2010-07-02 22:46 -------- d-----w- c:\program files\Pando Networks

2010-06-28 22:20 . 2010-06-22 20:52 -------- d-----w- c:\program files\Google

2010-06-14 22:03 . 2009-11-22 03:15 61440 ----a-w- c:\windows\system32\OpenCL.dll

2010-06-14 22:03 . 2009-11-22 03:15 10260480 ----a-w- c:\windows\system32\nvcompiler.dll

2010-06-14 22:03 . 2009-09-27 23:12 4579328 ----a-w- c:\windows\system32\nvcuda.dll

2010-06-14 22:03 . 2009-09-27 23:12 2910824 ----a-w- c:\windows\system32\nvcuvid.dll

2010-06-14 22:03 . 2009-09-27 23:12 2505320 ----a-w- c:\windows\system32\nvcuvenc.dll

2010-06-14 22:03 . 2009-09-27 23:12 232040 ----a-w- c:\windows\system32\nvcodins.dll

2010-06-14 22:03 . 2009-09-27 23:12 232040 ----a-w- c:\windows\system32\nvcod.dll

2010-06-14 22:03 . 2009-09-27 23:12 2195030 ----a-w- c:\windows\system32\nvdata.bin

2010-06-14 22:03 . 2009-09-27 23:12 1388544 ----a-w- c:\windows\system32\nvapi.dll

2010-06-14 22:03 . 2009-09-27 23:12 13533184 ----a-w- c:\windows\system32\nvoglnt.dll

2010-06-14 22:03 . 2008-09-17 16:55 6352768 ----a-w- c:\windows\system32\nv4_disp.dll

2010-06-14 22:03 . 2008-09-17 16:55 10596576 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2010-06-14 14:31 . 2008-10-10 17:52 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-07 02:57 . 2010-05-06 02:22 68250 ----a-w- c:\windows\hpoins05.dat

2010-06-02 11:55 . 2010-07-21 02:25 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll

2010-06-02 11:55 . 2010-07-21 02:25 527192 ----a-w- c:\windows\system32\XAudio2_7.dll

2010-06-02 11:55 . 2010-07-21 02:25 239960 ----a-w- c:\windows\system32\xactengine3_7.dll

2010-05-27 21:09 . 2010-05-27 21:09 503808 ----a-w- c:\documents and settings\Zach\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3220778f-n\msvcp71.dll

2010-05-27 21:09 . 2010-05-27 21:09 499712 ----a-w- c:\documents and settings\Zach\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3220778f-n\jmc.dll

2010-05-27 21:09 . 2010-05-27 21:09 348160 ----a-w- c:\documents and settings\Zach\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3220778f-n\msvcr71.dll

2010-05-27 21:09 . 2010-05-27 21:09 61440 ----a-w- c:\documents and settings\Zach\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-37702854-n\decora-sse.dll

2010-05-27 21:09 . 2010-05-27 21:09 12800 ----a-w- c:\documents and settings\Zach\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-37702854-n\decora-d3d.dll

2010-05-26 18:41 . 2010-07-21 02:25 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll

2010-05-26 18:41 . 2010-07-21 02:25 470880 ----a-w- c:\windows\system32\d3dx10_43.dll

2010-05-26 18:41 . 2010-07-21 02:25 248672 ----a-w- c:\windows\system32\d3dx11_43.dll

2010-05-26 18:41 . 2010-07-21 02:25 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll

2010-05-26 18:41 . 2010-07-21 02:25 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll

2008-02-08 04:46 . 2008-02-08 04:46 13624 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2008-02-08 04:46 . 2008-02-08 04:46 87360 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2008-02-08 04:46 . 2008-02-08 04:46 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2008-02-08 04:46 . 2008-02-08 04:46 21824 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll

2008-02-08 04:46 . 2008-02-08 04:46 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2008-02-08 04:46 . 2008-02-08 04:46 31544 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2008-02-08 04:46 . 2008-02-08 04:46 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2007-03-17 00:27 . 2007-03-17 00:27 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll

