Jump to content

google.com/webhp redirection, win32 crashing


Recommended Posts

Hello so I managed to infect my laptop with something and it wont budge :)

As the title says i get redirected to various sites when I search sometimes on google! google.com/webhp being one of them!

Also if I leave my laptop on for awhile win32 crashes and then I have to restart as like sound goes and some programs dont work!

I also had a problem where firefox would not open but I think that has been fixed!

I have run combofix altho sites say not too as I fixed a problem this way before so I thought i would try it.

Below is the dds log, I would give you the Gmer log but everytime I try it I either get a BSOD and it crashes or my laptop just locks up and I have to turn it off! Is there anything else I could try or a way to stop this happening!

I look foreward to your help :lol:

DDS (Ver_10-10-10.03) - NTFSx86

Run by User at 21:12:21.26 on 17/10/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.3069.2586 [GMT 1:00]

AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100916185020.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [sMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe

mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe

mRun: [bisonHK] c:\windows\bisoncam\BisonHK.exe

mRun: [DeLay] c:\windows\bisoncam\DeLay.exe

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotkey~1.lnk - c:\program files\hotkey_driver\HotKeyDriver.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab

DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\81r47x83.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2714965&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=

FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\81r47x83.default\extensions\{6458d48c-71d9-403f-933c-102eecb38b20}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\81r47x83.default\extensions\{6458d48c-71d9-403f-933c-102eecb38b20}\components\RadioWMPCore.dll

FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\81r47x83.default\extensions\{db9127a2-3381-41ec-82b3-1b6ed4c6f29a}\components\FlashGetXPI.dll

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-9-8 386712]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-9-8 84072]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-8 271480]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-8 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-8 271480]

R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-8 271480]

R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-9-8 171168]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-9-8 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-9-8 141792]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-9-8 55840]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-9-8 152992]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-9-8 312904]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-9-8 88544]

R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2010-9-7 288000]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-9-8 52104]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-9-8 88544]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-9-8 84264]

=============== Created Last 30 ================

2010-10-17 12:51:35 -------- d-sha-r- C:\cmdcons

2010-10-17 12:29:26 -------- d-----w- c:\program files\Trend Micro

2010-10-16 11:34:19 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-10-15 13:18:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2010-10-15 13:15:16 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL

2010-10-15 13:15:16 -------- d-----w- c:\program files\SpywareBlaster

2010-10-15 13:07:07 -------- d-----w- c:\docume~1\user\applic~1\Safer Networking

2010-10-15 13:06:58 -------- d-----w- c:\program files\Safer Networking

2010-10-15 11:57:51 -------- d-----w- c:\docume~1\user\applic~1\Malwarebytes

2010-10-15 11:57:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-15 11:57:41 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-10-15 11:57:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-15 11:57:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-10-14 17:17:29 388096 ----a-r- c:\docume~1\user\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2010-10-13 11:06:36 -------- d-----w- c:\windows\pss

2010-10-11 22:53:06 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys

2010-10-11 22:53:06 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys

2010-10-11 22:53:01 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys

2010-10-11 22:53:01 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys

2010-10-11 22:47:55 -------- d-----w- c:\docume~1\user\applic~1\.minecraft

2010-10-11 19:01:08 -------- d-----w- c:\docume~1\user\applic~1\NetMedia Providers

2010-10-07 19:56:18 -------- d-----w- c:\program files\VirtualDJ

2010-10-06 17:43:52 -------- d-----w- c:\docume~1\user\applic~1\FlashGet

2010-10-01 14:24:34 5632 ----a-w- c:\windows\system32\ptpusb.dll

2010-10-01 14:24:33 159232 ----a-w- c:\windows\system32\ptpusd.dll

2010-10-01 14:24:33 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys

2010-10-01 14:24:33 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2010-10-01 11:41:30 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2010-10-01 11:41:29 138056 ----a-w- c:\docume~1\user\applic~1\PnkBstrK.sys

2010-10-01 11:41:09 189248 ----a-w- c:\windows\system32\PnkBstrB.exe

2010-10-01 11:41:08 75064 ----a-w- c:\windows\system32\PnkBstrA.exe

2010-10-01 11:41:08 2427248 ----a-w- c:\windows\system32\pbsvc_heroes.exe

2010-10-01 11:36:22 -------- d-----w- c:\program files\EA Games

2010-10-01 01:10:42 -------- d-----w- c:\docume~1\user\locals~1\applic~1\Identities