2007-03-17 00:27 . 2007-03-17 00:27 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll

2007-03-17 00:27 . 2007-03-17 00:27 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll

2007-07-20 19:47 . 2007-07-20 19:47 981170 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2008-02-08 04:46 . 2008-02-08 04:46 24384 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-28 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]

"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]

"RCSystem"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-17 49152]

"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-17 49152]

"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880]

"CTHelper"="CTHELPER.EXE" [2005-08-07 16384]

"CTxfiHlp"="CTXFIHLP.EXE" [2005-08-07 18944]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"masqform.exe"="c:\program files\IBM\Lotus Forms\Viewer\3.0\masqform.exe" [2008-01-17 991232]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-10-09 33677312]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-06-14 110696]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-06-14 13917800]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]

HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk

backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG311T Wireless Assistant.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311T Wireless Assistant.lnk

backup=c:\windows\pss\NETGEAR WG311T Wireless Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]

2009-10-27 17:18 1103216 ----a-w- c:\program files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2010-06-28 01:56 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\Program Files\\BitComet\\BitComet.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Program Files\\BioWare\\DragonAge\\bin_ship\\DAOCharacterCreator.exe"=

"d:\\Program Files\\BioWare\\DragonAge\\DAOriginsLauncher.exe"=

"d:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=

"d:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=

"d:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"23687:TCP"= 23687:TCP:BitComet 23687 TCP

"23687:UDP"= 23687:UDP:BitComet 23687 UDP

"46123:TCP"= 46123:TCP:BitComet 46123 TCP

"46123:UDP"= 46123:UDP:BitComet 46123 UDP

"57093:TCP"= 57093:TCP:Pando Media Booster

"57093:UDP"= 57093:UDP:Pando Media Booster

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/3/2010 4:34 PM 165456]

R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [4/30/2010 3:42 PM 44032]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [7/26/2010 7:01 AM 58600]

R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [11/21/2009 7:54 PM 22328]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [11/21/2009 8:04 PM 1418368]

S2 aswFsBlk;aswFsBlk;aswFsBlk.sys --> aswFsBlk.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/28/2010 3:20 PM 135664]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [11/3/2009 1:35 PM 25832]

S3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FlashSys.sys [11/21/2009 8:05 PM 9216]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/2/2010 8:56 AM 721904]

--- Other Services/Drivers In Memory ---

*Deregistered* - vtxakhgg

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Contents of the 'Scheduled Tasks' folder

2010-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-28 22:20]

2010-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-28 22:20]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyServer = http=127.0.0.1:6522

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-StartCCC - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

HKLM-Run-nwiz - c:\program files\NVIDIA Corporation\nView\nwiz.exe

HKU-Default-Run-Llaletil - c:\windows\mfockex.dll

Notify-AtiExtEvent - (no file)

MSConfigStartUp-10DPP6O2VE - c:\docume~1\Zach\LOCALS~1\Temp\Npm.exe

MSConfigStartUp-ATICustomerCare - c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe

MSConfigStartUp-BSK91O3T6D - c:\docume~1\Zach\LOCALS~1\Temp\Npk.exe

MSConfigStartUp-evebelkt - c:\documents and settings\Zach\Local Settings\Application Data\lfwngnurp\fwfkjjhtssd.exe

MSConfigStartUp-ewrgetuj - c:\docume~1\Zach\LOCALS~1\Temp\geurge.exe

MSConfigStartUp-Llaletil - c:\windows\mfockex.dll

MSConfigStartUp-Qdabufeworitul - c:\windows\ojuqadiru.dll

MSConfigStartUp-settingsxx - c:\settingsxx.exe\settingsxx.exe

MSConfigStartUp-sta - mieup.dll

AddRemove-NVIDIA nView Desktop Manager - c:\program files\NVIDIA Corporation\nView\nViewSetup.exe

AddRemove-{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} - c:\program files\NOS\bin\getPlus_HelperSvc.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-17 10:28

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vtxakhgg]

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1960408961-573735546-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:16,03,6c,fa,b6,33,38,d5,1a,14,5e,70,24,62,07,8c,2d,b0,f9,d8,2c,c6,1d,

72,d9,1c,30,28,69,2a,32,b6,b9,ea,76,f6,5c,10,3e,8a,af,77,3b,44,30,6c,9b,ca,\

"??"=hex:e5,bd,29,ba,7d,03,71,d3,9d,9b,ff,6f,37,c5,dc,02

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2420)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\acs.exe

c:\windows\system32\CTsvcCDA.EXE

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\HPZipm12.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\RUNDLL32.EXE

c:\program files\HP\Digital Imaging\bin\hpqgalry.exe

.

**************************************************************************

.

Completion time: 2010-08-17 10:34:19 - machine was rebooted

ComboFix-quarantined-files.txt 2010-08-17 17:34

Pre-Run: 12,755,623,936 bytes free

Post-Run: 12,971,769,856 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - CE27DEC699242337F1CDF63062DA895E

Help me Obi-Wan Kenobi, you're my only hope.

Link to post
Share on other sites

Trullyn:

That happens sometimes. Try this:

icon11.gif If your network icon appears on the Windows taskbar, then you can repair it by right-clicking on the icon and selecting Repair.

tray-repair.jpg

If you have no task bar icon do this:

  • Click on the Start button.
  • Click on the Settings menu option.
  • Click on the Control Panel option.
  • When the Control Panel opens, double-click on the Network Connections icon. If your Control Panel is set to Category View, then double-click on Network and Internet Connections and then click on Network Connections at the bottom.
  • You will now see a list of available network connections. Locate the connection for your Wireless or Lan adapter and right-click on it.
  • click on the Repair menu option.

repair.jpg

Let the repair process perform its tasks and when it has finished, your Internet connection should be working again.

If that doesn't work - try the following:

  • Go to Start > Control Panel, and choose Network Connections.
  • Right click on your default connection, usually Local Area Connection for cable and DSL or Dial-up Connection if you are using Dial-up, and choose Properties.
  • Click the Networking tab
  • Double-click on the Internet Protocol (TCP/IP) item.
  • Write down the settings in case you should need to change them back.
  • Select the radio button that says "Obtain DNS servers automatically".
  • Click OK twice to get out of the properties screen and restart your computer.
  • If not prompted to reboot go ahead and reboot manually.

In I.E.

  • Check internet options settings.
  • Tools > Internet Options > Connections
  • LAN settings
  • Choose "automatically detect settings"
  • uncheck both proxy settings boxes

In FireFox

[*]Click on Advanced -> Network -> Setttings

Link to post
Share on other sites

icon11.gif Follow these steps to use the reset command to reset TCP/IP manually:

  • To open a command prompt, click Start and then click Run. Copy and paste (or type) the following command in the Open box and then press ENTER:
    cmd
  • At the command prompt, copy and paste (or type) the following command and then press ENTER:
    netsh int ip reset c:\resetlog.txt
  • Reboot the computer.

If that doesnt work, do this:

icon11.gif Follow these steps to use the reset command to reset TCP/IP manually:

  • To open a command prompt, click Start and then click Run. Copy and paste (or type) the following command in the Open box and then press ENTER:
    cmd
  • At the command prompt, copy and paste (or type) the following command and then press ENTER:
    netsh winsock reset
  • Reboot the computer.

Link to post
Share on other sites

Excellent! Let's get back to work:

icon11.gif Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above http://

http://forums.malwarebytes.org/index.php?showtopic=60520
Collect::
c:\windows\Qworililunutow.dat
c:\windows\system32\framebufw.dll
c:\windows\system32\drivers\vtxakhgg.sys
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
Driver::
vtxakhgg
File::
c:\windows\Isiqog.bin
Folder::
c:\documents and settings\NetworkService\Local Settings\Application Data\kstjpntbu
c:\documents and settings\Zach\Local Settings\Application Data\lfwngnurp
c:\documents and settings\All Users\Application Data\Update
c:\documents and settings\Zach\Application Data\3EA1A769637C132C6EA7D09AACD8BD49

Save this as CFScript to your desktop.