2010-09-29 15:24:36 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2010-09-29 15:24:36 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2010-09-29 15:23:44 -------- d-----w- c:\program files\iPod

2010-09-29 15:23:41 -------- d-----w- c:\program files\iTunes

2010-09-29 15:23:41 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-09-29 15:22:57 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2010-09-29 15:22:57 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll

2010-09-29 15:22:35 -------- d-----w- c:\program files\Bonjour

2010-09-26 22:48:56 -------- d-----w- c:\docume~1\user\applic~1\DVDVideoSoftIEHelpers

2010-09-26 22:48:41 -------- d-----w- c:\program files\DVDVideoSoft

2010-09-26 22:48:41 -------- d-----w- c:\program files\common files\DVDVideoSoft

2010-09-26 14:42:09 -------- d-----r- c:\program files\Skype

2010-09-25 10:08:08 -------- d-----w- c:\program files\MSECache

2010-09-23 13:42:24 95672 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

==================== Find3M ====================

2010-10-16 11:33:58 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-09-08 10:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-09-08 10:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-09-07 12:52:13 315392 ----a-w- c:\windows\HideWin.exe

2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-12 08:00:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll

2010-08-12 04:07:46 133616 ------w- c:\windows\system32\pxafs.dll

2010-08-12 04:07:46 126448 ------w- c:\windows\system32\pxinsi64.exe

2010-08-12 04:07:46 123888 ------w- c:\windows\system32\pxcpyi64.exe

2010-07-27 17:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-07-27 17:44:10 75040 ----a-w- c:\windows\system32\jdns_sd.dll

2010-07-27 17:44:10 197920 ----a-w- c:\windows\system32\dnssdX.dll

2010-07-27 17:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe

2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll

============= FINISH: 21:13:48.07 ===============

Attach.zip

Link to post
Share on other sites

Welcome to MBAM :)

Download Combofix from this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .

Note:

Do not mouseclick combofix's window while it's running. That may cause it to stall

Link to post
Share on other sites

Combofix log :)

ComboFix 10-10-17.03 - User 18/10/2010 10:52:41.4.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.3069.2572 [GMT 1:00]

Running from: c:\documents and settings\User\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

* Resident AV is active

.

/wow section - STAGE 32A

((((((((((((((((((((((((( Files Created from 2010-09-18 to 2010-10-18 )))))))))))))))))))))))))))))))

.

2010-10-17 12:29 . 2010-10-17 12:29 -------- d-----w- c:\program files\Trend Micro

2010-10-16 11:34 . 2010-10-17 12:29 -------- d-----w- c:\program files\Common Files\Java

2010-10-16 11:34 . 2010-10-16 11:33 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-10-15 16:13 . 2010-10-17 12:29 -------- d-----w- c:\program files\Windows Live Safety Center

2010-10-15 13:18 . 2010-10-15 13:18 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-10-15 13:15 . 2010-10-15 13:15 -------- d-----w- c:\program files\SpywareBlaster

2010-10-15 13:15 . 2010-01-10 18:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL

2010-10-15 13:07 . 2010-10-15 13:07 -------- d-----w- c:\documents and settings\User\Application Data\Safer Networking

2010-10-15 13:06 . 2010-10-15 13:06 -------- d-----w- c:\program files\Safer Networking

2010-10-15 11:57 . 2010-10-15 11:57 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes

2010-10-15 11:57 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-15 11:57 . 2010-10-15 11:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-10-15 11:57 . 2010-10-17 12:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-10-15 11:57 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-14 17:17 . 2010-10-14 17:17 388096 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-10-13 16:29 . 2010-10-13 16:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2010-10-11 22:53 . 2001-08-17 12:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys

2010-10-11 22:53 . 2001-08-17 12:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys

2010-10-11 22:53 . 2008-04-13 23:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys

2010-10-11 22:53 . 2008-04-13 23:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys

2010-10-11 22:47 . 2010-10-11 22:48 -------- d-----w- c:\documents and settings\User\Application Data\.minecraft

2010-10-11 19:01 . 2010-10-11 19:01 -------- d-----w- c:\documents and settings\User\Application Data\NetMedia Providers

2010-10-09 20:23 . 2010-10-09 20:23 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple

2010-10-07 19:56 . 2010-10-07 19:59 -------- d-----w- c:\program files\VirtualDJ

2010-10-06 17:43 . 2010-10-06 17:43 -------- d-----w- c:\documents and settings\User\Application Data\FlashGet

2010-10-04 18:07 . 2010-10-04 18:07 -------- d-----w- c:\windows\Sun

2010-10-01 14:24 . 2001-08-17 21:36 5632 ----a-w- c:\windows\system32\ptpusb.dll

2010-10-01 14:24 . 2008-04-14 04:42 159232 ----a-w- c:\windows\system32\ptpusd.dll

2010-10-01 14:24 . 2008-04-13 23:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys

2010-10-01 14:24 . 2008-04-13 23:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2010-10-01 11:41 . 2010-10-01 11:41 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2010-10-01 11:41 . 2010-10-01 11:41 138056 ----a-w- c:\documents and settings\User\Application Data\PnkBstrK.sys

2010-10-01 11:41 . 2010-10-01 11:41 189248 ----a-w- c:\windows\system32\PnkBstrB.exe

2010-10-01 11:41 . 2010-10-01 11:41 75064 ----a-w- c:\windows\system32\PnkBstrA.exe

2010-10-01 11:41 . 2010-10-01 11:41 2427248 ----a-w- c:\windows\system32\pbsvc_heroes.exe

2010-10-01 11:36 . 2010-10-01 11:36 -------- d-----w- c:\program files\EA Games

2010-10-01 01:10 . 2010-10-01 01:10 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Identities

2010-09-30 02:00 . 2010-09-30 02:00 -------- d-sh--w- c:\documents and settings\Default User\IETldCache

2010-09-29 15:24 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2010-09-29 15:24 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2010-09-29 15:23 . 2010-09-29 15:23 -------- d-----w- c:\program files\iPod

2010-09-29 15:23 . 2010-09-29 15:24 -------- d-----w- c:\program files\iTunes

2010-09-29 15:23 . 2010-09-29 15:24 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-09-29 15:23 . 2010-09-29 15:23 -------- d-----w- c:\program files\Apple Software Update

2010-09-29 15:22 . 2010-04-19 19:47 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll

2010-09-29 15:22 . 2010-04-19 19:47 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2010-09-29 15:22 . 2010-09-29 15:22 -------- d-----w- c:\program files\Bonjour

2010-09-26 22:48 . 2010-09-26 22:48 -------- d-----w- c:\documents and settings\User\Application Data\DVDVideoSoftIEHelpers

2010-09-26 22:48 . 2010-09-26 22:48 -------- d-----w- c:\program files\Common Files\DVDVideoSoft

2010-09-26 22:48 . 2010-09-26 22:48 -------- d-----w- c:\program files\DVDVideoSoft

2010-09-26 14:43 . 2010-10-05 23:09 -------- d-----w- c:\documents and settings\User\Application Data\skypePM

2010-09-26 14:42 . 2010-10-05 23:23 -------- d-----w- c:\documents and settings\User\Application Data\Skype

2010-09-26 14:42 . 2010-09-26 14:42 -------- d-----w- c:\program files\Common Files\Skype

2010-09-26 14:42 . 2010-09-26 14:42 -------- d-----r- c:\program files\Skype

2010-09-26 14:42 . 2010-09-26 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2010-09-25 23:34 . 2010-09-29 15:23 -------- d-----w- c:\program files\Common Files\Apple

2010-09-25 23:34 . 2010-10-01 14:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2010-09-25 10:08 . 2010-09-25 10:08 -------- d-----w- c:\program files\MSECache

2010-09-23 13:42 . 2010-09-23 13:42 95672 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-24 13:57 . 2010-09-08 19:03 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys

[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-28 13529088]

"nwiz"="nwiz.exe" [2008-03-28 1626112]

"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]

"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-21 630784]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-17 102400]

"BisonHK"="c:\windows\BisonCam\BisonHK.exe" [2008-03-25 77824]

"DeLay"="c:\windows\BisonCam\DeLay.exe" [2008-03-11 53248]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-30 1193848]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HotKeyDriver.lnk - c:\program files\HotKey_Driver\HotKeyDriver.exe [2010-9-7 3641344]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Vuze\\Azureus.exe"=