Then disable your security programs and drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Please include the following in your next post:

  • ComboFix log

Link to post
Share on other sites

ComboFix 10-08-16.04 - Zach 08/17/2010 20:39:44.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2865 [GMT -7:00]

Running from: c:\documents and settings\Zach\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Zach\Desktop\CFScript.txt

FILE ::

"c:\windows\Isiqog.bin"

file zipped: c:\windows\Qworililunutow.dat

file zipped: c:\windows\system32\drivers\vtxakhgg.sys

file zipped: c:\windows\system32\framebufw.dll

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\Update

c:\documents and settings\NetworkService\Local Settings\Application Data\kstjpntbu

c:\documents and settings\Zach\Application Data\3EA1A769637C132C6EA7D09AACD8BD49

c:\documents and settings\Zach\Local Settings\Application Data\lfwngnurp

c:\windows\Isiqog.bin

c:\windows\Qworililunutow.dat

c:\windows\system32\drivers\vtxakhgg.sys

c:\windows\system32\framebufw.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_VTXAKHGG

-------\Service_Ndisrd

-------\Service_vtxakhgg

((((((((((((((((((((((((( Files Created from 2010-07-18 to 2010-08-18 )))))))))))))))))))))))))))))))

.

2010-08-14 20:52 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-14 20:52 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-14 06:35 . 2010-08-17 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender

2010-08-14 06:35 . 2010-08-14 06:35 -------- d-----w- c:\program files\BitDefender

2010-08-14 06:35 . 2010-08-17 02:54 -------- d-----w- c:\program files\Common Files\BitDefender

2010-08-14 06:29 . 2010-08-14 06:30 880 ----a-w- C:\BdUninstallTool2010.08.13-11.29.45.reg

2010-08-14 06:27 . 2010-08-14 06:28 79244 ----a-w- C:\BdUninstallTool2010.08.13-11.27.14.reg

2010-08-12 02:58 . 2010-08-12 02:58 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-08-09 08:59 . 2010-08-09 08:59 348160 ----a-w- c:\documents and settings\Zach\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-446489cf-n\msvcr71.dll

2010-08-09 08:59 . 2010-08-09 08:59 503808 ----a-w- c:\documents and settings\Zach\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-446489cf-n\msvcp71.dll

2010-08-09 08:59 . 2010-08-09 08:59 499712 ----a-w- c:\documents and settings\Zach\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-446489cf-n\jmc.dll

2010-08-09 08:59 . 2010-08-09 08:59 61440 ----a-w- c:\documents and settings\Zach\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2a9d2249-n\decora-sse.dll

2010-08-09 08:59 . 2010-08-09 08:59 12800 ----a-w- c:\documents and settings\Zach\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2a9d2249-n\decora-d3d.dll

2010-08-08 21:37 . 2010-08-14 20:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-08 21:37 . 2010-08-08 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-08-08 21:21 . 2010-08-08 21:21 -------- d-----w- c:\documents and settings\Zach\Application Data\Malwarebytes

2010-08-05 23:12 . 2010-08-05 23:12 47364 ----a-w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll

2010-08-05 01:56 . 2010-08-05 02:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2010-08-04 10:28 . 2010-08-04 10:28 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-08-03 23:47 . 2010-08-03 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation

2010-08-03 23:40 . 2010-08-14 05:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-08-03 23:34 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-08-03 23:34 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-08-03 23:34 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-08-03 23:34 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-08-03 23:34 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-08-03 23:34 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-08-03 23:34 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-08-03 23:34 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr

2010-08-03 23:34 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe

2010-08-03 23:34 . 2010-08-03 23:34 -------- d-----w- c:\program files\Alwil Software