"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [08/09/2010 20:03 84072]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [08/09/2010 20:03 271480]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [08/09/2010 20:03 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [08/09/2010 20:03 271480]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [08/09/2010 20:03 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [08/09/2010 20:03 141792]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [08/09/2010 20:03 55840]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [08/09/2010 20:03 312904]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [08/09/2010 20:03 88544]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [08/09/2010 20:03 88544]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [08/09/2010 20:03 84264]

S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [07/09/2010 13:59 288000]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

2010-10-16 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab

FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\81r47x83.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2714965&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=

FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\81r47x83.default\extensions\{6458d48c-71d9-403f-933c-102eecb38b20}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\81r47x83.default\extensions\{6458d48c-71d9-403f-933c-102eecb38b20}\components\RadioWMPCore.dll

FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\81r47x83.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashGetXPI.dll

FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll

FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AA94446]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28

\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8

\Driver\atapi -> atapi.sys @ 0xb9f37852

IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8

ParseProcedure -> ntkrnlpa.exe @ 0x805827e8

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8

ParseProcedure -> ntkrnlpa.exe @ 0x805827e8

NDIS: SiS191 Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9de6bb0

PacketIndicateHandler -> NDIS.sys @ 0xb9df3a21

SendHandler -> NDIS.sys @ 0xb9dd187b

user & kernel MBR OK

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1020)

c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(1080)

c:\windows\system32\WININET.dll

.

Completion time: 2010-10-18 11:05:02

ComboFix-quarantined-files.txt 2010-10-18 10:05

ComboFix2.txt 2010-10-17 19:45

Pre-Run: 206,786,686,976 bytes free

Post-Run: 206,836,535,296 bytes free

- - End Of File - - 3EBBEF7EF3A61D9D97D7F60A268C5923

Link to post
Share on other sites

  • Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, ensure Cure is selected (it should be by default)
  • Click Continue then click Reboot now
  • Once complete, a log will be produced at the root drive which is typically C:\
    For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt
  • Attach that log, please.

Link to post
Share on other sites

Quick thing do you prefer me to just copy logs into the forum or a zipped upload? I did both this time

2010/10/18 13:42:21.0953 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59

2010/10/18 13:42:21.0953 ================================================================================

2010/10/18 13:42:21.0953 SystemInfo:

2010/10/18 13:42:21.0953

2010/10/18 13:42:21.0953 OS Version: 5.1.2600 ServicePack: 3.0

2010/10/18 13:42:21.0953 Product type: Workstation

2010/10/18 13:42:21.0953 ComputerName: USER-3192482103

2010/10/18 13:42:21.0953 UserName: User

2010/10/18 13:42:21.0953 Windows directory: C:\WINDOWS

2010/10/18 13:42:21.0953 System windows directory: C:\WINDOWS

2010/10/18 13:42:21.0953 Processor architecture: Intel x86

2010/10/18 13:42:21.0953 Number of processors: 2

2010/10/18 13:42:21.0953 Page size: 0x1000

2010/10/18 13:42:21.0953 Boot type: Normal boot

2010/10/18 13:42:21.0953 ================================================================================

2010/10/18 13:42:22.0328 Initialize success

2010/10/18 13:42:24.0453 ================================================================================

2010/10/18 13:42:24.0453 Scan started

2010/10/18 13:42:24.0453 Mode: Manual;

2010/10/18 13:42:24.0453 ================================================================================

2010/10/18 13:42:25.0765 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/10/18 13:42:25.0781 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2010/10/18 13:42:25.0875 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/10/18 13:42:26.0000 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/10/18 13:42:26.0203 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/10/18 13:42:26.0265 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/10/18 13:42:26.0296 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/10/18 13:42:26.0359 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/10/18 13:42:26.0453 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/10/18 13:42:26.0593 Cam5607 (69cb08c024e009fc033c2df03e9c5791) C:\WINDOWS\system32\Drivers\BisonC07.sys

2010/10/18 13:42:27.0000 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/10/18 13:42:27.0031 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2010/10/18 13:42:27.0078 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/10/18 13:42:27.0125 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/10/18 13:42:27.0421 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/10/18 13:42:27.0578 cfwids (426ee59b25988bb3382fc0a3655deaa2) C:\WINDOWS\system32\drivers\cfwids.sys

2010/10/18 13:42:27.0765 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2010/10/18 13:42:27.0812 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2010/10/18 13:42:27.0937 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/10/18 13:42:28.0000 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/10/18 13:42:28.0125 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/10/18 13:42:28.0171 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/10/18 13:42:28.0234 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/10/18 13:42:28.0281 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/10/18 13:42:28.0343 EMSCR (960d07fd8a543df9db892845dcb414d3) C:\WINDOWS\system32\DRIVERS\EMS7SK.sys

2010/10/18 13:42:28.0531 ESDCR (7b3fe3c37fe7965b1b0edba4f13694eb) C:\WINDOWS\system32\DRIVERS\ESD7SK.sys

2010/10/18 13:42:28.0750 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/10/18 13:42:28.0812 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2010/10/18 13:42:28.0843 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/10/18 13:42:28.0875 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2010/10/18 13:42:28.0968 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2010/10/18 13:42:29.0062 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/10/18 13:42:29.0140 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/10/18 13:42:29.0203 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/10/18 13:42:29.0328 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/10/18 13:42:29.0406 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/10/18 13:42:29.0468 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/10/18 13:42:29.0546 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/10/18 13:42:29.0656 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/10/18 13:42:29.0750 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/10/18 13:42:30.0031 IntcAzAudAddService (b2957d6c1226f029230dac2c46d34286) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2010/10/18 13:42:30.0171 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/10/18 13:42:30.0218 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2010/10/18 13:42:30.0250 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/10/18 13:42:30.0265 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/10/18 13:42:30.0312 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/10/18 13:42:30.0421 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/10/18 13:42:30.0484 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/10/18 13:42:30.0515 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/10/18 13:42:30.0562 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/10/18 13:42:30.0734 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/10/18 13:42:30.0812 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/10/18 13:42:30.0953 mfeapfk (5bd0c401a8ee4a54f6176c0a10d595ae) C:\WINDOWS\system32\drivers\mfeapfk.sys

2010/10/18 13:42:31.0093 mfeavfk (f3bb4dc61b4dc662bdc778cf1634fae1) C:\WINDOWS\system32\drivers\mfeavfk.sys

2010/10/18 13:42:31.0218 mfebopk (b1498db38d129ed31650422fc8bab9c5) C:\WINDOWS\system32\drivers\mfebopk.sys

2010/10/18 13:42:31.0312 mfefirek (51e9ccea45c78858a229afb6e682cf41) C:\WINDOWS\system32\drivers\mfefirek.sys

2010/10/18 13:42:31.0421 mfehidk (32f7298664874715ce469a79078853c4) C:\WINDOWS\system32\drivers\mfehidk.sys

2010/10/18 13:42:31.0500 mfendisk (9d346b15bb3f4aa323784e2774b4e580) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

2010/10/18 13:42:31.0562 mfendiskmp (9d346b15bb3f4aa323784e2774b4e580) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

2010/10/18 13:42:31.0640 mferkdet (858337b64484cd80eee7d2eba5ac61bc) C:\WINDOWS\system32\drivers\mferkdet.sys

2010/10/18 13:42:31.0703 mfetdi2k (3363aca7b66bd6b37d0f5c148dc9d34b) C:\WINDOWS\system32\drivers\mfetdi2k.sys

2010/10/18 13:42:31.0796 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/10/18 13:42:31.0843 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/10/18 13:42:31.0875 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/10/18 13:42:32.0015 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/10/18 13:42:32.0062 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/10/18 13:42:32.0140 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/10/18 13:42:32.0218 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/10/18 13:42:32.0312 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/10/18 13:42:32.0359 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/10/18 13:42:32.0390 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/10/18 13:42:32.0406 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/10/18 13:42:32.0468 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/10/18 13:42:32.0500 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2010/10/18 13:42:32.0546 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/10/18 13:42:32.0656 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2010/10/18 13:42:32.0765 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/10/18 13:42:32.0796 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2010/10/18 13:42:32.0843 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/10/18 13:42:32.0906 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/10/18 13:42:32.0984 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/10/18 13:42:33.0015 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/10/18 13:42:33.0062 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/10/18 13:42:33.0125 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/10/18 13:42:33.0203 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/10/18 13:42:33.0296 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/10/18 13:42:33.0406 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/10/18 13:42:33.0671 nv (0e392f36d76560ac321e56714bef3aab) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/10/18 13:42:34.0062 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/10/18 13:42:34.0078 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/10/18 13:42:34.0125 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