2010-08-03 23:34 . 2010-08-03 23:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2010-08-03 23:22 . 2010-08-08 05:03 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-08-03 20:47 . 2010-08-03 20:47 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE

2010-08-02 13:31 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

2010-07-26 14:01 . 2010-05-21 03:08 227944 ----a-w- c:\windows\system32\nvcohda.dll

2010-07-26 14:01 . 2010-03-10 01:48 58600 ----a-w- c:\windows\system32\drivers\nvhda32.sys

2010-07-26 14:01 . 2010-03-10 01:47 26216 ----a-w- c:\windows\system32\nvhdap32.dll

2010-07-25 06:09 . 2010-07-25 06:15 -------- d-----w- c:\program files\Heroes of Newerth

2010-07-21 23:14 . 2010-07-21 23:14 -------- d-----w- c:\program files\Common Files\Adobe

2010-07-21 23:09 . 2010-07-21 23:10 12124624 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\AdobeAIRInstaller.exe

2010-07-21 23:09 . 2010-07-21 23:09 77184 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-18 01:54 . 2010-03-26 19:49 -------- d-----w- c:\documents and settings\Zach\Application Data\vlc

2010-08-03 23:25 . 2010-06-04 18:38 884 ----a-w- c:\windows\system32\d3d8caps.dat

2010-07-27 08:27 . 2010-04-22 12:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment

2010-07-27 08:27 . 2010-04-22 00:37 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment

2010-07-26 14:00 . 2009-10-12 04:38 -------- d-----w- c:\program files\NVIDIA Corporation

2010-07-26 14:00 . 2010-07-18 04:13 228632 ----a-w- c:\windows\system32\nvdrsdb0.bin

2010-07-26 14:00 . 2010-07-18 04:13 1 ----a-w- c:\windows\system32\nvdrssel.bin

2010-07-26 14:00 . 2010-07-18 04:13 228632 ----a-w- c:\windows\system32\nvdrsdb1.bin

2010-07-26 13:55 . 2008-12-20 03:37 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-07-21 23:10 . 2008-12-20 03:42 -------- d-----w- c:\program files\Common Files\Adobe AIR

2010-07-21 00:14 . 2009-12-28 23:37 -------- d-----w- c:\program files\Nancy Drew

2010-07-21 00:09 . 2008-10-11 01:38 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-07-18 04:06 . 2010-07-18 04:06 -------- d-----w- c:\program files\SystemRequirementsLab

2010-07-18 04:06 . 2010-07-18 04:06 290816 ----a-w- c:\documents and settings\Zach\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll

2010-07-18 04:06 . 2010-07-18 04:06 -------- d-----w- c:\documents and settings\Zach\Application Data\SystemRequirementsLab

2010-07-18 04:06 . 2010-07-18 04:06 290816 ----a-w- c:\documents and settings\Zach\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll

2010-07-18 04:06 . 2010-07-18 04:06 290816 ----a-w- c:\documents and settings\Zach\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll

2010-07-18 04:06 . 2010-07-18 04:06 290816 ----a-w- c:\documents and settings\Zach\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll

2010-07-17 19:38 . 2010-07-17 19:38 -------- d-----w- c:\documents and settings\Zach\Application Data\dvdcss

2010-07-02 22:47 . 2010-07-02 22:46 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files

2010-07-02 22:46 . 2010-07-02 22:46 -------- d-----w- c:\program files\Pando Networks

2010-06-28 22:20 . 2010-06-22 20:52 -------- d-----w- c:\program files\Google

2010-06-14 22:03 . 2009-11-22 03:15 61440 ----a-w- c:\windows\system32\OpenCL.dll

2010-06-14 22:03 . 2009-11-22 03:15 10260480 ----a-w- c:\windows\system32\nvcompiler.dll

2010-06-14 22:03 . 2009-09-27 23:12 4579328 ----a-w- c:\windows\system32\nvcuda.dll

2010-06-14 22:03 . 2009-09-27 23:12 2910824 ----a-w- c:\windows\system32\nvcuvid.dll

2010-06-14 22:03 . 2009-09-27 23:12 2505320 ----a-w- c:\windows\system32\nvcuvenc.dll

2010-06-14 22:03 . 2009-09-27 23:12 232040 ----a-w- c:\windows\system32\nvcodins.dll

2010-06-14 22:03 . 2009-09-27 23:12 232040 ----a-w- c:\windows\system32\nvcod.dll

2010-06-14 22:03 . 2009-09-27 23:12 2195030 ----a-w- c:\windows\system32\nvdata.bin

2010-06-14 22:03 . 2009-09-27 23:12 1388544 ----a-w- c:\windows\system32\nvapi.dll

2010-06-14 22:03 . 2009-09-27 23:12 13533184 ----a-w- c:\windows\system32\nvoglnt.dll

2010-06-14 22:03 . 2008-09-17 16:55 6352768 ----a-w- c:\windows\system32\nv4_disp.dll

2010-06-14 22:03 . 2008-09-17 16:55 10596576 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2010-06-14 14:31 . 2008-10-10 17:52 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-07 02:57 . 2010-05-06 02:22 68250 ----a-w- c:\windows\hpoins05.dat

2010-06-02 11:55 . 2010-07-21 02:25 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll

2010-06-02 11:55 . 2010-07-21 02:25 527192 ----a-w- c:\windows\system32\XAudio2_7.dll

2010-06-02 11:55 . 2010-07-21 02:25 239960 ----a-w- c:\windows\system32\xactengine3_7.dll

2010-05-27 21:09 . 2010-05-27 21:09 503808 ----a-w- c:\documents and settings\Zach\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3220778f-n\msvcp71.dll

2010-05-27 21:09 . 2010-05-27 21:09 499712 ----a-w- c:\documents and settings\Zach\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3220778f-n\jmc.dll

2010-05-27 21:09 . 2010-05-27 21:09 348160 ----a-w- c:\documents and settings\Zach\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3220778f-n\msvcr71.dll

2010-05-27 21:09 . 2010-05-27 21:09 61440 ----a-w- c:\documents and settings\Zach\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-37702854-n\decora-sse.dll

2010-05-27 21:09 . 2010-05-27 21:09 12800 ----a-w- c:\documents and settings\Zach\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-37702854-n\decora-d3d.dll

2010-05-26 18:41 . 2010-07-21 02:25 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll

2010-05-26 18:41 . 2010-07-21 02:25 470880 ----a-w- c:\windows\system32\d3dx10_43.dll

2010-05-26 18:41 . 2010-07-21 02:25 248672 ----a-w- c:\windows\system32\d3dx11_43.dll

2010-05-26 18:41 . 2010-07-21 02:25 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll

2010-05-26 18:41 . 2010-07-21 02:25 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll

2008-02-08 04:46 . 2008-02-08 04:46 13624 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2008-02-08 04:46 . 2008-02-08 04:46 87360 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2008-02-08 04:46 . 2008-02-08 04:46 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2008-02-08 04:46 . 2008-02-08 04:46 21824 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll

2008-02-08 04:46 . 2008-02-08 04:46 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2008-02-08 04:46 . 2008-02-08 04:46 31544 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2008-02-08 04:46 . 2008-02-08 04:46 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2007-03-17 00:27 . 2007-03-17 00:27 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll

2007-03-17 00:27 . 2007-03-17 00:27 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll

2007-03-17 00:27 . 2007-03-17 00:27 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll

2007-07-20 19:47 . 2007-07-20 19:47 981170 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2008-02-08 04:46 . 2008-02-08 04:46 24384 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-28 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]

"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]

"RCSystem"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-17 49152]

"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-17 49152]

"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880]

"CTHelper"="CTHELPER.EXE" [2005-08-07 16384]