2010/10/18 13:42:34.0187 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/10/18 13:42:34.0234 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/10/18 13:42:34.0328 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/10/18 13:42:34.0421 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/10/18 13:42:34.0468 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/10/18 13:42:34.0625 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/10/18 13:42:34.0656 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/10/18 13:42:34.0687 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/10/18 13:42:34.0734 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/10/18 13:42:34.0953 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/10/18 13:42:35.0015 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/10/18 13:42:35.0031 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/10/18 13:42:35.0062 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/10/18 13:42:35.0109 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/10/18 13:42:35.0156 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/10/18 13:42:35.0218 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/10/18 13:42:35.0343 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/10/18 13:42:35.0437 RTL8187B (b8a68977ab5c05990696fc0237fda96a) C:\WINDOWS\system32\DRIVERS\RTL8187B.sys

2010/10/18 13:42:35.0640 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

2010/10/18 13:42:35.0687 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/10/18 13:42:35.0781 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2010/10/18 13:42:35.0828 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/10/18 13:42:35.0906 SiSGbeXP (441b5b4f9f4a3c5d61af9c872d7b65b1) C:\WINDOWS\system32\DRIVERS\SiSGbeXP.sys

2010/10/18 13:42:36.0000 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2010/10/18 13:42:36.0125 smserial (d9bfd2298f5cf116d8eaae3b02dcee2e) C:\WINDOWS\system32\DRIVERS\smserial.sys

2010/10/18 13:42:36.0281 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/10/18 13:42:36.0421 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/10/18 13:42:36.0671 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/10/18 13:42:36.0812 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2010/10/18 13:42:36.0859 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/10/18 13:42:36.0921 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/10/18 13:42:37.0046 SynTP (bb9df7d1d39033b61ae5c431ea0003ea) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2010/10/18 13:42:37.0171 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/10/18 13:42:37.0281 Tcpip (4afb3b0919649f95c1964aa1fad27d73) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/10/18 13:42:37.0437 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/10/18 13:42:37.0500 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/10/18 13:42:37.0546 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/10/18 13:42:37.0609 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/10/18 13:42:37.0671 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/10/18 13:42:37.0781 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys

2010/10/18 13:42:37.0890 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/10/18 13:42:37.0921 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/10/18 13:42:37.0953 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/10/18 13:42:37.0968 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2010/10/18 13:42:38.0031 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/10/18 13:42:38.0109 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/10/18 13:42:38.0156 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

2010/10/18 13:42:38.0218 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/10/18 13:42:38.0281 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/10/18 13:42:38.0328 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/10/18 13:42:38.0421 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/10/18 13:42:38.0484 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2010/10/18 13:42:38.0531 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2010/10/18 13:42:38.0562 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/10/18 13:42:38.0609 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/10/18 13:42:38.0687 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)

2010/10/18 13:42:38.0703 ================================================================================

2010/10/18 13:42:38.0703 Scan finished

2010/10/18 13:42:38.0703 ================================================================================

2010/10/18 13:42:38.0703 Detected object count: 1

2010/10/18 13:42:51.0578 \HardDisk0\MBR - will be cured after reboot

2010/10/18 13:42:51.0578 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure

2010/10/18 13:42:54.0312 Deinitialize success

TDSSKiller.2.4.4.0_18.10.2010_13.42.21_log.zip

Link to post
Share on other sites

Good that came back clean.

How is everything running???

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.

Please be patient as this can take quite a long time to download.

  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases

    [*]Click on My Computer under the green Scan bar to the left to start the scan.

    [*]Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

    [*]Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.

    [*]Click View report... at the bottom.

    [*] Click the Save report... button.

    KasReport.png

    [*] Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

Link to post
Share on other sites

Just delete this file

C:\Documents and Settings\User\My Documents\Downloads\Knoll Light Factory Pro v2.5.2.rar

Go to Start ---> Run ---> Type ComboFix /uninstall and press Enter.

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Link to post
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.