"CTxfiHlp"="CTXFIHLP.EXE" [2005-08-07 18944]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"masqform.exe"="c:\program files\IBM\Lotus Forms\Viewer\3.0\masqform.exe" [2008-01-17 991232]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-10-09 33677312]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-06-14 110696]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-06-14 13917800]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]

HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk

backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG311T Wireless Assistant.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311T Wireless Assistant.lnk

backup=c:\windows\pss\NETGEAR WG311T Wireless Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]

2009-10-27 17:18 1103216 ----a-w- c:\program files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2010-06-28 01:56 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\Program Files\\BitComet\\BitComet.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Program Files\\BioWare\\DragonAge\\bin_ship\\DAOCharacterCreator.exe"=

"d:\\Program Files\\BioWare\\DragonAge\\DAOriginsLauncher.exe"=

"d:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=

"d:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=

"d:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"23687:TCP"= 23687:TCP:BitComet 23687 TCP

"23687:UDP"= 23687:UDP:BitComet 23687 UDP

"46123:TCP"= 46123:TCP:BitComet 46123 TCP

"46123:UDP"= 46123:UDP:BitComet 46123 UDP

"57093:TCP"= 57093:TCP:Pando Media Booster

"57093:UDP"= 57093:UDP:Pando Media Booster

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/3/2010 4:34 PM 165456]

R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [4/30/2010 3:42 PM 44032]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [7/26/2010 7:01 AM 58600]

R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [11/21/2009 7:54 PM 22328]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [11/21/2009 8:04 PM 1418368]

S2 aswFsBlk;aswFsBlk;aswFsBlk.sys --> aswFsBlk.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/28/2010 3:20 PM 135664]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [11/3/2009 1:35 PM 25832]

S3 FLASHSYS;FLASHSYS;c:\program files\MSI\Live Update 4\LU4\FlashSys.sys [11/21/2009 8:05 PM 9216]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/2/2010 8:56 AM 721904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Contents of the 'Scheduled Tasks' folder

2010-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-28 22:20]

2010-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-28 22:20]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-17 20:45

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1960408961-573735546-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:16,03,6c,fa,b6,33,38,d5,1a,14,5e,70,24,62,07,8c,2d,b0,f9,d8,2c,c6,1d,

72,d9,1c,30,28,69,2a,32,b6,b9,ea,76,f6,5c,10,3e,8a,af,77,3b,44,30,6c,9b,ca,\

"??"=hex:e5,bd,29,ba,7d,03,71,d3,9d,9b,ff,6f,37,c5,dc,02

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(476)

c:\windows\system32\ATL.DLL

- - - - - - - > 'explorer.exe'(1616)

c:\windows\system32\WININET.dll

c:\windows\system32\ctagent.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\windows\system32\acs.exe

c:\windows\system32\CTsvcCDA.EXE

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\HPZipm12.exe

c:\windows\system32\wscntfy.exe

c:\windows\CTHELPER.EXE

c:\windows\system32\CTXFIHLP.EXE

c:\windows\SYSTEM32\CTXFISPI.EXE

c:\windows\system32\RUNDLL32.EXE

c:\program files\HP\Digital Imaging\bin\hpqgalry.exe

.

**************************************************************************

.

Completion time: 2010-08-17 20:49:28 - machine was rebooted

ComboFix-quarantined-files.txt 2010-08-18 03:49

ComboFix2.txt 2010-08-17 17:34

Pre-Run: 12,795,985,920 bytes free

Post-Run: 12,781,150,208 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 80EDD33A010E46B1D6358FC0997C5BAF

Link to post
Share on other sites

Trullyn:

icon11.gif You files from both avast! and BitDefender in your logs. Running more than one AV program does not offer any more protection and often causes conflicts and slow downs with your computer. Please uninstall either avast or BitDefender via Control Panel > Add/Remove Programs. Run the removal tool (links below) for whichever app you uninstall also:

avast! Removal Tool

BitDefender Removal Tool

icon11.gif You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Please include the following in your next post:

  • MBAM log

Link to post
Share on other sites

A bit better than the first scan :)

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4443

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

8/17/2010 9:56:09 PM

mbam-log-2010-08-17 (21-56-09).txt

Scan type: Quick scan

Objects scanned: 130871

Time elapsed: 3 minute(s), 24 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Trullyn:

How is it running now? Please do these next:

icon11.gif Please visit this site

  • In the Link to topic where this file was requested: field, enter the following:
    http://forums.malwarebytes.org/index.php?showtopic=60520
  • In the Browse to the file you want to submit: field, click on browse and navigate to the following file:
    C:\Qoobox\Quarantine\[4]-Submit_,<date>_<time>.zip (the date & time will roughly be the time you last ran ComboFix)
  • In the comments field enter the following:
    Failed submission
  • Press the send file button.

icon11.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Java 6 Update 18 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts. If it does not, let me know.

Once the install is complete...

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
    • Trace and Log Files

    [*]Click OK on Delete Temporary Files Window

Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

icon11.gif Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.

Please be patient as this can take quite a long time to download.

  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases

    [*]Click on My Computer under the green Scan bar to the left to start the scan.

    [*]Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

    [*]Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.

    [*]Click View report... at the bottom.

    [*] Click the Save report... button.

    [*] Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

Please include the following in your next post:

  • Kaspersky log

Link to post
Share on other sites

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Wednesday, August 18, 2010

Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Wednesday, August 18, 2010 01:54:29

Records in database: 4138097

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - My Computer:

C:\

D:\

E:\

F:\

H:\

I:\

J:\

K:\

L:\

N:\

P:\

Scan statistics:

Objects scanned: 236964

Threats found: 6

Infected objects found: 16

Suspicious objects found: 0

Scan duration: 03:55:18

File name / Threat / Threats count

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\16\7964b810-4182a553 Infected: Trojan-Downloader.Java.Agent.ft 1

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\16\7964b810-4182a553 Infected: Trojan-Downloader.Java.Agent.fu 1

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\16\7964b810-4182a553 Infected: Trojan-Downloader.Java.Agent.fv 1

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\19\60c7b913-249df4fa Infected: Trojan-Downloader.Java.Agent.ft 1

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\19\60c7b913-249df4fa Infected: Trojan-Downloader.Java.Agent.fu 1

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\19\60c7b913-249df4fa Infected: Trojan-Downloader.Java.Agent.fv 1

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\32\940f860-10708606 Infected: Trojan-Downloader.Java.Agent.ft 1

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\32\940f860-10708606 Infected: Trojan-Downloader.Java.Agent.fu 1

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\32\940f860-10708606 Infected: Trojan-Downloader.Java.Agent.fv 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\mouclass.sys.vir Infected: Virus.Win32.TDSS.b 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\vtxakhgg.sys.vir Infected: Rootkit.Win32.Bubnix.fu 1

C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\_vtxakhgg_.sys.zip Infected: Rootkit.Win32.Bubnix.fu 1

C:\Qoobox\Quarantine\[4]-Submit_2010-08-17_20.39.42.zip Infected: Rootkit.Win32.Bubnix.fu 1

C:\System Volume Information\_restore{0CB6C284-BE0B-43E8-9EB9-78F15D1EC52D}\RP17\A0018059.sys Infected: Virus.Win32.TDSS.b 1

C:\System Volume Information\_restore{0CB6C284-BE0B-43E8-9EB9-78F15D1EC52D}\RP18\A0018382.sys Infected: Rootkit.Win32.Bubnix.fu 1

F:\Downloads\PSP ISO Compressor 1.4.exe Infected: Trojan.Win32.BHO.aipj 1

Selected area has been scanned.

Link to post
Share on other sites

Everything has been uninstalled/deleted - thanks for your help. Everything is running great.

I wasn't able to get entirely clean with other antivirus programs, so I'd like to purchase Malwarebytes, would you happen to be able to supply a coupon code?

Thanks again,

-Zach

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.